When Devices Cannot Be Updated: Real-World Applications of Virtual Patching in Semiconductor, Healthcare, and Industrial Control Environments

In the previous two articles, we established two key facts:

1. When devices cannot be updated, Virtual Patching is a necessary risk-mitigation measure.

2. Virtual Patching without AI automation is difficult to sustain over time.

So how does this strategy actually work in real industrial environments?

Below, we examine three representative industry scenarios to illustrate how Virtual Patching is applied in practice.

1. Semiconductor Manufacturing: One Compromised Tool Can Stop an Entire Production Line

Operational Reality

In semiconductor fabs, a single production line typically connects dozens of different systems, including:

• Process tools

• Metrology and inspection equipment

• Automated material handling systems (AMHS)

• MES / EDA / recipe servers

Together, these systems form a highly interconnected internal network.

The challenge is that many of these tools:

• Have long lifecycles

• Run legacy operating systems

• Cannot be easily updated

• Cannot support security agents

The Real Risk

If an attacker gains access through:

• A vulnerability

• A backdoor

• Social engineering

They can exploit existing communication paths to move laterally within the internal network, impacting other critical tools and potentially bringing the entire production line to a halt.

How Virtual Patching Works in Practice

With microsegmentation:

• Each tool is treated as an independent security zone

• Only required communications (e.g., tool ↔ MES / EDA) are allowed

• Unnecessary lateral connections between tools are blocked

Even if vulnerabilities still exist, attacks cannot spread to other tools or production segments.

2. Healthcare Environments: No Downtime Allowed, No Risk Acceptable

Operational Reality

Healthcare facilities commonly operate:

• MRI / CT / ultrasound systems

• Imaging workstations (often running older versions of Windows)

• PACS / HIS and related systems

These environments share three characteristics:

• Mission-critical systems that cannot be taken offline

• Restricted updates that require re-certification

• Highly mixed IT and medical device networks

The Real Risk

Past healthcare incidents show that:

• Attacks rarely disable devices directly

• Instead, attackers pivot from one device to spread across the entire medical network

This poses unacceptable risks to both patient safety and hospital operations.

How Virtual Patching Works in Practice

With microsegmentation:

• Medical devices communicate only with required systems (e.g., PACS)

• Unexpected devices and lateral connections are blocked

• No device modification is required, and clinical workflows remain unaffected

Hospitals can significantly reduce cyber risk without changing devices or impacting certifications.

3. Industrial Control Systems and Critical Infrastructure: Legacy Systems, Critical Responsibility

Operational Reality

In energy, water, and industrial environments, it is common to find:

• SCADA and PLC systems

• Proprietary protocols

• Control devices operating for 10–20 years or more

These systems often:

• Cannot be updated

• Cannot run antivirus software

• Directly control physical processes

The Real Risk

A compromise in ICS environments affects more than data—it can impact:

• Power supply stability

• Public safety

• National-level operations

How Virtual Patching Works in Practice

With microsegmentation:

• Only essential OT control communications are allowed

• Unauthorized IT or external connections are blocked

• Even if one node is compromised, the overall system remains protected

This is why Virtual Patching has become a core cybersecurity strategy for critical infrastructure.

Shared Conclusion: Virtual Patching Is About Risk Control

Across all three industries, one common theme emerges:

The real challenge is not whether vulnerabilities exist, but whether those vulnerabilities can be exploited.

When devices cannot be updated:

• Waiting for perfect patches is unrealistic

• Risks must be contained within a controllable scope

Microsegmentation is the most practical, least disruptive way to implement Virtual Patching.

Janus's Role: Turning Virtual Patching into a Sustainable Defense Standard

Across these environments, Janus has observed one decisive success factor:

Virtual Patching must be automated to be sustainable.

With AI-driven microsegmentation, Janus netKeeper enables organizations to:

• Automatically learn normal device behavior

• Instantly block abnormal and unauthorized communications

• Operate without OS dependency or agents

• Fully support EOS / EOL devices

• Meet SEMI E187 / FDA / CRA risk-mitigation requirements

This transforms Virtual Patching from a one-time project into a long-term product security strategy.

Conclusion: Unable to Update Does Not Mean Unable to Protect

In semiconductor, healthcare, and industrial environments, legacy devices are a reality—but unmanaged risk is not inevitable.

By implementing Virtual Patching through microsegmentation, organizations can:

• Protect critical systems

• Avoid operational disruption

• Maintain device integrity

This is the direction Janus continues to invest in: shifting product security from reactive remediation to proactive control.