Only What Should Run, Runs. Everything Else Is Denied.
Operation Lockdown: prevention-first endpoint protection for OT
Operation Lockdown is TXOne Stellar's application control and execution-prevention model. Once a per-device behavioral baseline is established, anything outside that baseline is denied: unauthorized executables, fileless script payloads, living-off-the-land binaries, and novel attack techniques. This is how an endpoint designed for a single purpose stays on that purpose, even on legacy Windows that IT EDR cannot protect.
Detection Tells You Something Ran. Lockdown Makes Sure It Never Runs.
IT EDR detects execution and tries to respond. In OT, execution of the wrong code means a stopped line or a damaged asset.
Operation Lockdown takes the opposite approach. An OT endpoint runs a narrow, deterministic set of processes: the HMI application, the engineering workstation binaries, the PLC programming software, the known operator utilities. Everything outside that set is suspicious by definition. Lockdown denies execution of anything not in the approved baseline, including fileless attacks, PowerShell abuse, Volt-Typhoon-class living-off-the-land techniques, and zero-day malware that has no signature yet.
WHAT IT IS
Capability
What is Operation Lockdown?
Operation Lockdown is the endpoint execution-control model on TXOne Stellar. It combines three mechanisms: application lockdown (only approved executables run), the 40,000+ OT application recognition repository (legitimate OT software is pre-classified), and CPSDR behavioral baseline enforcement (process, file, and registry behavior must match the per-device baseline). Together they block novel and fileless attacks before execution. Coverage spans Windows 2000 through Windows 11, plus Linux malware scanning, with zero-reboot deployment and updates so endpoint security never consumes the OT maintenance window. Lockdown is available in the Stellar ICS Edition (full capability) and a reduced form in Stellar Kiosk (lite variant for the most constrained endpoints).
KEY COMPONENTS
Operation Lockdown Challenges
Key challenges that Operation Lockdown addresses.
01 / 04
Signature-Based Detection Misses Fileless Attacks
Volt-Typhoon-class attacks use living-off-the-land binaries, PowerShell, and legitimate system utilities. No malicious file lands on disk. Signature-based tools see nothing. Your endpoint runs code it was never supposed to run.
Signature-Based Detection Misses Fileless Attacks
Volt-Typhoon-class attacks use living-off-the-land binaries, PowerShell, and legitimate system utilities. No malicious file lands on disk. Signature-based tools see nothing. Your endpoint runs code it was never supposed to run.
Key Components
Core components of the Operation Lockdown capability.
01 / 05
Application Lockdown (Default-Deny Execution)
Only executables in the approved baseline run. Everything else, including legitimate-looking utilities executed by an attacker, is denied at the kernel level. The default-deny model means novel and zero-day malware cannot execute simply because it is new; if it is not on the approved list, it does not run.
Key Capabilities
Application Lockdown (Default-Deny Execution)
Only executables in the approved baseline run. Everything else, including legitimate-looking utilities executed by an attacker, is denied at the kernel level. The default-deny model means novel and zero-day malware cannot execute simply because it is new; if it is not on the approved list, it does not run.
Key Capabilities
Outcomes
01 / 04
Less resource consumption than IT EDR
Less resource consumption than IT EDR
PROVEN RESULTS
WHY TXONE
Why Operation Lockdown on TXOne Stellar
Endpoint security designed for machines with a narrow, deterministic purpose, delivering prevention where detection-only tools document failures.
IT EDR assumes arbitrary user software and tries to detect bad actors among the legitimate noise. OT endpoints have a narrow approved set; default-deny is the right posture, and Stellar enforces it.
Legacy approach creates operational risk
Behavioral enforcement denies even legitimate binaries when they behave outside baseline. Volt-Typhoon-class techniques cannot succeed because the abuse pattern violates the baseline before damage occurs.
Legacy approach creates operational risk
Stellar supports Windows 2000 through Windows 11 with a legacy OS commitment through 2031. IT EDR tools dropped these platforms; the highest-risk endpoints in your plant get behavioral protection they would otherwise not have.
Legacy approach creates operational risk
40,000+ OT applications from 35+ vendors are pre-classified, so the initial baseline generates in minutes, not days of manual whitelisting. No competitor matches this library.
Legacy approach creates operational risk
Deployment, signature updates, and policy changes apply without endpoint reboot. IT EDR tools that require reboot cannot meet OT maintenance-window constraints; Stellar does.
Legacy approach creates operational risk
Secured maintenance mode lets authorized engineers perform approved changes without disabling protection wholesale. Emergency-stop controls are available to operators. IT EDR offers none of these OT-specific controls.
Legacy approach creates operational risk
NEXT STEP
Prove Operation Lockdown on a Legacy Endpoint
Install the Stellar agent on a Windows XP or Windows 7 system. See baseline generation complete in minutes using the 40,000+ OT application repository, then watch default-deny block an unauthorized process attempt. No reboot, no production impact.