Techniques are described for monitoring an operational technology environment (OTE) to detect threats, and performing actions to respond to detected threats. Edge device(s) are arranged to monitor and/or control the operations of component(s) within an OTE. An edge device stores threat profiles, each including a set of physical indicators that would, if exhibited by sensor data collected from the component, indicate the presence of a particular threat in the OTE. The edge device may collect sensor data from sensor devices situated in or near the monitored component. By comparing the sensor data to the threat profile(s), the edge device determines whether any of the threats described by the threat profiles are currently active. If a threat is detected, the edge device sends an alert message to server computing device(s). In some instances, the edge device can also autonomously perform response or remediation action(s) in response to detecting a threat.
展开▼
