It was this time last year (Feb 2025) when we announced the 2.0 release of the Frenos Platform. We introduced a completely new user interface, attack paths and defensive mitigations and so much more. It stood out at the S4 Industrial security conference with an endless stream of attendees looking to see what all the buzz was about. Which brings me to the reason for this announcement, the release of our latest version 3.0 on Feb 10, 2026.
Simulated OT Penetration Testing Built on a Cyber Digital Twin
At the core of Frenos is an OT cyber digital twin that models assets, networks, routing behavior, access controls, vulnerabilities, and threat intelligence within a unified system. This isn't a simplified diagram or static asset inventory. The digital twin reflects how your OT environment actually behaves, continuously updated as configurations, vulnerabilities, and threat landscapes change.
Rather than executing tests against live environments, Frenos simulates adversary behavior against this model. Attack paths, exploitability, and lateral movement are evaluated based on how traffic can actually traverse the network, what assets are exposed, and which controls are in place.
This allows security teams to answer the same questions a red team would ask:
- What can an attacker reach?
- How would they get there?
- Where does the attack chain break, and why?
The result is a prioritized, evidence-based view of OT risk that shows not just where vulnerabilities exist, but which ones actually matter given your network's specific architecture and defenses.
All without introducing operational risk, touching a single production asset, or requiring a maintenance window.
Advances since 2.0
Over the past year, nearly every part of the platform has evolved in service of this simulation-driven approach.
We introduced the Digital Twin Interface, giving users direct access to the modeled representation of their environment—networks, firewalls, routers, assets, vulnerabilities, and the metadata that connects them. Everything ingested into Frenos is enriched by our Adversary Intelligence Engine, turning raw data into security-relevant context.
To support scale and real-world deployments, we overhauled integrations with a new integration framework and marketplace, adding dozens of data sources, scheduling, filtering, and a standardized ingestion experience. Whether data comes from OT visibility platforms, endpoint telemetry, or configuration repositories, it enters the platform in a consistent, model-ready form.
We also delayed something intentionally: dashboards.
Rather than building dashboards first, we focused on model fidelity. Only once the digital twin accurately reflected real-world behavior did we introduce a command-center dashboard that surfaces security posture, riskiest attack paths, threat resilience, TTP prevalence, and prioritized actions. The dashboard is not the product, it is a reflection of the twin.
Behind the scenes, network modeling saw some of the most significant improvements. Over twenty enhancements were made across recent releases to better represent NAT, VPNs, dynamic routing, and segmentation products commonly found in industrial environments. These changes materially improve the accuracy of attack path analysis and reachability calculations.
We completely overhauled the decision engine used for planning and orchestrating attack actions used by SAIRA, our adversarial reasoning agent. Now fully integrated in the Adversary Intelligence Engine, we can make corrections to AI behavior through content updates, independent of software patches. And yes, this works offline as well through an added offline content update that's as easy as download from our Support portal, drag and drop in the UI to update definitions for platforms deployed into an air gap.
We built the industry's first threat intelligence catalog for ICS that not only enriches MITRE ATT&CK and D3FEND with thousands of other data sources, but also added over 2000 actions, a proprietary Frenos feature that provides visibility into the actions that adversaries perform. The Adversary Intelligence Engine is our gift to the entire industrial security community, sharing the data that drives our decision logic.
We enriched vulnerability databases with network path and exploitation intelligence inaccessible by any other open-source or commercial vulnerability intelligence provider giving Frenos customers unrivaled ability to prioritize based on actual reachability inside their environments. Going far beyond data from CVSS subscores such as CVSS vector strings, we identify ports and protocols and other technical requirements needed to exploit vulnerabilities in your environment. We then evaluate your actual architecture against those requirements to produce industry leading vulnerability reachability results, significantly reducing noise.
New in 3.0
With 3.0, we focused on making simulation visible, explorable, and operationally actionable.
The new network exposure visualizer (NEV), reimagined for 3.0 creates natural clustering of networks based on firewall zoning for easier organization and queries, and layers all the amazing Adversary Intelligence Engine and Defend module intelligence into the network map. This creates a way for you to instantly see where in your network you are exposed to attack paths, missing visibility creating blind spots for asset information or have opportunities to strengthen security architecture through segmentation and configuration. We added the ability to query for specific vulnerabilities to identify at a zoomed out view to see what critical networks are reachable by the latest CVEs (or older ones) from assume breach points in your environment.
Attack path analysis itself has expanded to include multi-path exploitation and alternative asset targeting, better reflecting how real adversaries adapt when controls block their preferred route. Across NEV and attack path views, a new contextual drawer system brings routing, interfaces, firewall rules, asset data, and attack details into immediate proximity with the topology—reducing context switching and accelerating analysis.
We’ve upgraded our integrations with Dragos and Claroty to provide access to more data, network conversation history and attack surface identified in network traffic. New for Dragos is the ability to refine vulnerability prioritization within Dragos based on Frenos reachability information in a bi-directional flow. We are continuing to expand this data coverage into new data sources, such as sysmon data we added a few months ago for living off the land data insights, endpoint products and identity data sets.
Lastly our new interface updated our dashboard with comparative threat resilience metrics so you can see how you measure to industry peers for resilience to attack, more transparency in scoring construction and a new top navigation change that frees up much of the horizontal space allowing for a richer and more interactive experience with our new visualizations.
Reframing OT Penetration Testing
Frenos Platform 3.0 reframes penetration testing for industrial environments.
By combining high-fidelity network modeling, action-based threat intelligence, and adversarial reasoning, Frenos enables simulated OT penetration testing that is repeatable, defensible, and safe for production systems.
This approach allows organizations to continuously evaluate exposure, validate security architecture, and prioritize remediation based on how attacks would actually unfold, without disrupting operations.
3.0 is not the end of that journey, but it is a major milestone along the way.
.jpg)
