Xona Closes the Attack Window with New OT Active Defense
New capability integrates with OT Asset Visibility & Vulnerability Platforms to automatically enforce session controls the moment suspicious activity is detected
HANOVER, Md., March 17, 2026 /PRNewswire/ -- Xona Systems, the secure remote access platform for critical infrastructure, today introduced Active Defense, a new capability that enables organizations to stop threats during live remote access sessions in operational technology (OT) environments, automatically and without waiting for manual intervention. In many environments, the gap between detecting suspicious activity and stopping an active session can stretch from minutes to hours, leaving adversaries connected to operational systems while a response is coordinated. Active Defense closes that window.
Remote connectivity is now essential for operating and maintaining critical infrastructure across sectors, including energy, manufacturing, transportation, and water utilities. At the same time, remote access pathways are frequently targeted by attackers seeking to gain entry into operational environments. Recent advisories from CISA have highlighted nation-state actors specifically targeting remote access pathways into water, energy, and other critical infrastructure sectors, making the ability to act on detection signals in real time an operational necessity.
"Detection without enforcement leaves critical infrastructure exposed," said Raed Albuliwi, Chief Product Officer at Xona Systems. "Active Defense gives security teams the ability to act in the same moment a threat is identified, not after a manual process has run its course."
The capability integrates with OT Asset Visibility & Vulnerability Platforms, connecting OT detection signals directly to session-level enforcement through the Xona Secure Remote Access platform. When suspicious behavior is identified, detection events are correlated and evaluated against policy before enforcement actions are applied, including step-up authentication, session suspension, scoped access restrictions, or session termination.
The system also supports correlation-driven escalation, allowing multiple lower-severity events to combine into higher-severity enforcement decisions. By evaluating patterns, frequency, and recency of security events, organizations can apply proportional responses to suspicious activity while reducing the likelihood of false positives.
Unlike approaches that rely on network-level controls that can disrupt sensitive operational systems, Active Defense allows organizations to intervene through secure remote access session management while minimizing the risk of operational disruption.
Active Defense is available as part of the Xona Secure Remote Access platform, which supports deployments in on-premises and hybrid OT environments.
Xona will showcase Active Defense at the upcoming RSA Conference, where attendees can learn more about how organizations are strengthening defenses around remote access to critical infrastructure systems.
Resource Material
About Xona Systems
Xona Systems is the secure access platform built specifically for critical infrastructure, not adapted from IT security tools. Deployed across more than 40 countries in energy, utilities, manufacturing, and maritime sectors, the platform addresses what legacy VPNs and jump servers can't: centralized governance across distributed operations, resilient connectivity in degraded network conditions, and audit-ready evidence for regulators. Organizations trust Xona to secure operational technology and IT environments while meeting compliance requirements, including NERC CIP, IEC 62443, and TSA SD2. Headquartered in Hanover, Maryland. Learn more or request a demo at www.xonasystems.com.
Media Contact:
Danielle Ostrovsky
Hi-TouchPR
410-302-9459
SOURCE Xona Systems
Share this article