Securing smart factories when the ‘attack surface’ keeps expanding
What you’ll learn:
- Manufacturing today is leaping forward in massive strides, but its interconnectedness creates a large attack surface that is vulnerable to exploitation.
- An overwhelming proliferation of security point solutions and appliances to address these threats has created a fragmented and complex IT landscape.
- SASE is the antidote to IT security chaos, delivering a single, cloud-native platform.
Manufacturing is ushering in its most revolutionary period—ever. Powered by intelligent automation, real-time data, and AI-powered orchestration, the transition from “legacy” (translation: older and siloed) to smart, self-optimizing systems is no longer an idea; it's transforming factories.
From smart factories that automate complex workflows, optimize supply chains, and respond dynamically to production demands, to dark factories that function independently around the clock with robots, today’s manufacturing landscape is leaping forward in massive strides.
See also: Unpacking the risks of cyberattacks that bedevil modern manufacturing
That said, their interconnected state creates a large attack surface that is vulnerable to exploitation. Each remote interface, industrial IoT device, and autonomous module becomes a potential gateway for cyberattacks, from ransomware infections to cyberespionage operations.
An overwhelming proliferation of security point solutions and appliances to address these threats has created a fragmented and complex IT landscape, draining resources and leaving manufacturers vulnerable as cybercrime costs outpace security investments. In a 2025 Deloitte survey of 600 executives, almost two-thirds (65%) viewed operational risk as a concern linked with smart manufacturing.
When machines meet the internet: The expanding attack surface
Smart factories are based on connected assets such as IIoT devices, robot arms, programmable logic controllers (PLCs), sensors, and actuators that constantly share operational data between internal networks and cloud platforms.
Q&A: Could a software vendor be on the hook if your company's systems get hacked?
Threat actors may exploit machine-to-machine communications, misuse compromised or outdated wireless protocols or conduct credential stuffing attacks to hijack device identities. Having gained entry into a manufacturer’s network, they may conduct lateral movement, escalate privileges, alter operating parameters, and inflict damage or safety issues.
Extending protection to far corners
Manufacturers tend to have global facilities that range from large factories to small regional hubs. They're dependent on expensive MPLS or VPN tunnels for connectivity—technologies never meant for security operations in dynamic environments. Remote sites tend to have little or no on-site cybersecurity staff and slow or unequal software patching.
See also: Who do you trust? In manufacturing, the answer should be no one
These conditions make remote assets appealing targets for ransomware gangs and threat actors. Violations at lower sites can cascade upward, allowing threat actors to pivot into more sensitive production environments.
IT/OT blind spots
Managing thousands of heterogeneous devices across manufacturing zones makes comprehensive visibility a serious challenge. Traditional IT tools are not granular enough to monitor OT systems, and vice versa. Devices can go online without explicit registration, and legacy equipment usually doesn't log or provide telemetry.
See also: Taking a manageable approach to zero trust for operational technology
Such fragmentation creates security blind spots, where hostile activity can be concealed, causing delays in detection and hindering forensic examination. Threat actors may take advantage of this "fog of war" by implanting backdoors or exfiltrating sensitive blueprints undetected.
Too many to patch: Managing risk at scale
Industrial environments are built on a complex matrix of software, including third-party vendor libraries and protocol stacks, legacy operating systems, and proprietary applications. With several hundred vulnerabilities emerging every year across various protocols and platforms, patch management becomes an impossible task.
See also: Digital reliance is growing, but so are cyber risks. Is your operation prepared?
Unpatched systems linger for weeks or months, either because of operational constraints like day-and-night production cycles, or device incompatibility, giving threat actors extended periods of opportunity.
Securing mixed-generation manufacturing
Smart factories blend modern automation with legacy equipment that is decades old yet remains at the core of mission-critical functions. They typically lack encryption, authentication, or secure boot features.
Existing side by side with newer cloud applications and IIoT platforms, they introduce glaring dissonance in security posture. Threat actors exploit these contradictions, using points of weakness as entry to break into larger systems or steal sensitive data.
How SASE mitigates smart factory risks
Secure access service edge (SASE), a technology estimated to grow to $28.5 billion by 2028, provides a means of countering the sophisticated risks confronting smart factories.
SASE is the antidote to IT security chaos, delivering a single, cloud-native platform that provides global scale, optimal performance, and simplified management to fulfill networking and security requirements without increasing complexity.
See also: AI can expose manufacturing data to risk, so audit your implementations, third-party links
By converging networking and security into a single, cloud-native platform, SASE mitigates the special challenges of dispersed, heterogeneous, and highly automated factory environments.
Centralized policy enforcement and real-time visibility: SASE enables centralized policy enforcement across the entire IT/OT infrastructure. Users get the same network performance and security policies both on the factory floor and when working remotely. All traffic is directed through an encrypted cloud backbone and scanned with multiple layers of protection, eliminating the need for patching every device separately, particularly valuable for legacy devices that can’t be patched.
Virtual patching for legacy systems: Industrial controllers usually cannot afford downtime to patch. In cases where devices cannot be patched, SASE provides virtual patching, imposing a protective function at the network level to block known exploits.
Scalable connectivity: SASE substitutes expensive MPLS and unreliable VPN connections with a global network of cloud-based points of presence. Through the use of encrypted SD-WAN tunnels on conventional broadband connections, it enables rapid but secure access to critical applications.
Zero-trust access: Zero trust network access gateways verify users, devices, and applications by identity and context prior to providing least privilege access. This architecture stops lateral movement, holds breaches to one segment, and keeps enterprise IT and production OT networks strictly separate.
Enhanced visibility and control: Routing all network traffic through SASE gives extensive visibility into connected applications, devices, and user interactions. AI-driven analytics provide proactive threat detection, flagging unusual activity, revealing network trends, and rapidly assessing risk levels across systems.
See also: OT cybersecurity challenges: Q&A with Rob Larsen
The potential of smart factories is huge, but so are the threats. In an era where minutes of downtime cost millions and data breaches compromise brand trust, SASE is technology as well as a strategic catalyst. With SASE, manufacturers can turn cyber risk into business advantage, future-proofing operations against evolving threat environments.
