Your building is smart.
Is its security?
PacketViper protects BAS and BMS environments – HVAC, access control, elevators, fire suppression – with OT-native security that can’t disrupt the systems it’s protecting.
A compromised building automation system isn’t just a network problem. It’s a physical safety problem.
The Problem
The HVAC vendor had access. The payment network paid for it.
Building automation systems have exploded in connectivity. Every modern commercial building has networked HVAC, lighting, access control, elevator systems, and fire suppression – all communicating over BACnet or similar protocols, many accessible via cloud-connected vendor portals. The attack surface is enormous. The security protecting most of it: next to nothing.
BACnet Was Built for Reliability, Not Security
BACnet transmits in cleartext. The protocol was designed for device interoperability, not adversary resistance. Any attacker who reaches the BAS network can read commands, inject traffic, and impersonate controllers with no authentication required.
Flat Networks Connect BAS to Corporate IT
Access control systems frequently run on flat networks with direct paths to enterprise infrastructure. A single compromised endpoint – a BAS workstation, a remote HVAC portal – becomes a pivot point into the broader environment. This is exactly what happened at Target.
Legacy Firmware Can’t Be Patched
HVAC controllers and building management devices routinely run decades-old firmware that vendors no longer support. You can’t patch them. You can’t install agents on them. Every remote vendor access session adds to an already unmanageable attack surface.
How It Works
Transparent BAS protection – BACnet-native, agentless, inline
PacketViper deploys as a transparent bridge on the BAS network – no changes to BACnet controllers, no firmware updates to HVAC equipment, no agents on building management servers. It watches BAS traffic passively, builds behavioral baselines for every device, and enforces inline when something deviates.
BACnet-Native Protocol Awareness
PacketViper understands what normal BACnet communication looks like for HVAC, lighting, and access control systems. An HVAC controller that suddenly starts sending traffic to a network segment it has never communicated with before gets flagged immediately – before the lateral movement completes.
Passive, Agentless Discovery
Complete BAS asset inventory builds from observed traffic – every controller, sensor, gateway, and building management server – without active scanning or controller interaction. New devices appear automatically when they communicate. No disruption, no scan packets on the BAS segment.
AMTD for BAS Environments
Deceptive BACnet services that look like legitimate BAS infrastructure – fake BACnet controllers, decoy access control endpoints, simulated building management interfaces. Attackers who probe the BAS network find responses from decoys, burning their reconnaissance time on fake assets while PacketViper captures their methods and enforces containment.
Vendor Access Control & Session Monitoring
Vendor access sessions get full context enforcement – geographic source validation, time-of-day restrictions, behavioral monitoring for the duration of the session. If a vendor maintenance session starts sending unexpected commands or accessing unexpected systems, enforcement fires inline. No waiting for a human to review a log.
Lateral Movement Prevention – Stops Target-Style Pivots
BAS network segmentation enforced inline. Traffic attempting to cross from building automation systems into corporate IT networks is inspected and controlled at the boundary. The attack path that enabled the Target breach gets closed without any network redesign.
Proof Points
Numbers that matter in BAS deployments
BAS is the most overlooked lateral movement path in enterprise environments. This closes it – without requiring you to become an expert in BACnet or building management systems.
HVAC, access control, and fire suppression keep running exactly as they were. The security layer is invisible to every system it’s protecting. No firmware changes, no agent installs, no maintenance windows.
Post-Target, the BAS entry vector is known and documented. Leaving it unprotected is a board-level risk that’s easy to explain and expensive to defend. PacketViper closes it with a demonstrable security control.
See what your firewall never told you.
Map your BAS network exposure. We’ll show you what the threat looks like from the attacker’s perspective – and what containment looks like from yours.
Building automation systems (BAS) control HVAC, access control, lighting, and energy management – and increasingly connect to enterprise IT networks. Attackers can use BAS as lateral movement pathways into corporate networks, manipulate environmental controls, or disable physical security systems. BACnet devices are particularly vulnerable as they were designed for isolated networks.
PacketViper natively supports BACnet protocol, enabling accurate enforcement decisions for building automation communications. It deploys inline between IT networks and BAS infrastructure, blocking unauthorized access attempts and providing deception-based detection when attackers attempt to enumerate or manipulate building control devices.