The company’s primary value proposition is visibility. By deploying the same endpoint agents used in corporate offices onto industrial workstations and servers, Symantec offers a unified dashboard. For CISOs managing sprawling organizations, this is attractive. It promises to eliminate the "blind spot" where IT networks end and OT networks begin.
There is a fundamental clash in philosophy between IT and OT security. The company’s primary value proposition is visibility
Symantec tracks ransomware and APTs (e.g., Lazarus). It does not meaningfully track: It promises to eliminate the "blind spot" where
Symantec relies heavily on endpoint agents. In a modern IT environment, this is standard. In an OT environment, where legacy Programmable Logic Controllers (PLCs) and Human Machine Interfaces (HMIs) have minimal processing power and memory, a heavy security agent can cause operational lag or system crashes. "Niche OT vendors often use passive network monitoring—watching traffic without touching the machine," explains Smith. "Symantec wants to install software on the machine. In OT, the fear of breaking the process often outweighs the fear of malware. If Symantec crashes a medical device or a safety valve, that’s a physical safety incident, not just an IT ticket." It does not meaningfully track: Symantec relies heavily
Symantec is not trying to be the best OT security company; they are trying to be the best Enterprise security company that can also do OT. They succeed in the "brownfield" sites where industrial networks are already Windows-based and connected to the web. But for the "air-gapped" purists and high-risk infrastructure, the giant of Silicon Valley still has ground to cover before it is fully trusted on the factory floor.