Frequently asked questions

Plain-English answers about OT network monitoring, compliance, and how Kyntic works.

How does OT network security monitoring work?
An appliance connects to a network TAP or mirror port and watches all traffic without sending any packets of its own. Protocol-specific parsers for Modbus, DNP3, EtherNet/IP, and standard TCP/IP analyze every connection. When traffic matches a detection rule, an alert fires. You get visibility into unauthorized access, configuration changes, and anomalies, with zero risk to the industrial process.
What is passive network monitoring?
Watching traffic without generating any of your own. The monitoring port has no IP address and is physically incapable of sending packets into your network. In OT environments, even a single unexpected packet could disrupt a PLC or safety system, so passive is the only safe option.
How do you detect unauthorized Modbus writes?
We watch Modbus TCP traffic on port 502 for write function codes (5, 6, 15, 16, 22, 23) and compare the source IP against a learned baseline of authorized writers. During the initial learning period, the system records which devices normally issue writes. After that, any write from a new or unauthorized source triggers an immediate alert. This catches both external attackers and misconfigured internal systems.
What is NERC CIP compliance monitoring?
Automated collection of the evidence required by the North American Electric Reliability Corporation Critical Infrastructure Protection standards: continuous monitoring logs (CIP-007), electronic security perimeter access records (CIP-005), and configuration change documentation (CIP-010). Kyntic generates audit-ready packages you hand directly to your auditor. Penalties for non-compliance can reach $1M per day per violation.
Do I need to install software on my PLCs?
No. Nothing installs on any industrial device. The appliance connects to your network infrastructure, not to individual PLCs, RTUs, or HMIs. No firmware risk, no compatibility testing, no maintenance window.
Does it still work without internet?
Yes. Detection runs on the appliance itself, not in the cloud. Logs and alerts queue locally and ship automatically when connectivity returns. Many OT environments have intermittent or restricted internet, so this is essential.
What's the difference between IT and OT security?
IT security protects data: confidentiality, integrity, availability. OT security protects physical processes. An IT breach loses data; an OT breach can damage hardware, hurt people, or contaminate water supplies. OT also has to deal with legacy devices that can't be patched, protocols without authentication, and the absolute priority of operational availability.

See exactly what Kyntic delivers. A real sample compliance report.

View sample report