by Gary Mintchell | Feb 13, 2026 | Security
Dragos has more news coming next week. In the meantime, news of a collaboration with, who else for industrial software, Microsoft. How many Microsoft mentions squeezed into one sentence—Dragos brings proven energy and industrial cybersecurity, seamlessly deployed on Microsoft Azure, integrated with Microsoft Sentinel and readily accessible through Microsoft Marketplace.
Dragos Inc., a global leader in cybersecurity for operational technology (OT) environments, announced February 3, an expanded collaboration with Microsoft to help organizations modernize and secure their cyber-physical operations amid accelerating digital transformation, cloud adoption, and AI-driven change.
This collaboration focuses on integrating Dragos’s capabilities with Microsoft’s cloud and security platforms. By deploying the Dragos Platform on Microsoft Azure, integrating with Microsoft Sentinel, and enabling streamlined procurement through Microsoft Marketplace, organizations can more tightly align IT and OT security operations while adopting robust protections purpose-built for operational environments.
The collaboration addresses Microsoft customers’ on-premises OT security needs and enables Dragos to expand its cloud reach, creating deployment flexibility that serves customers’ diverse infrastructure strategies. Importantly, Dragos, a Microsoft partner, addresses a long-standing capability gap for organizations seeking to modernize operations without introducing unacceptable operational risk.
They provide a list of benefits:
- Unified IT/OT security operations through native integrations with Microsoft Sentinel Flexible deployment options across cloud, hybrid, and on-premises environments to support diverse infrastructure strategies
- Improved visibility into industrial assets, threats, and operational impact, enabling faster, more informed response
- Reduced procurement friction via Microsoft Marketplace and alignment with customers’ Azure consumption commitments
- A future-ready foundation for securing AI-enabled, connected, and automated operations
- This integrated approach enables organizations to accelerate cloud and AI initiatives while maintaining the safety, availability, and compliance requirements essential to cyber-physical environments.
Four integration pillars:
- Flexible Deployment Options—Beginning in Q1 2026, the Dragos Platform will support SaaS deployments on Azure, in addition to on-premises and hybrid models.
- Microsoft Sentinel Integration—OT-specific telemetry, threat intelligence, and asset context from Dragos flow directly into Microsoft Sentinel, enabling unified IT/OT detection, investigation, and response.
- Microsoft Marketplace Availability—Customers can procure Dragos through Microsoft Marketplace and apply Azure consumption commitments (MACC), aligning OT security investment with broader cloud and AI initiatives.
- Looking Ahead—This collaboration establishes a scalable foundation for continued innovation, enabling deeper technical integration and coordinated go-to-market execution as OT, cloud, and AI environments become increasingly interconnected. For customers, it provides a clear, future-ready path to secure modernization, establishing Dragos’s OT-native cybersecurity as an integral capability within one of the world’s most important enterprise technology ecosystems.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Feb 4, 2026 | Generative AI, News, Process Control, Security, Software
This news came last week. Just as I was contemplating the business model of cybersecurity firms following another acquisition, this news of a new company launch with a unique take on security. This company will be interesting to watch. The news comes from Amsterdam concerning the launch of a company called Indurex. Naturally they have AI in their product offering and manage to work in an older term—cyber-physical systems.
The quick take: An AI-powered, human-in-the-loop platform that brings together process safety and cybersecurity, turning complex signals into trusted decisions for resilient critical infrastructure.
Indurex, a pioneering artificial intelligence (AI) and cyber-physical systems (CPS) security company, announced on January 27 its official launch to help protect critical infrastructure, smart manufacturing, and connected industrial operations. The company’s mission is to deliver robust, adaptive security solutions that safeguard both the physical and digital worlds as they increasingly converge.
Founded by a team of seasoned experts in operational technology (OT), cybersecurity, and process safety systems, Indurex enters the market at a decisive time. Operators across energy, utilities, and manufacturing sectors face mounting challenges from IT-OT convergence, cyber sabotage, and cascading system failures — putting both process safety and cybersecurity integrity under increasing pressure and exposing essential assets to unprecedented risk. Traditional tools, designed for isolated IT networks or legacy control systems, can no longer assure the level of operational, safety, and cyber integrity required in today’s highly connected industrial environments.
Industrial organisations continue to face a critical gap between process safety and cybersecurity, which are managed in disconnected silos. Existing tools generate high volumes of alerts without sufficient industrial or engineering context, leading to alert fatigue and a limited ability to assess real operational and safety impact. At the same time, a new class of AI-enabled and cyber-physical threats is emerging — capable of exploiting process behaviour, safety dependencies, and human workflows. Detecting and stopping these threats requires AI-native technologies designed for industrial systems, combined with human-in-the-loop intelligence to ensure explainability, trust, and effective decision-making.
Indurex bridges this gap with an AI-native, interoperable platform that unifies engineering context and cybersecurity intelligence — an approach the company defines as Engineering Cyber Intelligence.
This delivers measurable returns across three dimensions:
- Operational Excellence & Safety Integrity: Fewer trips and faster recovery through unified situational awareness and continuous assurance of Safety Integrity Functions (SIF)
- Cyber Resilience: Contextualized detection and response across digital and physical domains, aligned with operational and safety impact
- Cost & Compliance: Automated reporting and defensible evidence of risk, control maturity, and safety integrity across critical systems
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Feb 2, 2026 | Business, News, Security
I posted news last September that Mitsubishi announced plans to acquire cybersecurity firm Nozomi Networks. That acquisition is now complete.
The viability of all these cybersecurity firms as independent businesses has always sparked curiosity in me. The latest press release puts Nozomi revenues at about $100M. Not a sizable business by today’s standards. But their product certainly hits a sweet spot of demand for customers. Boards and insurers increasingly pressure management to assure security.
An acquiring firm of a generalist technology will always face concerns from companies who don’t use their products. Will we be phased out unless we switch suppliers. These concerns are addressed. Nozomi Networks assures customers it will be operating independently as a wholly owned subsidiary delivering vendor‑agnostic OT/IoT cybersecurity solutions to its global customer and partner community.
From the news release:
Nozomi Networks announced January 27, 2026 that Mitsubishi Electric Corp. has completed its acquisition of the company. Originally announced on September 9, the transaction marks the start of a new phase of growth for Nozomi Networks while preserving the company’s independent operations, vendor‑neutral technology roadmap, and established go‑to‑market partnerships. As a wholly owned subsidiary, Nozomi Networks will continue to support the full OT/ICS ecosystem with the same open, multi‑vendor approach that has made it a trusted partner to critical infrastructure operators worldwide.
I’m not sure how a company knows the financial details of its privately held competitors. But Nozomi Networks states it is also the first privately held OT cybersecurity company to achieve sustained cash flow and break‑even performance – further underscoring the strength of its model, the durability of its platform, and the confidence organizations place in its independent, vendor‑agnostic approach.
Other notable milestones the company achieved in 2025 include:
- Significant new and expanded partnerships with global technology leaders including Schneider Electric, Hitachi Cyber, Nvidia, Dispel, and Xona
- 24% employee headcount growth
- Among the fastest growing companies in North America on the 2025 Deloitte Technology Fast 500
- Named to Fast Company’s World’s Most Innovative Companies 2025 list
- Named a Leader in the Gartner Magic Quadrant for CPS Protection Platforms and is a Leader in the Forrester Wave for IoT Security, as well as the only recognized Customers’ Choice in Gartner’s Voice of the Customer for CPS Protection platforms
- Recognized by Gartner as “The Company to Beat for AI in CPS Protection Platforms”
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Jan 20, 2026 | Security
Ransomware continues to grow as a threat to manufacturing firms of various sizes according to this new report from the GuidePoint Research and Intelligence Team (GRIT). It reveals a 58% YoY increase in ransomware victims as record activity becomes the new norm.
GuidePoint Security announced January 15 the release of the GuidePoint Research and Intelligence Team’s (GRIT) annual Ransomware & Cyber Threat Report.
The GRIT 2026 Ransomware & Cyber Threat Report provides exclusive in-depth research, insights and analysis on a year of record-breaking ransomware activity, examining who cybercriminals are targeting (and why), the top tactics threat actors are using and how shifting ransomware group dynamics are redefining the threat landscape.
“The GRIT 2026 Ransomware & Cyber Threat Report shows the most active year for ransomware we’ve ever recorded, revealing a 58% year-over-year increase in ransomware victims,” said Jason Baker, Lead Threat Analyst at GuidePoint Security. “While law enforcement disruptions have reshaped the Ransomware-as-a-Service (RaaS) ecosystem, group fragmentation is driving new patterns of high-volume, repeatable operations, pushing overall activity to record-breaking levels. The rise of Qilin as the most active group we’ve ever tracked — surpassing even LockBit at its peak — underscores how the ecosystem is evolving. For organizations, well-resourced defenders, proactive vulnerability management and real-time threat intelligence will be critical for mitigating risk in the year ahead.”
Findings from this year’s report include:
- Ransomware victim numbers hit a new all-time high. 2,287 ransomware victims were posted in Q4 2025 alone — the largest number recorded in a single quarter since the report’s inception.
- The number of threat groups has reached record levels. 124 distinct ransomware groups were active in 2025, the highest ever recorded and a 46% year-over-year increase.
- The United States remains a top geographic target for ransomware attacks. In 2025, more than half (55%) of ransomware victims were based in the U.S.
- A new RaaS leader has emerged. Qilin’s activity levels in 2025 were the highest of any group ever observed.
- The Manufacturing industry was most heavily impacted by ransomware, accounting for 14% of attacks. The Technology (9%) and Retail/Wholesale (7%) industries followed closely behind.
- High ransomware activity levels should continue in 2026. December 2025 was the most active month for claimed ransomware victims on record with 814 successful attacks — a 42% year-over-year increase.
The report also explores the growing use of AI in ransomware attacks, examines the impact of zero-day vulnerabilities on ransomware and takes an in-depth look at major ransomware operators throughout the year, including an analysis of ransomware payments made to the Qilin and Akira groups.
The GRIT 2026 Ransomware & Cyber Threat Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Jan 16, 2026 | News, Security, Technology
The podcasts I regularly listen to are filled with advertisements for Virtual Private Networks (VPN). These are touted as a way to conduct secure sessions while working, for example, at a coffee house. Side benefits accrue, as well, for example watching your local streaming services while traveling abroad.
Not so fast, says security startup, Zeroport. Several years ago, cutbacks in the Israeli military led to an exodus of talent who founded cybersecurity companies. Most of those have been acquired by now. But here comes a new company also with ancestry with the Israeli military.
Its take on VPN-type security lies in eliminating Internet Protocol (IP) access. Its patented non-IP remote access technology addresses vulnerabilities that led to the CISA breach and countless VPN compromises.
From their news release of January 15, 2026:
Zeroport, a provider of non-IP secure remote access solutions, today announced it has raised $10 million in funding to accelerate global expansion and product development. The round was led by lool ventures, with participation from Clarim Ventures, CyberFuture (Backed by Elron Ventures), and Fusion Fund.
The company will use the funding to expand into North America and APAC markets, grow its team from 25 to 40 employees within a year, and enhance its flagship Fantom platform. The company already secures remote access for large organizations worldwide, demonstrating proven adoption across critical infrastructure, power, financial institutions, and government sectors. Zeroport addresses a $30 billion market growing at 20% annually.
The secure remote access market remains fundamentally broken as all existing solutions rely on IP-based communication that allows malware to penetrate networks and theft of sensitive internal data, a vulnerability so severe that even CISA, the U.S. cyber defense agency, was breached through its own VPN devices. This forces organizations to either remain completely offline or rely on complex & outdated IP-based remote access systems.
Zeroport’s Fantom platform pioneers the first non-IP-based secure remote access solution, using patented hardware that creates a physical non‐IP bridge at network boundaries. Inbound flows are physically limited to human interaction signals; outbound flows are display-only pixel streams. No packets can physically enter or leave the network; therefore, no malware can get in, and no data can get out.
This unique approach enables organizations to provide secure remote access for the first time, while maintaining complete visibility and control over sessions. This translates into cost savings by both replacing the complex legacy remote access stack and enabling remote operations in situations that were previously not possible. The technology has already demonstrated measurable impact, eliminating $5 million in annual travel costs for one systems integrator by enabling secure remote network monitoring & maintenance, previously impossible with traditional remote access tools.
The founding team brings together exceptional cybersecurity and hardware expertise from elite military intelligence backgrounds. Co-founder and CEO Joseph Gertz brings over 15 years of global business leadership and entrepreneurial experience. Co-founder and CTO Lavi Friedman and Zeroport’s COO, Rotem Kalmi, are both alumni of the IDF’s elite Unit 81 (Technological Intelligence Unit). The team’s unique perspective on remote connectivity challenges emerged when Friedman and Gertz met during reserve duty at Unit 81, where they identified critical gaps in secure remote access solutions.
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
by Gary Mintchell | Dec 9, 2025 | Embedded Control, Security
I met a new neighbor the other day. We talked a bit about what we had done in our prior employment lives. Turns out she has a friend who gave her a copy of his book. She loaned Software Test Attacks to Break Mobile and Embedded Devices by Jon Duncan Hagar to me to read. It’s 10 years old, but it seems quite contemporary. (Not that I’ve done any embedded systems programming for decades.) The book is also thorough.
After reading through it, this press release dropped into my mailbox about yet another report from a security company. If they don’t scare you into taking action on software security, they’ve overestimated their impact. Using AI as a programming assistant is all the rage currently. Reports indicate that there are good uses, but also that you had best not use AI-generated code as your final build.
This 2025 report investigates AI adoption and the security of AI-generated code in critical embedded systems. It is certainly timely.
RunSafe Security, a pioneer of cyberhardening technology for embedded systems across critical infrastructure, announced the release of its 2025 report, AI in Embedded Systems: AI Is Here. Security Isn’t. The report is a snapshot of how artificial intelligence (AI) usage is unfolding across embedded software development and provides insights into what the data means for engineering, product, and security leaders who are integrating AI into their workflows.
Surveying more than 200 professionals throughout the US, UK, and Germany who work on embedded systems in critical infrastructure, the report reveals that AI-generated code is already running in production across medical devices, industrial control systems, automotive platforms, and energy infrastructure. The report finds that AI has quickly moved from an experimental curiosity to an operational reality in embedded systems development. While adoption races forward, security concerns loom large.
Here follows the obligatory quote.
“AI will transform embedded systems development with teams deploying AI-generated code at scale across critical infrastructure, and we see this trend accelerating,” said Joseph M. Saunders, Founder and CEO of RunSafe Security. “Our report reveals an industry at an inflection point, where transformation is happening faster than security practices have evolved. Organizations that navigate it successfully will be those that maintain the same rigor with AI-generated code that they’ve traditionally applied to human-written code while also recognizing that AI introduces new patterns, risks, and security requirements. At RunSafe Security, we provide greater visibility into software and risk so organizations can properly manage their security while deploying AI in embedded systems.”
RunSafe Security’s report highlights the following key findings:
- AI is already widely used in embedded software development workflows:
- 80.5% of respondents currently use AI tools in embedded development
- 83.5% have deployed AI-generated code to production systems
- 93.5% expect usage to increase over the next two years
- Risk from AI-generated code is widely recognized, but framed as manageable if organizations modernize:
- 53% of respondents cited security as their top concern with AI-generated code
- 73% rated cybersecurity risk as moderate or higher
- Runtime resilience is a central pillar of embedded security:
- Runtime protection for AI-generated embedded software is rated “highly important” by most respondents
- 91% of respondents plan to increase investment in embedded software security over the next two years
- 60% already use runtime protections to address memory safety vulnerabilities
Click on the Follow button at the bottom of the page to subscribe to a weekly email update of posts. Click on the mail icon to subscribe to additional email thoughts.
