ThermaGen Industries — Automated patch remediation at plant scale

ThermaGen runs three thermal-energy plants on a mix of Windows servers, Linux gateways and operational-technology (OT) controllers that cannot tolerate unplanned downtime. Every critical vulnerability disclosure triggered the same painful drill: a technician connecting to each machine by hand during a maintenance window.

With 500+ endpoints spread across sites, a single round of patching took close to three weeks. By the time the last controller was updated, new advisories had already landed — the team was permanently behind, and auditors flagged the exposure window as an unacceptable risk to critical infrastructure.

A high-severity remote-code-execution advisory affecting their edge gateways forced the issue: leadership needed those endpoints patched in hours, not weeks, without taking the production line down.

Korur deployed an automated remediation pipeline that inventories every endpoint, maps it to the relevant advisories, and stages patches in a test ring before promoting them to production. OT controllers were grouped into change windows that respect their maintenance schedules so the line never stops unexpectedly.

Each remediation run is gated by health checks: a patch only rolls forward to the next group of machines once the previous group reports healthy. Failed nodes are automatically quarantined and surfaced to an engineer instead of silently breaking — no fix is ever assumed to have worked.

We wired the pipeline into ThermaGen's existing monitoring so every run produces an auditable report: what was patched, what was deferred, and why. The same report now feeds their critical-infrastructure compliance evidence.