.webp)
Network Monitoring at JPMorgan Chase’s New HQ Quickly Exposed Hidden OT Devices and Vulnerabilities
JPMorgan Chase used OT network monitoring at its new 270 Park Avenue headquarters to detect unauthorized devices and software vulnerabilities across roughly 8,000 building devices.
The effort began once operational technology systems started connecting to the building's network. Engineers had already compiled a detailed inventory of devices expected to appear on the OT network, based on construction submittals and vendor disclosures. But once traffic monitoring began, the network started revealing equipment that had never been reported during the design and construction process.
"Not all the vendors reported exactly what they were going to connect," said Mike Grinshpon, Global Real Estate Engineer at JPMorgan Chase.
The Armis network monitoring platform allowed JPMorgan's team to analyze traffic patterns and identify devices operating on the OT network. That surfaced unexpected equipment, including wireless access points, CCTV cameras, security devices, and VoIP phones, appearing in places they weren't supposed to be. The team either removed those devices or required vendors to properly onboard them to the OT network.
The same monitoring environment also feeds JPMorgan's Asset Intelligence Team, which uses the Armis platform to inspect device traffic and identify software services and versions running on OT equipment. The system compares those fingerprints to known cybersecurity vulnerabilities.
"The tool can pick out… what services are being used… and compare that to a database of common vulnerabilities and exposures (CVEs)," Grinshpon said.
When vulnerable software is detected, the device is flagged so vendors can update firmware or mitigate the risk before the issue becomes exploitable.
The experience exposed a structural shift for enterprise IT teams. Modern smart buildings can contain thousands of distributed OT devices installed in ceilings, mechanical rooms, and control panels—far exceeding the device counts many IT teams historically managed.
Security teams can't rely solely on vendor device lists. Network monitoring becomes the only reliable way to confirm what is actually operating inside the building.
Register for the next Nexus Labs event.
Sign up for the newsletter to get 5 stories like this per week:
JPMorgan Chase used OT network monitoring at its new 270 Park Avenue headquarters to detect unauthorized devices and software vulnerabilities across roughly 8,000 building devices.
The effort began once operational technology systems started connecting to the building's network. Engineers had already compiled a detailed inventory of devices expected to appear on the OT network, based on construction submittals and vendor disclosures. But once traffic monitoring began, the network started revealing equipment that had never been reported during the design and construction process.
"Not all the vendors reported exactly what they were going to connect," said Mike Grinshpon, Global Real Estate Engineer at JPMorgan Chase.
The Armis network monitoring platform allowed JPMorgan's team to analyze traffic patterns and identify devices operating on the OT network. That surfaced unexpected equipment, including wireless access points, CCTV cameras, security devices, and VoIP phones, appearing in places they weren't supposed to be. The team either removed those devices or required vendors to properly onboard them to the OT network.
The same monitoring environment also feeds JPMorgan's Asset Intelligence Team, which uses the Armis platform to inspect device traffic and identify software services and versions running on OT equipment. The system compares those fingerprints to known cybersecurity vulnerabilities.
"The tool can pick out… what services are being used… and compare that to a database of common vulnerabilities and exposures (CVEs)," Grinshpon said.
When vulnerable software is detected, the device is flagged so vendors can update firmware or mitigate the risk before the issue becomes exploitable.
The experience exposed a structural shift for enterprise IT teams. Modern smart buildings can contain thousands of distributed OT devices installed in ceilings, mechanical rooms, and control panels—far exceeding the device counts many IT teams historically managed.
Security teams can't rely solely on vendor device lists. Network monitoring becomes the only reliable way to confirm what is actually operating inside the building.
Register for the next Nexus Labs event.
Sign up for the newsletter to get 5 stories like this per week:
This is a great piece!
I agree.