The challenge: End-to-end visibility that survives OT network isolation

SOCI compliance requires critical infrastructure networks to operate in complete isolation from external connectivity for up to three months if a threat is detected, suspected, or a compliance failure occurs during an audit. During this lockdown period, the OT network is cut off from the internet and other internal networks.

The challenge wasn't just keeping the OT network monitored during isolation. It was maintaining unified visibility across IT and OT during normal operations, while ensuring both networks could still be monitored independently if they're suddenly cut off from each other.

This needed to be reliable because once a lockdown occurs, teams must validate whether a genuine threat exists while day-to-day operational issues still need resolving and essential water services must continue uninterrupted.

The solution: Two independent instances, one unified view

The client was considering a SaaS monitoring tool for ease of updates, but during OT isolations, cloud platforms lose visibility OT networks. The solution required on-premise monitoring that could operate independently while maintaining end-to-end visibility during normal operations.

We achieved this by deploying two independent SolarWinds instances (one for IT, one for OT) with a unified view across both during normal operations.

Independent instances for IT and OT

• IT network: Azure-hosted, supporting their cloud-first strategy

• OT network: On-premise, within the secure OT perimeter

During a SOCI lockdown, when the OT network is isolated, teams log into each instance locally. No unified dashboard during isolation, but monitoring continues uninterrupted in both environments.

Unified view through an enterprise console

The unified view comes from the Enterprise Operations Console, which sits in the DMZ between IT and OT networks. During normal operations, it aggregates data from both instances into a single pane of glass across the entire organisation.

During security events that require isolation, monitoring doesn't stop or degrade, it simply shifts from unified view to independent operation. Teams continue monitoring their respective networks without scrambling for emergency solutions or manual checks.

The final outcomes

This project:

• Enabled SOCI compliance and audit readiness

• Delivered end-to-end visibility during normal operations with independent monitoring during isolation

• Maintained rapid threat detection and resolution even during isolation events

• Advanced monitoring maturity from Level 2 (Responsive) to Level 4 (Predictive)

The key insight

The key to SOCI-compliant monitoring isn't a single monitoring instance - it's two independent SolarWinds instances connected through an enterprise console. This architecture maintains end-to-end visibility during normal operations while preserving independent monitoring during isolation events.

If you'd like to learn more about how to achieve SOCI compliance by aligning SolarWinds to a compliant architecture, we created detailed guides on how to do so with a Purdue architecture and also micro-segmentation.