Guides

Securing OT u0026 IoT with Faction

Protect the connected devices VPNs and SDNs can’t reach — cameras, controllers, sensors, and legacy equipment — with a Zero Trust network you create and control.

← Resources

The connected devices now outnumber the computers on most networks — and the security models built for laptops and servers were never designed to reach them. This guide explains why, and how Faction extends Zero Trust to the OT and IoT that software alone cannot secure.

Why software-only tools fall short

Most OT and IoT devices simply cannot run a security agent. They lack the resources for on-device encryption or a programmable interface, or they run legacy operating systems that can no longer be patched. VPNs and SDNs assume an agent or a managed endpoint on the other side. Industrial controllers, IP cameras, sensors, and decades-old factory equipment offer neither — so they sit on the network unprotected, expanding the attack surface while operating outside traditional endpoint security.

How Pods and Portals protect them

Faction Pods and Portals are secure networking appliances that extend Zero Trust to a physical location over Wi-Fi and Ethernet. You protect any connected device — regardless of age or capability — simply by connecting it behind a Pod, with no software installed on the device itself. Whatever connects behind it joins your private, owner-controlled network. Once adopted, those devices are reachable only from inside the network, removing the public-internet attack surface, and every device is cryptographically verified before any access. No shared passwords, no anonymous connections.

Click, Scan, Adopt — Done

Adoption takes the phone you already carry. Tap Add a Pod or Portal in the Faction app, point the camera at the QR code on the device, and it joins with your owner-held network key — out-of-band, with nothing exposed to the internet and no IT ticket required. The key is created and held on your own devices; no one else, including Faction, holds it. Then connect any device behind it, protected end to end with nothing installed on the device. Faction deploys alongside what you already run, so there is no rip-and-replace — even where compromised routers or smart hardware may already sit inside the network.

What you can secure behind a Pod
  • IP cameras and video streams
  • Industrial controllers, PLCs, and SCADA systems
  • Factory-floor machines, sensors, robots, and automation — legacy and modern
  • Building systems such as HVAC, access control, and elevators
  • Medical, lab, and diagnostic devices; POS, kiosk, and payment terminals
  • Legacy equipment that can no longer be patched — any machine that cannot secure itself
Download PDF