Norway reported a cyber intrusion at a dam in Bremanger that remotely opened a valve and released water at approximately 132 gallons per second for about four hours—roughly two million gallons in total—before operators intervened. No injuries or material damage were reported, but the incident highlighted how digital control systems in critical infrastructure can be manipulated and was noted as the first confirmed breach of Norway’s water infrastructure since 2022. The threat was tracked to a remote login to the dam’s control panel using a weak/exposed password, which let the intruder open a valve for about four hours while the breach could have been allowed through a compromised IoT device in the infrastructure. An internet-reachable or poorly secured IoT asset inside the facility was compromised via default/weak creds allowing attackers obtains or brute-forces weak credentials reused across systems. Using the weak/exposed password, the attackers authenticated to the dam’s control panel to gain access and change settings.
Let’s look at today’s reality in a large infrastructure. IT teams are deploying a growing number of IoT devices to streamline operations, enhance monitoring, and improve overall operational efficiency. The result is a dynamic network infrastructure that demands stronger visibility, control, and security.
These changes also bring a significant number of vulnerabilities, both sophisticated and unknown. According to industry reports, there is a 136% increase in vulnerabilities among IoT devices compared to the previous year, with the proportion of vulnerable devices rising from 14% in 2023 to 33% in 2024.
To secure this critical infrastructure, it’s essential to protect and monitor wired and wireless LANs at the point of connection. Despite evolving network demands, many teams still rely on traditional technologies, such as Virtual LANs (VLANs), for segmentation, monitoring, and enforcement.
However, with the rise in threats like MAC spoofing, malware attacks and command injection to exploit vulnerabilities, traditional measures such as 802.1x NAC for basic admission control and VLANs create broadcast domains that allow threats to propagate throughout the logical segment with no checks or countermeasures. Additionally, these legacy solutions cannot monitor and track movement, allowing high-risk devices to spread malicious threats.
To address these challenges, enterprises should adopt a unified, security-first networking model anchored in the LAN. A Zero Trust architecture with end-to-end visibility, adaptive policy enforcement, and granular user/device segmentation reduces the attack surface while simplifying operations. In practice, this means establishing identity aware, Zero Trust perimeters at the LAN edge.
Automatic and Automated Discovery of IoT Devices: As unmanaged and headless devices proliferate, Versa Secure SD-LAN closes visibility gaps by automatically discovering and fingerprinting every connected device—including IoT and OT endpoints without user interfaces or agents. Each device is tagged and placed into the appropriate microsegment for least-privilege access and lateral-movement tracking. Flow-level telemetry is exported to Versa Analytics and Versa ALS, providing comprehensive visibility and actionable insight to strengthen LAN security.
Granular IoT and OT Visibility: With diverse vendors and legacy operating systems, unknown vulnerabilities are a constant. Versa Secure SD-LAN maintains an AI-powered inventory that continuously identifies and classifies IoT/OT assets, generates inline flow-level reporting, and feeds it to Versa Analytics and Versa ALS for in-depth analysis. The result is 360-degree visibility, risk trending, and operational intelligence to improve both security and performance.
Continuous Tracking and Containing Devices Across the LAN: Versa Secure SD-LAN enforces micro segmentation to create isolated trust zones across the access layer. User endpoints are identified via the Versa SASE Client, while headless IoT/OT devices are fingerprinted and tagged to the correct microsegment. Policy controls limit communications to authorized flows and enable accurate tracking of any lateral movement anywhere on the LAN.
Device Posture Checks for Policy-Based Access and Control: Versa Secure SD-LAN continuously evaluates user and device posture, such as antivirus status through real-time, inline traffic assessments. Identity and posture attributes generate dynamic tags that drive policy decisions, traffic handling, and segment transitions. For example, a device with outdated antivirus can be automatically moved to a quarantine segment until it is remediated.
Versa Secure SD-LAN eliminates the deployment complexities of traditional networks with Zero Touch Provisioning, Dynamic Smart Ports and template-driven policies, simplifying day 0 operations. With unified management for switching, routing and security, it further reduces day 1 operational challenges with siloed tools and inconsistent enforcement. Finally, it reduces day 2 to day n operational overhead by leveraging the power of AI/ML to detect, identify the root cause, and resolve performance and security issues faster. To learn more about how we can help you deploy, secure and scale your branches here.
Subscribe to the Versa Blog
Gartner Research Report
Trial
ROI
Contact