Cancel Your Ransomware Subscription: A Webinar Recap with Frenos & Forescout

Despite years of investment in segmentation, asset visibility, and patch management, ransomware continues to cripple OT networks. So what’s going wrong?

Frenos and Forescout believe the answer isn’t more alerts, it’s better simulation.

In a recent joint webinar, Frenos CTO Harry Thomas and Forescout’s Christina Hoefer explored how adversary simulation, digital twins, and threat-informed visibility can shift organizations from passive detection to proactive defense.

Below, we summarize key themes from their conversation, including why ransomware is still a growing threat in operational environments, and how teams can regain control with strategic data and simulation-driven security.

Ransomware Is Now a Service and It’s Coming for OT

Industrial ransomware is no longer niche. Ransomware-as-a-Service (RaaS) has lowered the barrier to entry for attackers and increased their targeting capacity across verticals.

Forescout’s threat intelligence team (Vedere Labs) has observed a surge in attacks affecting:

  • Routers, UPS systems, and exposed IoT devices, not just traditional IT assets.
  • Unmonitored interconnectivity between IT and OT layers, especially via shared systems like historians or engineering workstations.
  • Support systems like logistics or custom-order management, which are treated as IT assets but have downstream OT impacts.
“Attackers aren’t targeting control systems, they’re targeting everything around them,”  Hoefer explained. “And because these systems are interconnected, even IT compromises can disrupt OT.”

Frenos + Forescout: Visibility Meets Simulation

Forescout delivers comprehensive asset intelligence through deep packet inspection, active queries, and integrations with existing IT/OT systems. Frenos consumes this data and builds a dynamic digital twin, powered by a simulated AI adversary named SAIRA.

SAIRA functions as an embedded red team. Her job:

  • Emulate real threat actors
  • What paths exist for lateral movement
  • How to break those paths with minimal operational disruption

Rather than just identifying vulnerabilities, Frenos helps customers understand:

  • Which vulnerabilities matter most
  • What paths exist for lateral movement
  • How to break those paths with minimal operational disruption

From Visibility to Validation

The challenge in OT environments isn’t a lack of data, it’s what to do with it.

Most asset visibility platforms generate thousands of data points. Without context, this creates alert fatigue and slows remediation. Frenos turns that data into action by running analytics like simulating attack paths based on actual device configurations, communication rules, and segmentation policies.

Some core platform capabilities include:

  • Digital twin generation using real asset, vulnerability, and segmentation data
  • Path simulation and prioritization based on AI-generated adversarial logic
  • "What-if" analysis to test policies or mitigations before live deployment
  • Mitigation scoring to guide decision-making during limited maintenance windows
“Instead of chasing every CVE, you can focus on the vulnerabilities that have reachable and exploitable paths,”  Thomas noted. “Simulation helps you prove what matters.”

Ransomware Case Study: From Research to Real Risk

During the session, the team highlighted ransomware threat patterns from Unit 42 and internal Frenos research:

  • Manufacturing is among the hardest-hit sectors, followed by education and healthcare.
  • Threat actors often use non-critical systems as footholds, such as unmanaged IP cameras or vendor VPN gateways.
  • Many ransomware developers don’t even know they’re building malware, believing they’re working for corporations and even get healthcare from these companies.

OT Realities: More Than Just Detection

Both speakers agreed that OT environments face unique constraints:

  • Legacy devices may lack patching mechanisms entirely.
  • Maintenance windows are few and far between.
  • Full segmentation isn’t always feasible, especially in complex or aging environments.

That’s why simulation is so critical. Frenos doesn’t just simulate exploits, it simulates controls.

Security teams can test:

  • Whether deploying a Forescout policy in a specific zone breaks attack paths
  • Whether a temporary account creates lateral movement risk
  • Whether firewall changes stop ransomware or break production
  • Whether a vulnerability is actually exploitable based on contextual conditions

The Role of Segmentation + Policy in Prevention

Forescout helps customers go beyond basic visibility:

  • Enforce security policies that remove default accounts, block USB ports, and restrict lateral movement
  • Grant temporary access to vendors through just-in-time controls (instead of permanent firewall exceptions)
  • Audit communication flows to enforce separation between IT and OT layers
“Most attacks don’t start in OT. They start in business apps or vendor systems that are ‘connected for convenience,’”  Hoefer noted. “That’s where segmentation and policy enforcement become critical.”

Defense in Layers: Not Just More Tools, Better Use of What You Have

Modern OT networks already generate a wealth of security telemetry, from vulnerability scanners to passive monitoring platforms.

The problem isn’t data. It’s actionable insight.

Frenos helps customers use existing tools better:

  • Upload CSVs, sensor data, or scan results into the platform
  • Leverage Forescout asset metadata for deeper simulation context
  • Simulate attack paths based on real topologies, users, and services
  • Use this to Prioritize, Prove, and Plan

Key Takeaways

  • Expand Visibility Beyond Asset Management.
    You need to simulate what could happen to highlight true areas of interest that move the security needle.
  • Not all Vulnerabilities are Equal.
    Focus on those that have reachable paths and active services behind them.
  • Simulation gives Defenders Leverage.
    Especially when asking leadership for resources or trying to justify patch prioritization.
  • Digital Twins aren’t just OT Process Emulations.
    In cybersecurity, they offer safe, cost-effective, scalable ways to test security.
  • Ransomware is Industrialized.
    Your defenses need to be adaptive, intelligence-driven, and ready to validate risk paths at scale.

Start Simulating Your Security Strategy

With AI-driven reasoning agents, digital twins, and multi-source data fusion, platforms like Frenos and Forescout offer a new way forward, one where threats aren’t just detected, but simulated, broken, and eliminated at their roots. Want to see how it works? Watch the full on-demand webinar here.

It’s time to move beyond alerts and toward assurance.

Ready to cancel your ransomware subscription?