Manufacturing & Industrial IT — Inland Empire & Orange County

Manufacturing IT That Protects Production Floor and Enterprise Network Together

When ransomware crosses from your ERP into your SCADA system, production stops — not just your computers. IT Center delivers OT/IT converged security, Purdue Model network segmentation, and Epicor/SAP ERP support designed specifically for discrete manufacturers, process facilities, and industrial operations across Southern California’s Inland Empire and Orange County.

Get a Free OT/IT Assessment (888) 221-0098
Manufacturing Cyber Risk — 2024 Reality
Avg. production downtime per ransomware incident12 days
ICS/OT attacks hitting manufacturers (2023)+87%
Manufacturers with OT/IT segmentation gaps73%
IT Center flat-rate for full coverage$300/computer user
Critical issue response time SLA15 minutes
OT/IT Converged Security Epicor & SAP Integrated SCADA/ICS Monitored NIST 800-82 Aligned Purdue Model Architecture 24/7/365 OT Monitoring $300/computer user Flat Rate
OT/IT Convergence Risk

The Purdue Model: Why Your Network Architecture Determines Whether Ransomware Reaches Your Production Floor

Most manufacturing cyberattacks don’t start on the shop floor — they start in your email inbox or on a laptop in accounting. Without proper segmentation between your enterprise IT network and your operational technology (OT) environment, a single phishing click can propagate from Outlook to your Ignition SCADA system, shutting down CNC machines, conveyors, and process controls. IT Center engineers your network using the Purdue Enterprise Reference Architecture to create hard boundaries between each level of your operation.

Purdue Model — 5 Levels of Separation

Level 4/5 — Enterprise Zone (IT)
Business Network & ERP
Epicor, SAP, Microsoft 365, corporate email, finance systems, HR databases, business intelligence dashboards
Industrial DMZ / Firewall Boundary — IT Center configures and monitors this critical gap
Level 3 — Site Operations (OT)
Manufacturing Operations & MES
Manufacturing Execution Systems, production scheduling, data historians (OSIsoft PI, Ignition Historian)
Level 2 — Area Supervisory Control
SCADA & DCS Systems
Supervisory Control and Data Acquisition, Distributed Control Systems, HMI workstations, operator stations
Level 1 — Basic Control
PLCs, RTUs & Control Devices
Programmable Logic Controllers, Remote Terminal Units, intelligent electronic devices, safety instrumented systems
Level 0 — Physical Process
Physical Manufacturing Process
Sensors, actuators, motors, pumps, conveyors, CNC machines, robots — the actual production equipment
What Happens Without Segmentation

In a documented 2023 incident, ransomware entered a mid-size automotive parts manufacturer through a stolen VPN credential. Because their IT and OT networks shared a flat architecture, the malware pivoted from Windows file servers to the Ignition SCADA gateway in under 4 hours. All 23 CNC machining centers stopped. Production was offline for 11 days. Total loss: $4.2M including ransom, lost contracts, and overtime recovery costs.

Proper Purdue Model segmentation would have contained the attack to the enterprise zone.

Flat IT/OT Network

When enterprise systems share a routable path to OT systems, ransomware propagates laterally without restriction. A compromised domain controller can reach SCADA HMI workstations through standard SMB protocols across a flat network without any inspection or blocking between zones.

Uncontrolled Vendor Remote Access

Equipment OEMs and SCADA integrators often demand persistent remote access credentials. Without privileged access management and session recording, these accounts represent a persistent, unmonitored backdoor directly into your OT environment that threat actors actively hunt for and exploit.

Unpatched Legacy HMI Systems

HMI workstations running Windows XP or Windows 7 cannot receive security patches. OT vendors often prohibit patching without re-certification. IT Center implements compensating controls: micro-segmentation, application whitelisting, and read-only network taps to protect these assets without disrupting operations.

✓ IT Center’s Approach

We design and enforce strict L2/3 to L4/5 boundaries using next-generation industrial firewalls (Fortinet FortiGate, Palo Alto Networks), create dedicated VLAN architectures for each Purdue level, deploy unidirectional security gateways where required, and continuously monitor OT traffic with Claroty or Dragos passive ICS sensors integrated into our 24/7 SOC.

Production Floor IT

Securing HMIs, PLCs, SCADA, and Every Device on the Shop Floor

Enterprise IT tools were never built for the production floor. HMI workstations run specialized OS versions with strict vendor certification requirements. PLCs run proprietary firmware that standard vulnerability scanners cannot assess without disrupting operations. Ruggedized tablets and industrial handhelds need MDM policies that tolerate harsh environments. IT Center has built a purpose-built security framework for manufacturing endpoints that works with your OT vendors, not against them.

HMI Workstation Hardening

Human-Machine Interface workstations run Windows-based OS but require vendor-specific configurations that prohibit standard patching cycles. We implement CIS Benchmark hardening adapted for HMI constraints — disabling unused services, locking USB ports to approved device classes, enforcing application whitelisting via Windows AppLocker, and deploying host-based IDS tuned to ignore normal HMI communication patterns while alerting on anomalous lateral movement and unauthorized process execution.

PLC & Controller Asset Inventory

Passive network scanning using Claroty, Nozomi Networks, or Dragos identifies every PLC, RTU, and smart device on your OT network without sending packets that could disrupt industrial protocols (Modbus, EtherNet/IP, PROFINET, DNP3). We maintain a living asset inventory with firmware versions, communication topology maps, and vendor support lifecycle status for every controller in your facility updated continuously.

SCADA Network Monitoring

Industrial protocols carry unique signatures that generic SIEM tools miss entirely. We deploy passive OT network monitoring that understands Modbus function codes, EtherNet/IP tag reads and writes, and PROFINET alarms — alerting when a PLC receives an unexpected write command, a new device joins the OT VLAN, or communication patterns deviate from established engineering baselines that define normal operation for your process.

Vendor Remote Access Control

Equipment OEMs and SCADA integrators need periodic access to service systems. Instead of persistent VPN credentials, IT Center deploys a Privileged Access Management gateway — vendors connect through a managed jump server with time-limited sessions, full session recording, just-in-time credential issuance, and automatic revocation. Every keystroke is logged for compliance audit and forensic investigation if an incident occurs.

Ruggedized Endpoint MDM

Production floor tablets, barcode scanners, and handheld devices need device management that survives IP65-rated environments, RF interference from welding equipment, and shift workers who interact with IT infrequently. We deploy Microsoft Intune or Jamf with manufacturing-specific policies — PIN locks, remote wipe capability, restricted app installation, and enrollment persistence without requiring constant network connectivity during production shifts.

Industrial Wi-Fi & Connectivity

Manufacturing facilities present unique wireless challenges — metal shelving, heavy machinery, forklift traffic, and large open spans all degrade signal quality. We design and deploy enterprise Wi-Fi 6 infrastructure (Cisco Catalyst, Aruba, Meraki) with dedicated SSIDs for OT devices, guest isolation for contractor devices, and RF heat mapping to eliminate dead zones around critical production areas and quality inspection stations across your entire facility footprint.

Manufacturing IT Pain Points

The Real IT Problems SoCal Manufacturers Face Every Day

Every manufacturer we talk to in the Inland Empire and Orange County raises the same six issues. These aren’t theoretical risks — they’re operational headaches that cost production hours, compromise intellectual property, and expose leadership to regulatory liability. Here is how each one actually manifests, and what IT Center does about it.

🔴ERP Downtime Halts Production Scheduling

When Epicor ERP goes down, production schedulers can’t release work orders, purchasing can’t cut POs for raw materials, and shop floor supervisors lose visibility into which jobs should be running on which machines. Even a 4-hour outage during peak production can ripple into a two-day backlog recovery that costs far more than any IT investment.

  • ERP application server failures from unpatched Windows Server OS
  • SQL Server database corruption from improper shutdown during patching
  • Epicor Kinetic upgrade failures leaving the system partially migrated
  • Backup restoration failures discovered only during an actual disaster

🔴OT Network Vulnerabilities Hidden from IT

Your IT team manages laptops and servers. They don’t know the Siemens S7-1500 in Bay 3 runs firmware from 2019 with three known CVEs, or that the SCADA historian broadcasts unencrypted Modbus TCP across three VLANs. OT assets are invisible to standard vulnerability tools, creating blind spots attackers exploit with precision.

  • Unpatched HMI workstations with direct internet access for vendor updates
  • PLCs with factory-default passwords never changed during commissioning
  • Data historians with open read access reachable from the enterprise network
  • Legacy Windows CE or XP-based operator stations with zero compensating controls

🔴Supply Chain & IP Theft Risk

For discrete manufacturers, your competitive advantage lives in CAD files, tooling specifications, proprietary formulas, and process parameters. A compromised engineering workstation or exfiltration through a contractor laptop can leak years of R&D investment overnight. Defense supply chain manufacturers face CMMC requirements mandating strict access controls for all CUI (Controlled Unclassified Information).

  • Unencrypted CAD files on shared drives accessible company-wide without restriction
  • No DLP monitoring for large file transfers to personal cloud storage accounts
  • Contractor laptops with VPN access directly to engineering file servers
  • CMMC Level 2 requirements for defense contractors not yet implemented

🔴Legacy System Support & EOL Risk

That Windows Server 2008 R2 running your MES because the vendor hasn’t certified their software for Server 2022? That’s an unpatched server receiving zero Microsoft security updates. Legacy systems are endemic in manufacturing because OT vendors move slowly and re-certification is expensive. IT Center documents every legacy system and implements layered compensating controls while you plan modernization.

  • Windows Server 2008/2012 hosting MES, historian, or ERP license server applications
  • 32-bit applications that cannot migrate to modern Windows 11 endpoints
  • Vendor-locked hardware requiring proprietary serial or parallel interface adapters
  • ERP systems running on end-of-life SQL Server 2012 or 2014 database instances

🔴Ransomware Crossing the IT to OT Boundary

Manufacturing is now the single most targeted sector for ransomware, surpassing healthcare and financial services. Threat actors know production downtime creates immediate revenue pressure, making manufacturers more likely to pay quickly. LockBit, BlackCat/ALPHV, and Cl0p have all specifically targeted mid-size California manufacturers in the past 24 months using spearphishing, exposed RDP, and stolen VPN credentials as initial access vectors.

  • No network segmentation between office IT and production OT environments
  • RDP exposed to the internet on engineering workstations for remote work
  • Shared domain credentials between IT administrators and OT system accounts
  • No tested, offline backup copies validated for complete ERP database restoration

🔴Multi-Site Visibility & Policy Consistency

Manufacturers with multiple facilities — main plant in Corona, satellite warehouse in Ontario, distribution center in Fullerton — struggle to maintain consistent IT visibility and security policy enforcement across all sites. Each location may have different internet providers, switch infrastructure, and local IT contacts with varying skill levels, creating inconsistent security postures that attackers specifically seek out and exploit.

  • No centralized SIEM visibility across all manufacturing sites simultaneously
  • Inconsistent firewall rules and patch policies enforced site-to-site
  • Site-to-site VPN tunnels built on consumer-grade or aging router hardware
  • No centralized endpoint management for shop floor devices at remote facilities
IT Center Manufacturing Services

Eight Services Built for Industrial Operations — All Under One Flat Rate

Every service below is included in your $300/computer user/month IT Center agreement. No add-on fees for ERP support tickets. No extra charge for OT/IT firewall rule changes. No surprise invoices when you need a vendor remote access session configured at 10 PM before a scheduled maintenance window that starts at midnight.

01

Managed IT & Unlimited Help Desk

Unlimited help desk support for all employees — office staff, plant supervisors, engineers, and production workers. Phone, email, and remote session support with a 15-minute response SLA for production-critical issues and on-site dispatch for failures requiring hands-on resolution.

  • Dedicated manufacturing support tier
  • Priority queue for ERP and production system issues
  • After-hours emergency support included
  • On-site dispatch for critical hardware failures
02

OT/IT Network Segmentation

Design, deploy, and maintain Purdue Model-compliant network architecture that isolates your OT environment from enterprise IT while maintaining necessary ERP-to-MES data flows through controlled, monitored pathways that preserve operational integration without security compromise.

  • Industrial DMZ design and firewall deployment
  • Per-Purdue-level VLAN architecture
  • Micro-segmentation for critical OT assets
  • Quarterly segmentation audits and rule review
03

ERP Infrastructure Support

Proactive infrastructure management for Epicor Kinetic, SAP S/4HANA, Infor CloudSuite Industrial, Plex, and Microsoft Dynamics 365 — including application server health monitoring, SQL Server database optimization, and upgrade coordination with your ERP application vendor.

  • 24/7 ERP application server monitoring
  • SQL Server performance tuning and index maintenance
  • Upgrade planning and test environment management
  • ERP backup validation and point-in-time restoration testing
04

ICS/SCADA Security Monitoring

Passive OT network monitoring using industrial-aware sensors that detect anomalies in Modbus, EtherNet/IP, PROFINET, and DNP3 traffic without disrupting control system operations. Integrated into our SOC for 24/7 alert triage by analysts trained on OT-specific threat patterns.

  • Passive asset discovery across all OT VLANs
  • Industrial protocol anomaly detection
  • Baseline behavior modeling per PLC/RTU
  • OT-specific incident response playbooks
05

Vendor Remote Access Management

Privileged Access Management for all OEM and SCADA vendor remote sessions. Just-in-time access provisioning, session recording, and automatic revocation replaces persistent VPN credentials that represent your highest-risk remote access exposure to external threats and supply chain attacks.

  • PAM gateway deployment and management
  • Session recording and audit log retention
  • Vendor access request approval workflows
  • MFA enforcement for all remote vendor sessions
06

IP & Data Protection

Protect your formulas, CAD files, tooling specifications, and process parameters from exfiltration — whether through compromised credentials, malicious insiders, or contractor laptops with VPN access to engineering file servers. DLP monitoring and encryption enforcement for proprietary documents.

  • DLP policy deployment for CAD/CAM and engineering file types
  • File server access controls and activity auditing
  • USB and cloud upload monitoring on all endpoints
  • CMMC Level 1/2 gap assessment for defense suppliers
07

Manufacturing Backup & DR

BDR strategy covering ERP databases, MES configurations, PLC program backups, SCADA historian databases, and engineering file servers. Recovery time objectives set to minimize production downtime, with quarterly restoration tests validated against actual recovery scenarios your plant manager approves.

  • Automated ERP and SQL Server backup with offsite replication
  • PLC and HMI configuration backups on change detection
  • Air-gapped copies resistant to ransomware encryption
  • Documented recovery playbooks by system priority tier
08

Compliance & Risk Management

Navigate NIST SP 800-82, CMMC 2.0, CCPA, and ISO 27001 with structured compliance programs managed by IT Center. We produce documentation, manage evidence collection, and coordinate with external auditors so your team focuses on production output, not audit preparation cycles and evidence gathering exercises.

  • NIST 800-82 ICS security assessment and gap remediation
  • CMMC 2.0 readiness for defense contractors
  • CCPA compliance for employee and customer PII
  • Annual risk assessment with executive-level reporting
Software & Platform Integrations

We Know the Manufacturing Software Stack — Not Just Generic IT

IT support for manufacturers only works if your MSP understands the specific platforms you run. Generic providers treat Epicor like Microsoft Word — just another application. IT Center engineers have hands-on experience with the infrastructure requirements, integration points, and security configurations of the platforms your operation depends on every production shift.

ERP
Epicor Kinetic (formerly ERP 10)

Application server (IIS on Windows Server), SQL Server database backend, Epicor Data Analytics (EDA), IoT integration with production floor PLCs, and BisTrack for distribution. IT Center manages server infrastructure, SQL performance tuning, backup strategy, and Epicor upgrade coordination including ICE tool customization compatibility testing across version upgrades through the Kinetic SaaS transition path.

ERP
SAP S/4HANA & SAP Business One

SAP HANA database infrastructure on Linux or Windows Server, Basis administration support for transport management and system landscape management, and integration with SAP Manufacturing Execution (ME) and SAP MII. IT Center manages the underlying server, storage, and network infrastructure that SAP runs on — coordinating with your SAP implementation partner on application-layer changes and upgrades.

ERP
Infor CloudSuite Industrial (SyteLine)

Cloud-hosted SyteLine environments on Azure or AWS with private connectivity requirements, hybrid on-premises integrations for shop floor data collection, and Mongoose framework customizations. IT Center manages network connectivity to Infor cloud tenants, ExpressRoute or Direct Connect circuits, and on-premises integration middleware servers that bridge SyteLine with your production floor systems.

ERP / MES
Plex Smart Manufacturing Platform

Plex (Rockwell Automation) cloud ERP with real-time production floor integration. Network architecture for reliable shop floor connectivity, barcode scanner and industrial scale integration, and production monitoring dashboards. IT Center ensures shop floor network latency meets Plex’s real-time data collection requirements at every workstation and quality inspection station across your entire facility footprint and satellite sites.

ERP
Microsoft Dynamics 365 Manufacturing

D365 Finance and Supply Chain Management with Production Control, Master Planning, and Warehouse Management modules. Azure infrastructure management, on-premises data gateway configuration for hybrid deployments, and Power Platform integrations for production floor dashboards visible to supervisors on shop floor displays and on mobile devices throughout the facility during active production shifts.

SCADA / HMI
Ignition SCADA (Inductive Automation)

Ignition gateway server management, tag database optimization, historian performance tuning, and secure remote access configuration for Perspective mobile dashboards. IT Center configures network segmentation to allow Ignition OPC-UA connections from PLCs while blocking direct internet-routable paths to the gateway. Automated gateway backups and version-controlled project exports enable rapid recovery after any incident affecting the SCADA platform or its underlying Windows Server infrastructure.

Compliance Frameworks

Manufacturing Compliance Isn’t Optional — IT Center Makes It Manageable

Whether you’re a defense subcontractor facing CMMC deadlines, a consumer goods manufacturer under CCPA obligations, or an industrial facility with SCADA systems covered by NIST 800-82, IT Center maps your environment to the specific frameworks that apply to your operation and manages ongoing compliance so your team focuses on production, not audit preparation and evidence collection cycles.

NIST SP 800-82
ICS Security Guide for industrial control systems covering SCADA, DCS, and PLC environments. IT Center performs gap assessments against Rev. 3 and implements compensating controls for OT assets that cannot be directly patched due to vendor certification requirements specific to your production equipment and process control systems.
CMMC 2.0
Cybersecurity Maturity Model Certification for DoD supply chain. Level 1 (17 practices) through Level 2 (110 NIST 800-171 practices). IT Center prepares System Security Plans (SSP) and Plans of Action and Milestones (POA&M) and supports C3PAO third-party assessment preparation for defense contractors.
CCPA / CPRA
California Consumer Privacy Act obligations for employee data, customer PII, and B2B contact records. IT Center implements data mapping, access controls, and retention policies to support CCPA compliance for California-based manufacturing operations regardless of company size or annual revenue threshold for applicability.
ISO 27001
International information security management standard increasingly required by enterprise customers and supply chain partners as a qualification condition. IT Center implements ISO 27001-aligned ISMS controls and supports external audit preparation for manufacturers pursuing formal certification or supplier qualification requirements from customers.
Why IT Center

What Makes IT Center Different for SoCal Manufacturers

Most MSPs serve dentists, law firms, and accountants. They have never touched a PLC, never configured an industrial firewall policy, and don’t know the difference between Modbus RTU and Modbus TCP. IT Center serves manufacturers as a primary vertical — our engineers understand OT environments, our support team knows Epicor is not QuickBooks, and our SLAs are written around production uptime, not office hours and business-day response windows.

OT/IT Dual Expertise

Our team holds both standard IT certifications (Microsoft, CompTIA, Cisco) and OT security competencies including ICS security frameworks, industrial protocol knowledge, and hands-on experience with Ignition SCADA, Rockwell FactoryTalk, and Siemens TIA Portal environments. We bridge the gap between your IT department and OT engineering team without requiring separate consultants for each side of the converged environment.

Inland Empire & Orange County Based

Based in Corona at 1159 Pomona Rd Suite B, IT Center’s on-site engineers reach most Inland Empire manufacturing facilities (Ontario, Fontana, Rialto, Riverside, Temecula, Chino) and Orange County industrial parks (Anaheim, Fullerton, Santa Ana, Irvine) within 60 minutes. We serve the SoCal manufacturing corridor from our backyard, not from a distant NOC that has never seen a factory floor in operation.

AI-Powered 24/7 Monitoring

IT Center deploys AI-driven monitoring that correlates events across your enterprise IT, OT network, ERP logs, and endpoint telemetry simultaneously. A suspicious login on an engineering workstation at 2 AM followed by an unusual SCADA tag write triggers automated response — not a morning review of overnight alerts that missed a 4-hour window during which production assets could have been completely compromised and encrypted.

Flat Rate — No Surprise Invoices

$300 per computer user per month covers everything — unlimited help desk, ERP support, OT network monitoring, firewall management, backup, compliance documentation, and on-site dispatch. When your Epicor server has a performance issue at 9 PM on Friday before a Monday plant shutdown, you call us. There is no extra charge for that call, that hour, or that engineer dispatched on-site to resolve it before your production line starts Monday morning.

Production-First Incident Response

When a security incident occurs in a manufacturing environment, the question is not only how the attackers got in — it’s whether we can keep the line running while containing the threat. Our incident response playbooks are written with production continuity as a primary objective. We isolate compromised systems without shutting down healthy OT segments, coordinating directly with your plant manager and engineering lead throughout the event.

Vendor-Neutral Recommendations

IT Center doesn’t carry reseller quotas or preferred vendor arrangements that push you toward specific ERP platforms, firewall brands, or OT monitoring tools. Whether Claroty, Nozomi Networks, or Dragos is right for your OT monitoring depends on your industrial protocol mix, site count, and budget — not which vendor gave us the best margin last quarter. Every recommendation is yours to own, not ours to profit from at your expense.

Get Started

Request a Free OT/IT Security Assessment for Your Facility

Our engineers will analyze your current network architecture, identify segmentation gaps between your IT and OT environments, review your ERP infrastructure health, and produce a written gap report — at no cost and no obligation. Most assessments take 2–3 hours on-site and produce a written follow-up report within 48 business hours for your plant manager and IT leadership to review.

  • Network architecture review — IT and OT zone separation analysis
  • ERP infrastructure health check (Epicor, SAP, Dynamics, Infor, or Plex)
  • OT asset discovery — identify unknown devices on your production floor network
  • Vendor remote access audit — how many persistent VPN credentials currently exist?
  • Written gap report with prioritized remediation roadmap and cost estimates
  • $300/computer user flat rate — full scope, zero hidden billing ever
(888) 221-0098 sales@itcosc.com 1159 Pomona Rd Suite B · Corona, CA 92882 On-site service: Inland Empire · Orange County · Los Angeles · San Diego

Start Your Free OT/IT Assessment

No commitment required. We respond within 2 business hours. Your information is never shared.