Palo Alto Networks has been named an Overall Leader in the 2025 KuppingerCole Leadership Compass for Secure Remote Access for OT/ICS. The report also recognizes us as an Innovation Leader, Product Leader and Market Leader. We believe this recognition reflects a market that is quickly shifting toward unified security platforms capable of protecting industrial environments as remote connectivity grows.

The Shift Toward Modern and Resilient Access

Secure remote access has become essential to how industrial organizations operate. Field technicians, OEM partners and service providers rely on fast and safe connectivity to support plants, substations and production lines. KuppingerCole reinforces this shift toward broader adoption with the following observation.

"The SRA market for OT and ICS is shifting from niche deployments to a foundational element of industrial cybersecurity."

This perspective aligns with trends we hear from industrial leaders and customers across a wide range of environments. As connectivity reaches more assets and more workers, organizations want flexible access that can support a range of operational needs, from just-in-time access for third parties to full VPN connectivity for users who require broader reach. Older tools often exposed broad portions of the environment and operated outside enterprise identity and governance processes, which limited visibility and created gaps in auditability. As remote access becomes a standard part of daily operations and security teams take on a larger role in OT security, organizations are prioritizing approaches that unify policy, improve monitoring and strengthen control over how access is granted and used.

A Unified Platform for Modern Industrial Access

We believe our placement as an Overall Leader reflects our ability to deliver secure access across both modern and aging OT environments through a single operational model.

Through the Strata platform, Palo Alto Networks brings NGFW, SASE and cloud management together in one comprehensive approach. This supports both centralized and distributed operations while giving different user groups the flexibility they need. The platform supports two secure access paths: just-in-time access via Prisma Browser™ and agent-based access via GlobalProtect. Both options can apply continuous inspection and OT-focused workflows to help organizations strengthen access controls without adding operational friction.

Securing Access to Reduce Lateral Movement

Secure remote access has become a key control point for protecting industrial operations. By applying continuous verification and enforcing least-privileged access, the Strata platform reduces unnecessary exposure and helps prevent threats from moving laterally across interconnected environments. This allows user connectivity to support operational resilience while providing the detailed audit trails essential for safeguarding critical systems.

Key Capabilities That Matter in the Field

To us, being named an Innovation Leader highlights the value of an approach that emphasizes simplicity, consistency and best in class security. The capabilities recognized in the report address needs that appear widely across industrial environments.

Just-In-Time Access

Prisma Browser™ provides secure access through the browser with no agent required. This creates a smooth and intuitive experience for contractors and third-party vendors by reducing the risks associated with persistent connections.

Native Application Support for Industrial Protocols

The Strata platform provides native support for common OT access methods including RDP, SSH and VNC. This gives users a direct way to reach the systems they need while maintaining strong controls around who can connect and when.

Role-Based Access Across the Environment

Access is scoped to the specific users and assets involved and granted only for the time required. This supports precise and well-defined access patterns that help shrink the attack surface.

Advanced Threat Inspection

Continuous inspection is applied throughout each session and supported by Advanced Threat Prevention and Advanced WildFire^Ⓡ. These capabilities help identify unusual or risky activity early in the connection flow and add another layer of security to remote access sessions without adding friction for users.

Session Recording That Supports Audit and Compliance

Every session is monitored and recorded with safeguards that prevent credential misuse and unauthorized screen capture. This framework supports regulatory requirements such as IEC 62443 and NIS2 and strengthens internal oversight.

Moving Past Legacy Limitations

Many organizations are looking for secure remote access that adjusts to user identity and operational context while remaining straightforward to deploy. Industrial environments often blend legacy systems with modern equipment, which makes consistency and ease of use especially important.

A unified approach can reduce the burden of managing multiple tools. Bringing policies and credentials together in one place supports consistent enforcement across both remote and on-site environments. A single cloud-based interface also helps lower operational overhead by streamlining everyday administration.

A Practical Path Forward for Industrial Leaders

As operations become more connected and distributed, leaders are evaluating approaches that provide clearer visibility and well-defined access paths without adding complexity. They want teams and partners to work efficiently while maintaining the level of control required for critical environments.

Palo Alto Networks offers capabilities designed to support these needs across a range of industrial settings. Our aim is to give customers useful insight into access activity and the structures needed to manage remote connectivity with confidence as their environments evolve.

Download the full 2025 KuppingerCole Leadership Compass to see why we were named an Overall Leader.