Name: The OT Resilience Blueprint: Protecting Industrial Operations from Cyberattacks and Downtime
Uploaded: 2026-05-04T21:22:07.499Z
Duration: 1 h 5 min 47 s
Description: The OT Resilience Blueprint: Protecting Industrial Operations from Cyberattacks and Downtime

Transcript for "The OT Resilience Blueprint: Protecting Industrial Operations from Cyberattacks and Downtime": Hello, everyone. Welcome to today's Acronis webinar, the OT resilience blueprint, protecting industrial operations from cyberattacks and downtime. So on the next slide, you will see my picture. I'm your host, Subur Rao. And please check out my LinkedIn profile if you would like to connect with me and know more about my background. It's my absolute great pleasure to introduce our session's distinguished speakers. So firstly, from Acronis, we have Ryan Davis, our senior director of the large end customer acquisition and OEM. I also have our very own JD Perham, solutions engineer, who will be sharing a demo with us and also helping us on the q and a section. And I'm also really honored to welcome our external, experts, Adam Gluck, who is the founder and CEO of COPIA Automation, and Mary Gannon, and she is the OT incident response lead at GuidePoint Security. And together, this group brings very deep expertise across several cybersecurity strategy, operational technology, incident response, and real world implementation. We are really excited to hear more about their insights and perspectives. So moving on, there'll be a short introductory presentation from myself on OT downtime. So this is the agenda that we have for today. Following which, we'll have a panel discussion wherein we'll, ask their, expertise from Adam and Mary. And then we'll have a quick demo, following which we'll have some time for q and a and wrap up. So let's carry on with my quick presentation, which is about the cost of downtime and why OT is the target for this and what are the common denominators of compliance. So double clicking and moving on forward, firstly, let me just quickly bring you what Acronis is. So if we look at Acronis, it was founded in Singapore in 2003, and we've had a headquarters in Switzerland since 2008. We have more than 1,800 employees in 60 plus countries, 50 plus data centers, which means we have a huge backbone in 35 countries. And we do support our partners in 26 languages. That's given us a huge partner base, which is more than 21,000 partners, and we look after 750,000 end customers. And, our mission is very simple. So it's protect, manage, and automate all small and medium IT deployments. So what makes us different is that, we have backup, security, disaster recovery, endpoint protection, data security, lots of, features and functionality sort of, joined up into one single unified platform. So that's what makes us stand out and especially resonate very well in this OT industry. So if we go forward a little bit, I would like to talk about what the OT landscape looks like in 2026. What are the threats and trends? Some of the items you probably would have already seen in the press and the news, but I just quickly wanted to highlight three important points. So one, we can see that the IT, OT convergence that peep people have been saying for many, many years is absolutely real. We see a lot of ransomware, which were predominantly aimed at the IT environment, is moving more towards the OT side of things. And then because they have a lot of legacy systems with, older, versions and software and air gap air gap environments, which does not have the latest and greatest of the signatures, it is more vulnerable for attacks. And, of course, we also know that the operational failures and the human misconfigurations, the hardware failure, and the environmental factors, that all makes OT, really vulnerable. And these are the things that we've been seeing in 2026. And if we look forward, let's also see what did we learn from last year. And there were some, quite prominent events that happened last year. So one being, JLR, Jaguar Land Rover. They had, around about half 1,000,000,000 of bankruptcy and laws for a cybersecurity incident. Similarly, on the aviation sector, we saw 90% of Heathrow flights getting canceled, and 200,000,000 health records were stolen from the health care industry. So we can see that when a damage or an outage happens, it's across many different verticals and sectors, and the impact is really profound touching people's lives. And going forward again, why OT? Why does it target OT? And the answer is getting more obvious nowadays. So attackers are swapping credit cards for something that gives them immediate leverage. So it's much easier for them to be able to request a ransom or, hold people accountable when there is, real world damage where the conveyor belts stop, when the robotic arms stop moving, when the manufacturing industry comes to an old. So that gives them the leverage and the high value stoppage, which makes OT a very lucrative sort of vertical to look at and target. So what is the solution? This tells us that cyber resilience could be a solution. So this defines cyber resilience as the ability to be able to anticipate, withstand, recover from, adapt to, and, adverse conditions, stresses, and attacks on systems. So what does it really mean? On the next slide, we can see that, there is a subtle difference between cybersecurity and cyber resilience. What does it mean? So anything that happens up until an attack or compromise is all cybersecurity measures. So things that you would do like protect, detect, mitigate, all of that are cybersecurity controls. And things that would start from a compromise onwards so let's say the inevitable happens and the system's been affected. How do we bring it back to life? How do we bring it back to normalcy? So that's where things like adapt, recover, bouncing back. So that would be cyber resilient. So it's a balance of a fine balance of having proactive defense as well as what do you do reactively once an event has been happened. So that's the the distinguishing sort of factor between cybersecurity and cyber resilience. And on the next slide, you'll actually see that there are some KPIs that we should be looking at. So RPOs and RPOs are, quite, common ones that's been used in the industry for several years. So RPO is the recovery time objective. It tells you how quickly that the system needs to be restored. And, again, it depends on the industry. It depends on the criticality of your environment. So some environment could be five days, some could be five months, some could be five minutes. And, similarly, recovery point objective. So if a server goes down, how much of a data loss are you happy to take? Do you want a backup that was done five seconds ago or five days ago or five minutes ago? So these are some of the common known industry KPIs. But what we also want to sort of advise from Acronis is that there are things like MTCR, Mean Time to Clean Recovery. RTO does not ensure operational readiness or business continuity. Yes. We have a backup and we've restored it, but does it really guarantee that your services can continue and operate? And that's where not just any recovery, clean recovery becomes really important. Similarly, MTD, maximum tolerable disruption. How much of a hit or an impact can your business take and still be able to operate? So a more cyber resilient architecture means that you've got, a better robust environment, which will still be able to operate despite the attacks. All of this comes into a visual picture. So we've got two graphs here. The one on the top tells us blue is the normal operations, and when an incident happens, the the length of the red line tells you how long it takes for you to be able to absorb that attack. And the curvature tells us how long it takes for your resilient architecture to be able to recover and bounce back to normalcy. So the aspiration for any organization should be to reduce this curve and make sure that it's smaller, sharper, and snappier so that it can quickly bounce back to, resuming your operations. Moving forward, I also want to touch upon the fundamentals of, cybersecurity, which is the CIA triad, confidentiality, integrity, and availability. I'm sure a lot of you are familiar with this, but we also need to add an element of safety when it comes to, the OT industry. So if it's an oil and gas industry or if it is a health care, safety is absolutely paramount. Moving forward, I quickly want to touch upon the compliance landscape, the fine print, the one that scares us all. What we see here is that compliance can be overwhelming, and it also depends on the geography. It depends on the vertical. It depends on the size. So no two companies will go through the same compliance, procedure to get certified. So an organization with 50,000 employees will have a completely different rule set as opposed to an organization with 500,000 employees. So it's a personalized journey for you to be, able to get certified, with, with with any compliance requirement. And I would sort of broadly classify that as two compliance sectors. So one is the sort of nonmandated voluntary ones, like the ISO certifications or, let's say, the the NERP certifications. Some of them are not enforced. But on the other side, you have the mandatory ones. Like, in The UK, there is GDPR. There is DORA, like, the Operational Resilience Act or CRA or NIST two. And I think of it as a a seat belt analogy. So when initially, seat belts were not, fully understood and the efficacy of it forty years ago, it was more sort of advisory. But right now, every country in the world mandates that you wear a seat belt. Similarly, compliance, what seems to be an advisory mechanism, is soon going to be mandatory, and we're already seeing that in the Europe. So what do we do about that? So on the next slide, what we want to show you is that there are some common themes, the common denominators across these compliance requirements. For example, the evidence preservation and immutability, the ability to be able to make accountable audit control changes. And are you able to do incident investigation? Are you able to reconstruct the incident and provide the chain of truth or the chain of custody or evidentiary proof when the authorities demand for it? Is your environment, does it have operational resilience and business continuity? Does it have controlled access? So these are some of the themes that sort of, echoes, and it's, it's common between different compliances. So what Acronis would like to suggest is that we are not a GRC platform, but some of the controls and the features that comes natively with Acronis sets you up for success. So it gives you this good base posture security mechanism from which it's easier for you to be able to sort of chase individual certifications. I would like to touch upon this, Purdue model. As we can see here, it starts from layer zero all the way up to level five. So level zero is where you've got the sensors and actuators. Level one is PLCs, RTUs. And it's extremely important that the security is sort of looked at from the absolute basic level all the way to the top. And you have the IT on the very top. And, again, here is where it becomes really interesting that we've brought our, technology partner here, Copia, who are experts in making sure that when you do your source code, when you do your source logic, it is secure from day one. So that's the zero and one levels of the model. Whereas Acronis is is fantastic in PC based backups and disaster recovery and endpoint protection. So that starts from level two onwards. And GuidePoint Security, our integration partner, they have expertise in putting them all together, bringing them to reality, and the governance of it, which I'm sure Mary will cover in detail in the subsequent presentation. Here, we present to you the blueprint for OT security and resilience. You have copia for the source code and the PLC logic layer, Acronis for SCADA, HMI sort of supervisory layer systems, and guide point, which brings it all to reality with its integration and governance capabilities. And now I would like to open up the stage for, the panel discussion. So let me begin with, Adam. Adam, thank you very much for being with us. I would recommend Adam and Ryan to open up their cameras. Adam, tell us more about yourself and tell us more about, Copia. Yeah. Thank you so much for having us. We're really excited about this discussion, and it's great to work with with some of our partners and and talk about, you know, everything that's going on right now. You gave you gave a great summary of Gopi already. So, but, you know, I'd say the core of our business today is backup and disaster recovery for industrial control systems at at level zero and level one, looking at PLCs and sensors and the code that runs critical production environments. And so if anyone takes anything away from this webinar, that that's probably where you're gonna call us in. Where we see, you know, kind of the the puck going in the space is towards what we've called in the past industrial DevOps, and now we call industrial code life cycle management, which is beyond backup and SaaS recovery. How do you manage the code and configuration at that level? What are your global processes in order to scale your controls teams? Looking at stuff like, obviously, like AI code generation and and that sort of thing, but also looking at practices that have been missing, like CICD and and all those sorts of pieces as well. So we kinda extend out from there, but core 80% of what we're doing these days is is backup and disaster recovery and then helping teams kinda scale up from there. Sure. And can you also help me understand a bit about, when people think of OD resilience from the conversations that I have, predominantly, it's more sort of recovering servers and wake workstations. So from COPIA's perspective, what happens or what are the implications of losing the PLC logic in itself? If it's corrupted, if it's changed unexpectedly, if somebody, has access to it and and are able to manipulate that, what are the implications? Yeah. And I think for the people in this audience, I'm sure there's some people who are more comfortable on the IT ish side, more people on the OT ish side. I mean, the core of the logic of a production environment is often called ladder logic or, you know, these these different programming environments, and you're probably familiar with big names, Siemens and Rockwell and and Schneider and, you know, all those sorts of vendors that are sitting out there. That code is the actual logic of your production industrial environment. If that code gets wiped out, and I went to a a a briefing briefing somewhat recently where people were talking about the most common way these get attacked is to wipe the code. Ideally, people would like to manipulate it, but they'll often wipe the code or or lock you out. It shuts down your production department entirely. Right? Because that's actually the the literal process logic, that's executing on those machines. So it's a critical vulnerability in that way. And we see in a lot of environments, most of that isn't backed up, in any sort of, consistent or or coherent sort of way. Yeah. It brings me back to, one of the conversations that I had. So when I initially wanted to learn about PLCs, what do what do they even mean? And I was asking my, sort of expert friends to explain it to me in absolute, simplest of terms. And they said, look. Have you seen those two way switches? So the ones that you can operate from, I don't know, from the top of your, staircase and also from the bottom. And if you get that logic wrong, it's it's going to annoy you. That's how important that PLC logic is. So it starts from, like, at your home. So imagine getting that wrong in an industrial scale. So, I think the effects are gonna be ginormous in that sense. Right? Yeah. Yeah. They're huge. I mean, if you just wipe the code, you just shut down production, but you can also manipulate the code in ways to cause even worse problems. You know, in certain environments, you can imagine, like, in fields like oil and gas and that sort of thing. You can create an explosive asset, right, if you want to do that. So, you can do ransomware attacks. You can do whatever at that layer, but it really is the the logic of, hey. Imagine assembly line. Something needs to say how fast that should be moving. That's the PLC logic. It's like that level of critical. All of that lives in code that sits very low in the stack that a lot of people just don't even have visibility of, especially if they're coming from the IT into the OT layer. They might not even realize that these things exist at all, we see sometimes. So you might only think about the servers and the the level two and three stuff and the supervisory layer that you all were chatting about. Sure. Can I also ask you about the change control? How important is it? Because I know that source codes are, you know, often, updated, in, you know, periodically, I I should say. And, again, change control is is one of the important pillars when it comes to software development life cycle. Does COPIA play into this? Do you ensure that this is, sort of executed properly? Yeah. And I'd say, you know, look at this through two lenses. One is in highly distributed environments where you maybe have a 100 industrial sites, with all different people, that work at them. Maybe some of those are are via acquisition came into the business. Sometimes they're you're working with contractors. Getting a really tight change control process is often an operational challenge. And so one thing we see is backup becomes really critical in those environments because the training and actually building a process at a global scale is a big challenge. And so we came in with, hey. Let's have a good change control process. That was kind of the core thrust of our business initially, but everyone's like, that's so hard to get in place. Let's just get good backups, which is, I think, why we're here and having that conversation. I'd say that's a good entry point for everyone. It's just, like, get backups, and that also gives you more visibility into these environments because you can see what changed. I'd say that's a critical step. Once that's done, we see people often identify critical processes that they want change control. So if you're producing meat and you need to be heated to a certain temperature, otherwise, people get sick, you might wanna have a change control process. You can't change the temperature and the production process without some sort of approval. That makes a lot of sense. That's almost always a step two, but often a critical step is to then identify processes that you want change control around. And then three would be a more generalized change control process. But I'd say in almost all these environments, given their distributed nature of OT, it's not as clean as a software engineering. You know, the team operates and runs the code that they're also writing. Starting with more distributed governance and controls is probably a critical first step, and I think that's why it becomes so bullish on on on backup and disaster recovery as kind of an initial thrust for these teams. Sure. Thank you. And I think this was this was, really, sort of eye opening for me. Let me ask Ryan. Ryan, how do you see this from an Acronis perspective? So, I know that we have a lot of focus and emphasis on level two to five onwards, but you've got lots and lots of field expertise. You've spoken to the industry leaders in this sector. This joint proposition looking at Purdue models all the way from level zero to level five, is that the right way to look at it? Well, yeah. And and, you know, what's I've been a big proponent of kind of holistic solutions for the OT space for a long time. I mean, the the classic view of it is, you know, you have firewalls at level three dot five and OT is below it and IT is above it. Right? So there's kind of a dividing line there. And as the convergence happens, it it starts to blend. But, you know, ultimately, regulatory compliance is driving a lot of attention in this space. Right? You're talking about NIS too came into enforcement and then there's a variety of other geographic, you know, regulations that are being driven at the government level that is causing organizations to kind of unpack this. And what we're seeing, you know, Acronis has been a leader in the kind of DCS, SCADA, the supervisory control system space for some time. We're seeing organizations Adam talked about meat packing, you know, food and beverage. Sometimes the the data protection piece and backup and restore wasn't the biggest focus. Whereas now as they're doing critical industries, they're kind of starting to look at that entire environment. And it's not just level zero, level one when you're talking about the ladder logic. It's also the supervisory. And so customers are coming to us asking how do we address this? How can we have a holistic approach where we solve this problem across the board? Right? And so, you know, we've explored and identified different technology solutions, you know, Copia, great solution from the the lower level of Acronis is very entrenched at the upper level and then trying to bring partners like GuidePoint Security who can bring it all together, you know, not just in terms of integrating the technology, but also best practices. You know, Adam talked about it's really, really hard to implement these, like, change controls because it's not just the technology. It's also processes and training people and getting people to to fall in line. And so having partners that can deliver that training, deliver that education, act as remote hands in some cases is really, really important. So, we're starting to see, organizations look at this less reactively, which is a more newer development. Historically, whether it was security, whether it was business continuity, it was reactive, it was driven by an event. Right? So they'd look at point solutions, tactical solutions, and whether it's the regulatory environment or you start looking at the the the big picture events that are happening. You know, peep we already forgot about Jaguar Land Rover. Right? Because Stryker got hacked by, an organization purportedly that's affiliated with the Iranian government. Right? And so these large scale events are happening with such frequency that organizations are starting to take a big picture view of how they can wrap their arms around these environments. And, you know, solutions like Acronis, which provide very broad coverage of the supervisory label, legacy systems to modern systems, you know, multi vendor support. But then that leaves the lower level and and this is where partnerships with organizations like Copia as well as our partners like integrators like GuidePoint Security can help us solve the problem, you know, in a big picture view for our customers, which is what we're seeing. Got it. Okay. That's really helpful. I'm gonna just wear the customer's hat for a moment. So let's say I'm, an OD manager, and if I come out without much of a background as to what these vendors do, For me, yes, of course, I want to be absolutely secure and safe and, make sure that I don't have any outages and reduce my downtime. But at the same time, I want something easy. I wanna I wanna make my life easier. So operational simplicity is really, really important for me. Your technology sounds great, but, for my engineer who's on-site with minimal OT training, how can I convince him that this is the right technology? What tools or mechanism do you guys have to make it easier for somebody to, take up this? Yeah. Adam, if you wanna take that, you can. Otherwise, I can jump in from an Acronis perspective first. Yeah. Why don't you go, from an Acronis perspective first and I can jump in because I have some some thoughts on this as well. So Yeah. Absolutely. So, I mean, the the best answer is there's not really a a a just a pure easy button to to in response to that question. Right? Well, I've always kinda talked to in terms of addressing these sort of challenges. It's people, processes, and technology. Right? You have to have all three kind of in alignment. Now from a technology perspective, you're gonna wanna look for tools that are are best attuned to these sort of environments. Right? It's not the silver bullet that solves it, but, you know, Acronis being in data protection space for many, many years and now moving into cyber resilience, you know, from a holistic cybersecurity and business continuity perspective. We have competitors that are very, very powerful tools, very effective tools, but they're built for the data center. They're built for kind of an enterprise IT administrator years of experience environment. So the interfaces are built with that sort of complexity to enable that kind of power. Right? So at Kronos, we try to build very, very powerful technologies, but an intuitive easy to use interface. Right? So years ago, I I used to speak to it like consumer grade interface, enter grade, enterprise class capabilities. And so you're gonna want to identify tools that have the right usability that are are are going to fit for the audience that is supposed to interact with them. Right? And so if you have, like, process control engineers or electrical engineers, very, very common for many years, were our primary points of contact. You're gonna wanna give them a tool that that does not overwhelm them with complexity that they don't actually use it. Right? And so so that would be kind of the first piece. Adam, I'll turn it over to you if you wanna kind of expand on that. Yeah. I definitely echo that. Usability is really critical of that layer, and I'd say mostly it's people are really busy. I mean, if you look at a shift structure like a ten ten four where people are working ten hour shifts and they have a lot of work to do during that time, like, is there priority learning your tool? You know what I mean? Or does this just feel like another thing? So having some empathy for the jobs and roles of people, who are working at the plant level and and what's involved in that your thing might not be the most critical thing on their their docket in a given day, I think it's critical. But the other thing I'd say, you know, the the the next piece of that was what do you do is actually engaging with those stakeholders, you know, effectively throughout even the early adoption and purchasing and piloting process and soliciting feedback because those people are really busy. We see sometimes teams come in and say, hey. And this gets into where IT and OT teams can kinda butt head sometimes in organizations and say, hey. We need to do this. We're just gonna make them too. We're gonna shove it down their throat, and they don't engage with them properly. And that becomes really toxic. What I find especially for backup and disaster recovery tools is actually engineering teams really like those solutions because they also have an operational use case. It's not purely cybersecurity. So they break something in their environment. They need to bring things online. Again, that's kind of their key key key metric, internally, is, like, just keep keep it running, sustain the environment. And so actually pointing to those operational use cases on top of the cyber use cases and showing how this can be useful for their jobs actually gets a lot of buy in on the engineering side. And we often see, at least in our sales process, that engineering becomes another stakeholder for us, and that actually drives not only the sales process, but also the adoption in the organization. So I think especially when it looks at comes to backup and disaster recovery, if you're an IT team that's been trying to get OT to do stuff for a while, you might come in and be like, wow. Actually, back to the disaster recovery is something they want to do. Because, actually, they need to get things back online when they break. That's kinda key part of their job. And showing that benefit and engaging and showing how it actually impacts their workflows and makes their life easier, I think, will go a long way, towards driving driving more benefit in the organization, getting the right stakeholders. And, actually, part of, again, why I'm really bullish about backup and disaster recovery and resilience practices because they really solve big operational problems. And that's actually where we came from originally as engineering side, not just cyber problems as well. And I think recognizing both those use cases kinda drives the value and and adoption, and retention in the organization. Super. That's really helpful. So you gave us a a good understanding of what happens if you don't do that. And, you know, looking at both sides of the equation definitely, I think, throws in a lot of light. Let me slightly shift focus and, can I please request Mary to give us a little introduction about GuidePoint Security and how do you bring all of this into action? And I know GRC is a really big term, and, I believe GuidePoint Security is absolutely phenomenal in governance, risk, and compliance, and and bringing this all, in place. So, please, if you could introduce us, towards you, that'll be fantastic. Awesome. Thank you. Hi, everyone. I'm Mary. I'm the OT and student response lead at GuidePoint Security. GuidePoint is a company that focuses solely on cybersecurity and is primarily a VAR, which is a value added reseller, which means you can buy the tools directly from through GuidePoint, and we also have services teams. So we've got an OT team that specializes solely in OT services. And so any OT tool you can imagine, you can buy through GuidePoint and then get start to finish coverage, get it implemented, deployed, and also managed through our team. We also do other services, such as the proactive and reactive instant response services, threat hunting, architecture views, and so on. Super. Mary, am I, right in saying that you guys are based in The US? Or is that, Yes. Okay. That is correct. Fantastic. And your specialty is around incident response planning. Is that right? Yes. It is indeed. Do you wanna just tell us a bit more about how important incident response planning is? Because we are speaking about cyber resilience a lot, and, IRP is, is an important piece, when things go south. And if I know organizations which struggle then they don't have a a proper incident response plan, and trying to scramble and and put together, at the last minute normally doesn't work. So what do you guys do, and how do you help organizations put together a solid robust IRP? Great question. So like you said, you absolutely do not want to start building an instant response plan when an incident occurs. You wanna have that documentation ahead of time so that you can follow it as your guidance for what to do when an incident happens. So the way our team works is we will actually meet with stakeholders, not just on the corporate and IT side, but also on the site and operation side and identify the critical players. Who do you want involved in this incident response process within your organization? And once those key players have been identified, then assign them roles within that incident response plan. So the best way to do that is to use an existing structure like the NIMS instant command system, which clearly defines roles, responsibilities, and reporting structure. And then from there, you wanna start building out those escalation workflows and decision matrices, Who does what? Who makes the decision? If a site needs to isolate an asset or a process or even isolate the site, who's the one to actually make that decision? You want those identified ahead of an actual incident. Super. I think that's a really useful exercise. You learn a more you know, a lot about your own organization and, things that you have not seen before, comes into focus, I guess. And, Mary, you'll also have a presentation after the demo, so we are looking forward for that, presentation. Going back to Ryan and Adam, the other thing that we all notice is the legacy systems. And, you know, there's poor inclination in the OD environment for, you know, the the people to have their latest and greatest of software. And, again, as long as it's working, please don't touch it. That's the that's the mantra. So for people like that, with legacy systems, what's your take on that? Are we is is OT organization still okay in running legacy systems? Is it is it doable, or are you strongly, opposed to that? I mean, yeah, I'll jump in real quick, Ryan, if if you want me to. But, yeah, if your strategy for deployment in these environments is you have to upgrade 30 year old controllers to modern controllers, your project's dead on arrival. So I'd say, like, one of the big benefits of our platform at Kronos is, like, you can support a huge amount of legacy, in these environments, and and that's really for the vendor side, I think, par for the course, like, you need to be able to support a wide variety of devices in these environments. I'd say if you're an IT person coming, like, why don't you just upgrade these PLCs? Like, you've you've already failed at your role, so you're not gonna have a successful rollout. That's just the reality in these environments. And, one kinda common thread in OT is to say IT breaks more things than they fix. You know? So most they blame a lot of their outages on the IT side. So just being aware of that coming in. And and the reality is these are legacy devices, but if they're not broke, don't fix them. It's expensive to change these things, and uptime is really critical in these environments back to operational benefit. They don't wanna take things down just to reprogram a system that's been working for thirty years, and I would I wouldn't recommend that as an approach. Yeah. Absolutely. And, I mean, ultimately, the what I always recommend is don't let perfect be the enemy of good. Right? Like, I feel like Acronis supports the largest set of supervisory control systems on the planet from going back to XP and server 2,003 and having validation by all the ABDs and Yokogawa's and and Honeywell's and Eversense of the world. But, you know, even then, I've been on sites and people, hey. Do you support OpenVMS? Right? And I had to look you up what it was at the time. Right? And, like, OpenVMS doesn't even support it anymore. So there's always gonna be those one offs within OT. And to Adam's point, nobody is going to completely upgrade these ancient controllers that might be attached to super expensive robot just so you can put in your modern cyber product. Right? What what you're gonna wanna look for is you're gonna wanna look for technologies and solutions that solve as many problems as possible. Reduce the number of really, really hard problems, and then you can build compensating controls for those scenarios that you can't find the right technology solution for. Right? But if if you're if you're not identifying the technologies that solve more of those problems, you create a larger volume of one off solutions that you have to address. Yeah. And I I do wanna double click real quick on that. We see mature evaluators recognizing there's gonna be some percentage of manual process in place for hyper legacy systems. Evaluators, I think, are less mature of these products in general go, hey. How many devices do you cover on automated? That's the the right vendor or not. There's other factors to bring into play, but you do need to have good coverage, typically. But the technology exists. There are vendors out there that can back up these legacy devices, so so it's not like you're stuck. You know? Okay. There is hope if you're really desperate. Great. Okay. I I can't help but ask this question. I really have to add them. Cloud mitos. So all these latest tools that looks shinier, sharpen, and also scarier, it seems to be, you know, this one tool that can look for vulnerabilities across different source codes. How concerned are COPIA? You mean, like, a mythos or, like, AI? That sort of stuff? I mean, the reality is, like, I think we're moving into, like, an AI fights AI world. I'm not the first person to say that. I'm in the complete median of people saying that right now. So, you know, there's more and more of that sort of stuff that's gonna happen. But the reality is, I think, when you're looking at these sets of solutions, I do think having backups off prem is important, in general. And you can see, for example, the TSA regulation for pipeline offer operators requires off prem and offline backups. So kinda like you you kinda need both so that, you know, if you're attacked, you can shut down your network. You should have your backups offline that are are stable. You can restore state. You also need off prem. Because if you think about it, if you're storing all your backups on prem, you know, you can run into some challenges there as well. So I do think that cloud and off prem is a part of a good backup and disaster pro disaster program, you know, as it is today. Will AI make it so we wanna put everything, you know, you know, on prem and and air gapped? I don't know. We'll we'll see. I I kinda suspect that's not where where things will ultimately go. There's a Star Trek episode, hilariously. I don't know where they got this, where they have to go hack these servers, in, like, a data room somewhere, and they're like air gapped, a primitive but effective cybersecurity tool. And I I love that framing. It's like, yeah, air gapping is primitive but effective, but you also run into all the challenges of, like, is it that much more secure to have a USB stick sitting on a desk, you know, than it is to to have, you know, redundant backup across multiple systems? Do you trust your on prem security? Can people get in there? You know, all of that becomes kind of questions. And then also just, like, if it's not an on prem server and you get into that network, like, you're running into issues. And then also in these environments is worth calling out. Sometimes your plant, like, actually might catch fire or something. We have people that's we actually not had a us when evaluators went with an on prem solution, then they had a major plant fire that caused, like, a huge revenue loss for their business and, like, sucks all their backups for on prem. You know? And so you look at some of that stuff where you're, like, actually, on prem has its challenges, I'd say. So I don't know if that fully answers your question, but I would say I think there's definitely a space within a cyber posture and the right situations for off prem and and cloud and and on prem within a data center, you know, as opposed to on prem at a site. You know, all of that's something you ultimately have to evaluate based off your cybersecurity posture. Correct. Oh, absolutely. Totally agree. Then that's that's, useful coverage of how to look at things. Guys, look, I would love to chat away with all of you, preferably one hour with all of you, like but, again, just cautious of time. Let's wrap this up and quickly look at the demos that, the team have prep prepared for us. Hey, everyone. Thanks for taking the time with us today. I'm gonna run you through a quick overview of Acronis Cyber Protect, what we can and can't do with the platform, and how we're gonna be able to help support you with these older operating systems that may no longer have support from the manufacturer, such as, Windows 10 is just dying. Or we all know that there's older systems out there in the world like Windows seven and Windows XP, which we still fully support. So a quick dashboard overview. Right? You can see here our local console is gonna tell you exactly what's going on in the environment, how what your status is on your different devices, what your activity history trending looks like. These are all customizable widgets, so you can come in here and modify them, move them around, make them as you as you see fit. Getting started with the platform, if we come underneath our devices menu here, we're gonna see all the different devices that we're protecting with Acronis Cyber Protect inside of our console here. One thing to remember when you're using our product is our consoles are contextual, meaning that it's only going to show you things that you've added to the environment. So getting started with adding devices is really straightforward. I can come underneath and say add. Is gonna give me a list of all the different platforms that we support. You may notice we just say, like, get Windows because as I mentioned, we still go all the way back to Windows XP service pack one, all the way current through Windows 11. So anything you might have in your environment, we're gonna be able to help protect. You can see there's other virtualization platforms that we support here as well. Once you have your devices installed or the agents installed on the devices, I can actually come over and look at a specific machine. So for example, this is a Windows 10 machine that I have. If I look at the details on it here, it's gonna tell me what IP address range, what agents are installed on it, what version of Windows is inside of there. Creating a protection plan is how we start with our backup and restore and other protection options that we have. So I can see here there's protect for the individual machine, or we do offer you the capability of doing these plans on a group basis. So you can create groups within the platform to kinda keep yourself organized. And if we slide in on a protection plan here, it's gonna load what we've already got applied to the machine. You can have as many protection plans as needed on a machine itself. So most folks run with one, but say you had a situation where you needed to do a more frequent file file level backup of, say, database. You could have two different plans with two different schedules on them to to facilitate that. Starting with the backup option, if I come underneath this, you know, it's a I like to say it's about four steps. What are we backing up? Where are we backing it up to? How frequently? And then how many of them do I wanna keep? In this plan, I'm actually doing replication to a secondary location as well. You can go up to five different locations instead of a single protection plan. This gives you real ease of being able to go through and and have a three two ones of backups. Right? Your off-site backups can be built directly into this, or alternatively, we have other ways of doing replication of the plan itself. So once I have these plans kinda sorted out here, you can see we also go into our antivirus, anti malware, which we do still fully support. This is both definition and, heuristics based. You can kinda see there's individual controls for each one of those, including when you're gonna be running your your full scans or your quick scans. We can kinda see our behavioral engine is turned on to to quarantine. So let's define something on a device, it'll automatically put it into the quarantine. Going further down the line, we offer a URL filter in grant that's done at the DNS level. So we're intercepting the DNS request from the machines. Vulnerability assessment, we can look at both first party and third party applications and check to see if there's any known vulnerabilities against them. So that way you can plan your your patch windows better. Patch management as well, and then our data protection map that allows us to look at specific extensions on the device to make sure that we're capturing everything that we need inside of a backup. Backups also can be ran ad hoc. So you may have noticed it as I hover over here, a play button pops up now or I've got my run now here. So if I needed to say, trigger a backup before we go into maintenance on a machine, I can actually come in and just hit run now. The way we're designed is our agents do all of the work. So what we're waiting for right now is that agent to check back in. The management layer would then say, hey, agent. I need you to run this task. Once that kicks off, we'll actually see it here in the activity. So we're gonna keep a a running audit trail of everything that's happening within the entire environment. So you can kinda see here there's that plan kicking up. I can come down and look for, like, example, the plan that ran this morning. I could see it ran at 5AM. Only took a little bit of time. If I actually look into it, I can see how much data it actually processed. So this is bytes process is what we saw in the device that has changed. Bytes saved is what we've saved after we've done our compression and remove files that can easily be recreated by the operating system. Kicking over to a recovery. The there's a lots of different ways on a recovery that we can we can help you out with. The most common, right, is if I needed to just pull something off of this machine. If it's online, I can actually come in here and hit recovery. Here's a list of all my storage locations that this has had backups in. There's that backup we saw. I'll take it today. I can come in and say let's recover the entire machine or files and folders. I also have the capability of doing run as a VM here. So we can take a physical machine and convert it into virtual, or we can take a virtual machine and convert it back to physical. We can go to completely disempowered hardware as well. So this run as a VM is is kind of a we call it instant restore. It's a quick way of validating or testing the machines, making sure that your backups are good and that you can get Windows back up and running. This just requires a hyper b host or an s x I host to run as a target. Going a little bit further. Right? If you depending on what your failure mode is. Right? What kind of failure happened on the device that is necessitating to a restore? The most common being some form of hardware failure. Right? That's where our bootable media comes in. So if I actually come underneath the head icon here at the top and I can come to downloads, here at the bottom, we'll have our Google media. This is a pre compiled one. It's an ISO that we offer to you that you can burn to a CD or USB that allows you to, like, say, swap out the hard drive in a machine and then go through and boot that bare metal machine from this media that gives you an interface to then go through and do the restore. We also do have a boot media builder, an actual application. So if you wanted to have it straight directly to a USB stick, we could do that. That also gives us some flexibility in what styles of bootable media that we use. And the last big piece that I wanna talk about, it's kind of a hidden option. So if I come in and look at the protection plan here and I drill into the backup options on it. So if I come in and say let's edit this plan. And then once I get into the edit piece, if I jump in like I said, it's a little buried in here, but this is kind of a neat one, especially if you've got users who, you know, you maybe don't want to give them full access to the console, but you don't want to have to be facilitating every single restore for them. It's called one click recovery. Actually, I have it turned off in this machine, but, on other machines I have it turned on. What this does is it makes it so we can do a disk level backup, and then we can automatically or give a easy to use recovery option to the user itself. So the way it works is we actually have a we make a modification of system reserve that points to our bootable media files that are installed with the agent itself. As part of those files, we're pre compiling a recovery script. So we're taking what we already have inside of this plan as far as where we're backing it up, what the credentials are. Right? How many frequent what frequency of backups are is being taken. Right? All of that gets pre compiled into that recovery script that's saved on the device itself. So that way, if you have something like, hey. We need to do a rollback because change control went bad. Or you've got a lab technician who needs to go back to a known validated state before they they start their their next round of testing. This gives them that capability on the device itself. So I've kinda cheated a little bit here and and made it so we didn't have to wait for Windows restart or anything like that. But I went ahead and hit that f 11. That's the the preconfigured prompt that we have. You can change that. But this shows me the very simple options that we have inside of here where I can come in and say, let's recover this machine from the latest backup. Let's select a backup from which to recover this machine. Or I can say let's do a manual one. If I hit this top one, it's just gonna say, hey. Warning. This is gonna be a full disk recovery. And if I hit yes, that's automatically gonna go look at the product in the background, go and find that that backup archive, and then go ahead and load and and do that recovery for us. So really easy way to get a lot of of good functionality inside of the product itself. We'll see it flash through a couple of screens here. This is pretty normal here because it's actually loading our product outside of that wrapper that we have there. Now coming back to the console. Right? That's a quick, really fast run through of what Acronis Cyber Protect has to offer to you. As I mentioned, we we have a wide array of operating system support. And if you guys wanna see more, we can act absolutely get you set up for a demo. Thanks, everyone. Hello. Thank you for attending today's webinar. We'll be doing a demo of the Copia automation platform today, really aimed for operational and cyber resilience across industrial automation. First, we're gonna briefly touch on Copia source control tool. You can think of it as GitHub for POCs and industrial machines, version control, and visual comparisons between code versions. We enable real time collaboration and code review. We'll bring full version history of auditability and compliance, and we are multi vendored and, again, git based. Really, I would imagine I would employ the Imagine source control as a tool geared for those who are actively writing code, and really providing more resilience on the type of a code that's being approved, and being pushed out to the factory floor before it's live. But here, I'm gonna quickly open up our desktop application. This is really gonna be the primary interface where engineers work with Copia's source control tool. You can see I directly have these ACD files in here, and I wanna go and directly edit quickly edit an ACD file or a Rockwell file, for everyone today. I'm gonna go through in Studio 5,000, and I'm gonna add a few blocks here and there. Again, these are some dummy blocks that we'll be adding in here and removing some over there. And, again, all of this work is being directly done in Studio 5,000. I will hit save. And And once I hit save and I bring the copy application back, our application will notice that there's been a file changed in that repository or that folder. Once I correctly click on it, it will start converting these files, such that, our tool can go and properly render and view the differences between the files. And you'll see here the file has been rendered, and it says that out of everything, we'll only show what's changed, and we only show you the modified. You do have an option to see the entire file itself, but for cutting through the noise, we initially default to only changes being made. And you'll see here on the there's green for added and red for removed. On the bottom left now, really the way for me to make this snapshot is that I, as a user who's logged in, will go and create a quick commit message, updated the conveyor sequence, and I'll commit this to main. And, again, a commit is just like a snapshot. Locally, I can go look at histories. If I did want to revert during the sequence, I can. But what I'm doing here is double checking that this indeed is the change I made. And from here, I'll be pushing it to the cloud. During this situation, what I'm primarily doing is pushing it to and synchronizing it to the cloud so that my colleagues and coworkers can view the changes that I am making to these files, and what I'm and showcase what I'm working on. I had just pushed these to the cloud, and you'll see once I synchronize this, this updated Converge sequence that I commit I just made is now synchronized to the cloud. I can go through and see those exact same changes I saw on the desktop application. I mean, that was removed, that was added, and the same renderings will be here for all of your colleagues to see. Going next on our product will be DeviceLink, which is our automated backup solution. Really, again, this is primarily for scheduled backups. We will provide comparisons between backups, or comparisons between approved versions, and the entire, again, the entire full version history will be here for auditability and compliance. I'm gonna quickly show you this diagram. This diagram is the cloud up here, and then this will be on the factory. The earlier source control demo I showed you really focused around the concept of repositories, which are really just folders. These folders are really tied into projects and associated with projects within a logical grouping of a site. This is really just how we group everything for, easy filtering and finding your files easy. Down here really is the important part. This agent down here is deployed onto a VM, and that VM really just needs to have an IDE installed, such as Sudio 5,000 or TIA portal, and that VM needs to be able to communicate to this POC. What our agent does then is on a scheduled basis, we'll go do an upload from these POCs, shoot them up here to the cloud, and, again, synchronize them alongside of repositories. That'll be all security stored in the Copia cloud. You'll see from this site base over here that I have this New York City plant that I want to go examine. Once I click on that, I'll be able to go and find all of my jobs. And these jobs, again, we support a variety of different vendors. You'll see some TwinCAT three here. You'll see Codesys projects, TIA portal projects, Rockwell files. We can back everything up. Again, this is really just a master list of everything that's been going on. I'll I'll show you a quick example of a Siemens file here. This is actually using our generative AI solution, Copia's Copia Copilot solution. And even before going and viewing the files themselves, there's a lot of changes made here. Our AI can go and read through the files, provide summaries, and also even provide criticalities or warnings, or anything that the user should be made aware of. For today's example, I'm actually gonna dive into this Rockwell file, and let's say I only wanna see all the changes being made on the floor to this oven. I'm gonna go here, hit filter to oven, and you'll see that these are only the files you'll see up to date, modified, or if some issue happened with the backup itself. Once there is a modification, users can set different notifications, get emailed, Slacked, or messaged via Teams. And a quick example of that will be here. This is a quick example of what, the backup email looks like. We can send you an email saying, hey. We found a difference. This is the site, the project, the time, and even that AI summary I've mentioned earlier. We'll send that to you so that you can quickly understand, if this is a change that is worrisome, if there was some kind of malicious actor, coming in, making certain changes, you can view all of that directly from your email or, again, Slack or Teams. From here, let's say that I knew that, this change was potentially unauthorized, and I wanna go back to a different version. Again, I can go quickly see here if my April 6 change, I can see that someone changed certain files here and certain parts of my files here. And I can go and view these direct details directly. We will directly show you the entire changed and modified systems here. If you're added or removed, it would also indicate that it was added or removed, but these are only modified as you see by this orange button. And then this green and red will show what's been added or modified. From here, let's say now I wanna take a step to restore to this version. I can simply go to view file. I can see the entire file here, and I can go to manage file, and I can quickly hit download file. And according to your company's standard operating procedures, you can go then and do a recovery or deploy, to that POC. Thank you. Alright. Fantastic. Thank you, Copia team and also Acronis. I would like to now invite, Mary to speak about OT security. Mary, the stage is yours. Thank you. GuidePoint Security is a unique partner for multiple reasons. Since we're a VAR and a services based cybersecurity company, we can help you acquire, implement, and manage the tools you need for your environment, including both Acronis and Copia. We have a dedicated OT security team with experts across over 40 different OT security tools that specialize in the seamless deployment, implementation, and management of all of those tools, including Acronis and Copia as well. We also have specialized OT IR services, including an OT instant response retainer that gives you twenty four seven, three sixty five coverage if an incident occurs in your environment. We also partner with our IT differ team for all OT incidents, which gives your organization a unique degree of expertise across all domains. Our team can also build out OT IRPs, playbooks, and runbooks from scratch, or we can help you refresh your existing documentation. We also conduct tabletop exercises, which can be either joint with IT and OT teams or just solely OT exercises, and we do them on both the technical and the executive levels. And if you're looking for multiple proactive services, we also offer a bucket of proactive instant response hours, which can be used for any of our existing OT proactive services or any unique asks you may have for your instant response needs, and this bucket is often paired with the retainers. OTIR is one of the five SANS critical controls, which is a great place to start when you're trying to build out an OT security program at your company. Each stage of building out the OT IR program has various activities mapped to the applicable stage. Starting off, you wanna develop that OT IRP, establish the roles and responsibilities and communication pathways, and create those decision matrices for questions that should be identified prior to an incident. Next, you'll wanna integrate your OT IRP with existing corporate documentation and processes, develop a few scenario specific playbooks. So think of the IRP as that overarching blueprint and the playbooks with the actual tactical guidance, which outlines the steps for scenario specific response, including prepare, detect, respond, recover, and lessons learned stages. And you also wanna train your responders with that safety first mindset. Once those have been completed, you'll wanna test and validate that your OTIRP is usable for your company through a tabletop exercise, and you'll also want to conduct proactive threat hunting within your environment. The OTIR process is a cycle. So once you've completed those few steps, you'll wanna start all over again and update your OTIRP and your playbooks based on the lessons learned. Here's a visual road map for your OT security program. It breaks down all five of the SAMS critical controls. But as you can see, that OT incident response is on the far left, and it breaks it down into crawl, walk, run stages. So at that crawl, you've got that response plan built. You're getting that retainer walk. You're building those scenario specific playbooks. And at run, you're doing that tabletop exercise and then starting all over again and updating your instant response plan and playbooks. Alright. Back to you, guys. Superb. Thank you very much. Now we are, moving to the q and a session, live q and a session. So if you've got any questions, that you have for our expert panel here, now is the time for you to unmute yourself and, throw in your questions, please. Okay. I can see that we've answered, like, 22 questions on the q and a panel. JD, is there anything that you would like to pick up? Oh, there's a a couple inside of the the webinar chat right now. Like, easy hanging one. Does GuidePoint Security also work in Europe? And is COPIA distributed in Europe? So couple of questions around Europe and and what the support level is there. I'll answer the GuidePoint Security one. So for GuidePoint Security, yes, we can help out in Europe as well. Okay. I see another question which says, how easy is it to onboard COPIA in production? Anybody from COPIA would like to take that on? I can try and answer that. Oh, great. I mean, the reality of any sort of deployment in industrial environments, I'd say, is it's it's always crawl, walk, run. You know, if we're gonna be honest about how these environments work, there's a lot of legacy. There's a lot of, complex network environment. There's a lot of requirements in general in these environments. So, typically, what we see with customers is, you know, depending on the scale. So if we have, like, let's say, a 100 site customer, we might start with a few different sites. You know what I mean? Get those kind of up and running. That initial integration often is like, hey. What access do we have to internal IT? You know, what sort of approvals do we need, etcetera, even after we'll purchase the product? Sometimes that stuff can come up. And so but once all that's done, you get an initial site working or a few sites. We understand the environment. The next mth sites end up actually being a very fast deployment to what we see. So our best customers, once they're kind of at scale, are deploying, you know, one site a week or sometimes we have a customer that can deploy a site in the afternoon, you know, as they're setting up new sites. So, it can get quite fast, but it's really investing in those first few sites to make sure you understand really the configuration environment. And we have a deployment team that helps with that and experts at that, that kinda sets you up to then run and deploy really quickly. So, you know, ultimately, we can deploy a global enterprise, and we've done it multiple times, you know, in a in a year, you know, less than a year. And that's actually one thing I'm excited about with this overall discussion is you could really talk to us, Skypoint, Acronis, and solve this problem for your organization very fast if you had the, engineer support across your organization. But the first couple of sites are always gonna be a challenge, I think. I think it's worth just investing in that in the right way so you can scale quickly would be my my scar tissue from this space and learnings. Superb. Alright. Thank you. Thank you very much, Adam. Let's, wrap up the q and a, being cautious of the time. Let me just quickly go back to the slides, and I would like to quickly bring your attention to this OT downtime calculator. So this is a free tool which you can access with this QR code, or if you just search for OT downtime calculator with Acronis, you will find this web page. And, again, guys, there is a lot of field feedback and a lot of research and a lot of calculations and formulas that went into this, downtime calculator. So please have a go at this and see if it sort of resonates with your industry and your environment. Moving on, we also have additional OT assets with case studies, data sheets, solution briefs, lots of, useful material that I would like to bring to your attention. So please have a look at this as well. With that, I would like to thank you all, the expert panel, and our attendees for your time today. I hope you found this useful. I'll see you again in the next one. Cheers. Thank you. Bye for now.