OT Shield – Bring legacy systems securely into the present.
Isolate insecure machines and integrate them securely into modern (zero-trust) networks – without losing functionality.
Why OT Shield?
Security layer for legacy systems
Prevents outdated protocols such as SMBv1 or unencrypted LDAP from compromising your corporate network.
Zero-trust compatible
Can be integrated into modern, zero-trust architectures – even for legacy devices.
Virtual DMZ for every machine
Each OT-Shield acts as an individual security zone – without the need to rebuild existing infrastructure.
Protocol translation & hardening
Insecure protocols are encapsulated, checked, and forwarded securely.
Transparent integration
Existing systems can continue to run – without changes to software or operating system.
Central control & logging
All connections become traceable – for audits, compliance, and forensics.
Typical use cases
Industrial controls in production
Securely connect old PLC systems (e.g., with SMBv1 shares) to modern networks.
Old servers with legacy OS (e.g., Windows 2000/XP)
Continue to use these systems, but with a secure network boundary.
Research systems or lab instruments
Securely isolate devices that cannot be updated.
Directory services on old hardware (LDAP)
Secure and audit outdated authentication systems.
Banks & insurance companies with legacy core systems
Secure access to internal systems without complete migration.
Critical infrastructure (KRITIS)
Securely connect legacy components in energy, water, transportation, etc.
Who is the OT-Shield interesting for?
IT security managers who cannot simply shut down outdated systems.
Network architects who want to implement zero trust – even with legacy systems.
CISOs in regulated industries (healthcare, energy, finance).
Forensic and audit teams who need visibility into legacy communications.
OT/IoT managers who need to secure production systems.
MSPs/system houses who are looking for secure solutions for customer environments.
Häufig gestellte Fragen (FAQ)
How does the OT-Shield work technically?
The OT-Shield is placed between the legacy system and the network. It encapsulates insecure protocols, replaces or hardens them, and establishes secure communication – including authentication, encryption, and logging.
Does the legacy system need to be adapted?
No. The OT-Shield works without any changes to the target system. It speaks the old protocols and translates them internally.
Can I operate multiple legacy systems with one OT-Shield?
Yes, this is technically possible – however, for security reasons, we recommend one OT-Shield per system in order to enable a consistent seperation of zones.
How much does the OT-Shield cost?
Please contact us for a quote. Prices depend on the range of functions and license model.
Emergency?
+49 157 92500100Switzerland
Selected Certifications
