OT/IT-Segmented Networks for Manufacturers

Charlotte and Carolinas plants. CMMC-aware.

Netsafe Solutions delivers CMMC-aware IT for Charlotte manufacturers — OT/IT security, production uptime, ERP integration, 24/7 SOC monitoring. 22-year Microsoft Partner, device-based pricing.

5.0 — 240+ Google Reviews

Contact an Expert

Netsafe Solutions provides IT services for Charlotte-area manufacturers — general manufacturing, defense contractors, aerospace suppliers, and industrial operations — from our office at 8510 McAlpine Park Drive, Suite 203. We harden Microsoft 365 tenants for CMMC Level 2 and NIST 800-171 environments, deliver 24/7 Blackpoint SOC monitoring (endpoints at 16-minute response, M365 tenant at 7-minute response), segment operational technology (OT) networks from IT networks, and support ERP platforms (Epicor, NetSuite, SAP Business One, Infor, Sage). Pricing is itemized per device per month with the service layer covered by a per-device monthly rate, plus per-mailbox tools and Microsoft 365 licensing — no onboarding fee. We've supported Carolina manufacturers since our founding on November 21, 2003.

22+Years Serving
the Carolinas

100+Active Business
Clients

98%Issues Resolved
Remotely

15+Certified
Technicians

Why Manufacturing IT Is Different

Manufacturing IT sits at the intersection of two historically separate domains: IT (email, ERP, CAD, M365) and OT (operational technology — PLCs, SCADA, robotic controllers, production line sensors). For decades these ran on isolated networks. In the last ten years, everything converged — OT systems now connect to IT networks for data collection, predictive maintenance, and ERP integration. That convergence created an entirely new attack surface.

The threat landscape: According to IBM's Cost of a Data Breach Report 2024, the manufacturing sector had the highest ransomware-related breach rate of any industry for the third consecutive year. CISA advisories repeatedly flag manufacturing as a high-target vertical because production downtime creates immediate ransom leverage — every hour of halted production is quantifiable in lost revenue, missed shipments, and contractual penalties.

The compliance landscape: For manufacturers supplying the Department of Defense (DoD) or federal prime contractors, CMMC 2.0 (Cybersecurity Maturity Model Certification) is now a contract requirement. Level 1 covers basic Federal Contract Information (FCI); Level 2 covers Controlled Unclassified Information (CUI) and maps to NIST 800-171's 110 controls. CMMC assessments are conducted by authorized C3PAOs (CMMC Third-Party Assessor Organizations), and a failed assessment means disqualification from DoD contracts.

Netsafe Solutions configures manufacturing IT for both the production-uptime threat and the compliance threat — because a ransomware outage and a failed CMMC assessment have similar business impact: lost revenue.

Modern manufacturing facility with industrial equipment

What Netsafe Solutions Provides for Manufacturers

OT/IT Network Segmentation

The fastest path to a production-halting ransomware incident is a flat network where office email and plant-floor PLCs share the same broadcast domain. Netsafe segments:

- Network zones — separate VLANs for corporate IT, production OT, guest, and DMZ (external vendor access for equipment vendors like Rockwell, Siemens, Allen-Bradley)

Zone-based firewall policies — explicit allow rules between zones; default-deny everywhere else; documented east-west traffic requirements per application
OT visibility without OT management — we observe OT traffic for anomalies (unexpected protocols, unusual commands) but don't directly manage PLCs, HMIs, or controllers. Your OT team or vendor owns those; we secure the network around them.
Remote vendor access — time-limited, logged, MFA-required VPN for equipment vendors who need to troubleshoot CNC machines or SCADA systems
Documented network diagrams — required for CMMC Level 2 (control AC.L2-3.1.3) and for your cyber insurance application

CMMC / NIST 800-171 Compliance Support

For manufacturers in the DoD supply chain, Netsafe configures environments against the 110 NIST 800-171 controls that underpin CMMC Level 2:

- CUI-aware Microsoft 365 configuration — evaluation of whether your matter mix requires Microsoft 365 GCC High licensing (for ITAR/DFARS 7012 CUI) or whether standard M365 with additional controls suffices

Access Control (3.1) — Entra ID with Conditional Access, MFA on all CUI access, role-based access, privileged session management via PIM
Audit & Accountability (3.3) — M365 unified audit log, 180-day retention minimum, exportable evidence
Configuration Management (3.4) — baseline configurations enforced via Intune, change documentation via NinjaOne
Identification and Authentication (3.5) — MFA enforced, FIDO2 hardware keys for privileged accounts
Incident Response (3.6) — documented IR plan, tested annually, aligned to DoD 72-hour reporting for Defense Industrial Base
Risk Assessment (3.11) — annual documented risk assessment aligned to NIST SP 800-30
System & Communications Protection (3.13) — network segmentation, encryption in transit (TLS 1.2+ everywhere)
System & Information Integrity (3.14) — SentinelOne EDR, patch management via NinjaOne, Black Point Cyber SOC monitoring
CMMC assessment prep — gap assessment against the 110 controls, remediation roadmap, evidence package ready for C3PAO assessment
Note: Netsafe is not a C3PAO and does not conduct CMMC certifications. We configure your environment to pass one and coordinate with your chosen assessor.

ERP & Production System Integration

Netsafe supports the IT infrastructure around manufacturing platforms:

- ERP platforms — we manage the IT infrastructure around ERP systems including Epicor Kinetic, NetSuite Manufacturing, SAP Business One, Infor CloudSuite, Sage X3, and Microsoft Dynamics 365 Business Central environments. We handle SSO integration via Entra ID, Intune-deployed ERP clients, server hosting, and data backup coordination. ERP-specific configuration (customizations, workflows, reports, schema) is coordinated with your ERP vendor or consultant.

CAD / engineering systems — SolidWorks, Autodesk Inventor, AutoCAD, Fusion 360, PTC Creo workstation configuration, performance tuning, and secure file collaboration
PLM systems — IT infrastructure around SolidWorks PDM, Autodesk Vault, Arena PLM including server hosting, backup, and access control integration
MES integration points — where MES (Manufacturing Execution Systems) feed ERP, we secure the data flow without interfering with real-time production control
Shop-floor kiosks and terminals — locked-down Windows configurations via Intune, auto-logon for production tracking stations, barcode scanner integration

Production Uptime & Business Continuity

Manufacturing can't tolerate the same downtime a professional services firm can. Netsafe designs for uptime:

- Immutable M365 backup via third-party provider — recovery from ransomware without paying ransom

On-prem server backup for ERP and CAD systems — Veeam or similar, with offsite replication and tested recovery
Warm-site recovery planning for critical ERP systems — documented RTO/RPO, tested annually
Redundant internet connectivity — we recommend and manage dual-ISP failover for production-critical facilities
UPS and power event monitoring — integrated with NinjaOne alerts for power anomalies that could corrupt running ERP transactions

Endpoint Security for Industrial Environments

Manufacturing environments often run mixed endpoint fleets — engineering workstations, shop-floor PCs, kiosks, and legacy systems that can't easily be replaced. Netsafe applies:

- SentinelOne EDR — catches ransomware, behavioral anomalies, and lateral movement on Windows and Linux endpoints

Black Point Cyber SOC endpoint monitoring — 16-minute average response when threats are detected
NinjaOne RMM — patch management across mixed fleets including older Windows versions that still run production software
DefensX DNS filtering — blocks malicious domains even on endpoints that can't receive timely patches
BitLocker full-disk encryption — enforced via Intune on engineering laptops holding CAD files and CUI
Legacy system isolation — for systems that genuinely can't be patched (old CNC controllers, legacy vision systems), we isolate via VLAN and wrap with additional network controls rather than leave them exposed

Cyber Insurance Support

Manufacturing cyber insurance premiums have exploded since the ransomware surge of 2021-2023. Netsafe helps firms pass insurer underwriting and renewal questionnaires:

- Completed cybersecurity questionnaires — the detailed controls questionnaires insurers use (typically 150-300 questions) completed on your behalf

Evidence packages — Secure Score reports, SOC 2 reports from our vendors, incident response plans, backup testing results
Remediation roadmap — for firms that get flagged on renewal, we prioritize the fixes most insurers actually require (MFA everywhere, EDR, immutable backup, segmented networks)
---

How We Price Manufacturing IT

Most MSPs force their entire tool stack on every client regardless of need. Netsafe Solutions builds your stack around what your business actually requires — transparent, itemized, month-to-month on every tool.

Unlimited remote helpdesk during business hours
On-site support available (pre-approved T&M)
1-year service agreement — standard MSP practice

Business Basic — $7.20/user/mo
Business Standard — $15.00/user/mo
Business Premium — $26.40/user/mo
Enterprise (E3/E5) — quoted per tenant
Licensing sourced through Pax8

NinjaOne RMM — monitoring, patch management, remote management, vulnerability scanning
SentinelOne EDR — AI-powered endpoint detection and response
Black Point Cyber SOC — 24/7 human-led endpoint + M365 tenant monitoring
DefensX — DNS filtering and web protection
Checkpoint Harmony — advanced email security (anti-phishing, anti-BEC)

All M365 pricing reflects current month-to-month Microsoft MSRP. Tool pricing is quoted per customer based on environment size and needs. No onboarding fee — migrations and security hardening are included in the first month’s management fee. Contact us for a custom quote →

Why Charlotte Manufacturers Choose Netsafe

22+

OT/IT segmentation done right we separate plant floor from corporate network without creating workflow friction

100+

CMMC Level 2 / NIST 800-171 aware gap assessment, remediation, and C3PAO assessment prep for DoD supply chain firms

98%

Production uptime focus immutable backup, documented RTO/RPO, tested recovery procedures

70%

Black Point Cyber SOC dual-coverage 24/7 monitoring on endpoints (16-min response) AND M365 tenant (7-min response)

Legacy system isolation when you can't upgrade the 2014 CNC controller, we wrap it in compensating network controls

ERP infrastructure across platforms IT infrastructure management around Epicor, NetSuite, SAP B1, Infor, Sage, Dynamics 365 environments

Frequently Asked Questions

Does Netsafe manage PLCs, SCADA, and OT equipment directly?

No. OT systems (PLCs, SCADA, HMIs, robotic controllers) are managed by your OT team or the equipment vendor (Rockwell, Siemens, Allen-Bradley, Emerson, etc.). Netsafe secures the network around those systems — segmentation, firewall policies, monitoring for OT protocol anomalies, secure remote access for vendors — and integrates IT-side data collection without touching the OT controls themselves. This separation is deliberate and aligns with OT security best practices (ISA/IEC 62443).

We're a DoD contractor. Can Netsafe handle CMMC Level 2 prep?

Yes — gap assessment, remediation roadmap, evidence package assembly, and coordination with your chosen C3PAO. Netsafe is not a C3PAO (we don't conduct certifications ourselves), but we configure the environment to pass one. For firms handling ITAR or DFARS 7012 CUI, we evaluate whether Microsoft 365 GCC High is required versus standard M365 with additional controls. For firms at CMMC Level 1 only (FCI, not CUI), the control set is lighter and we can typically get to Level 1 readiness in 4-8 weeks.

How does Netsafe handle our ERP system?

We handle the IT infrastructure around your ERP — server hosting, patching, backup, user access, SSO integration, client deployment via Intune, performance monitoring — but not the ERP configuration itself (customizations, workflows, reports, schema). Your ERP vendor or consultant owns those. We manage the IT infrastructure around ERP systems including Epicor, NetSuite, SAP Business One, Infor, Sage, and Dynamics 365 environments.

What happens to production if we have a ransomware attack?

If the attack hits corporate IT only (email, ERP, file servers), OT production typically continues because we've segmented it. Production halts when the attack reaches OT or when ransomware renders critical data (inventory, BOMs, customer orders) unavailable. Our response: Black Point Cyber SOC containment within 15 minutes of detection, restoration from immutable backup within 4-24 hours depending on scope, documented timeline for cyber insurance. For manufacturers with high-value production lines, we recommend RTO targets of 4 hours or better for ERP and 24 hours for non-critical IT.

Can you support both our corporate office and plant facilities?

Yes. Our team handles multi-site deployments — corporate office, distribution warehouses, manufacturing plants, engineering facilities. For plants far from Charlotte, we work with local break-fix partners for physical access when needed, while all remote management, monitoring, and security run from our Charlotte operations.

Do you support engineering workstations running SolidWorks, AutoCAD, and PLM systems?

Yes. Engineering workstations get the same SentinelOne + Black Point SOC + NinjaOne + DefensX stack as office workstations, plus CAD-specific configurations: local admin rights for certain CAD operations (handled via just-in-time elevation rather than standing local admin), network license server connectivity, PDM/PLM integration, and high-performance backup for large CAD files.

What about our cyber insurance renewal?

Cyber insurance renewals in 2024-2025 have become the hardest due diligence event most manufacturers face. Carriers demand detailed evidence of MFA everywhere, EDR on all endpoints, immutable backup, tested IR plan, segmented networks, and documented vendor risk management. Netsafe maintains all of these as part of standard managed services and delivers the evidence package when you renew. For firms that got flagged by their carrier with remediation requirements, we prioritize the fixes that actually move the needle on premium.

How do you handle our CNC machines that run Windows XP?

Carefully. Legacy OS systems can't be patched to modern standards, so we isolate them via dedicated VLAN with strict firewall rules, apply compensating controls (network-layer DNS filtering, IDS/IPS monitoring via the SOC), and document the risk acceptance decision for CMMC and cyber insurance purposes. The right long-term path is replacing or air-gapping those controllers, but we recognize that happens on manufacturing capital cycles, not IT cycles. ---

Let’s Talk About Your Manufacturing IT

Tell us about your environment and what you’re dealing with. We’ll get back within one business day with a straight assessment and a quote. No pressure, no sales pitch.

Or call us directly
(704) 333-0404

Explore Other Netsafe Solutions Services

Areas We Serve

Netsafe Solutions provides IT services for manufacturing across 27 cities in North Carolina and South Carolina.

North Carolina: Charlotte, Concord, Huntersville, Matthews, Cornelius, Waxhaw, Gastonia, Kannapolis, Monroe, Mooresville, Salisbury, Statesville, Hickory, Newton, Shelby, Albemarle, Greensboro, Winston-Salem, Lexington
South Carolina: Rock Hill, Fort Mill, Columbia, Spartanburg, Lancaster, Chester, York, Gaffney

Netsafe Solutions — IT services for manufacturing in Charlotte since 2003.
8510 McAlpine Park Drive, Suite 203, Charlotte, NC 28211 | (704) 333-0404

Last Updated: April 2026