Your first checked design
The fastest way to understand Synapse is to watch a real OT network check itself against the standard. Load a reference site, read what comes back, and you’ll have the whole loop in about three minutes.
Synapse does one thing well: it takes a model of an OT network, checks the design against IEC 62443 and related standards, and tells you where it’s defensible and where it isn’t. You don’t need your own site to see that working. A reference design ships with the studio, so the first thing you’ll see is a result, not a blank canvas.
01Open the studio
Head to the studio. The left rail is the IEC 62443 lifecycle, from Design through Risk Assessment, Segmentation and Reports. You’ll start on Design, the canvas where the network lives.
02Load a reference site
Open the New menu in the top bar and choose a starting point:
New▸Open wind-farm template
A twenty-asset wind farm drops onto the canvas, already organised into zones: enterprise and remote access at the top, an OT DMZ below it, then Site SCADA, and finally Turbine Control and the Grid Interface. This is a deliberately realistic design, not a toy, so it makes a good first read. If you’d rather start from a substation, the same menu has a faithful sixteen-asset substation reference too.
03Watch it check itself
There’s no button to press. Synapse re-runs the full check every time the model changes, so the moment the template loads it has already been evaluated against IEC 62443-3-3 and NIST SP 800-82. The studio opens the Check tab on the right and shows you what it found.
You can force a re-run any time with the Check design button in the top bar, but you’ll rarely need to. The check is deterministic: the same design always produces the same result.
04Read the result
The reference design opens with two findings waiting for you. That’s intentional. A clean template would teach you nothing, so this one ships with two realistic problems planted in it:
- Subnet/VLAN spans multiple zones: a workstation that sits in the Site SCADA zone has been left on the DMZ network — a flat network across a zone boundary, which is exactly what segmentation is meant to prevent.
- IEC 61400-25 real-time mapping without IEC 62351 transport security: the link carrying real-time turbine telemetry hasn’t declared transport encryption, so that traffic would cross the network in the clear.
Each finding has a severity, a plain-language explanation of why it matters, and a recommendation. Alongside the findings is the coverage view: a requirement-by-requirement readout of which parts of the standard this design satisfies, partially addresses, or leaves open. That coverage is what later becomes your audit evidence.
05Read the diagram
Look back at the canvas. The findings aren’t just a list, they’re drawn onto the design. The edges between assets are colour-coded so you can read intent at a glance:
- Blue: a flow that crosses a zone boundary through a conduit — controlled, the way it should be.
- Grey: a flow that stays inside a single zone.
- Red: a flow involved in a violation — the thing the finding is pointing at.
Conduits, the controlled gateways between zones, are drawn as boundaries with the flows routed through them. Hover one and Synapse tells you exactly what that conduit permits. This is the same picture you’ll hand to an auditor, so it’s worth learning to read.
What you just did
In three minutes you loaded a real OT network, had it checked against two standards, and learned to read both the findings and the diagram. That’s the core loop. Every other workflow in Synapse is a variation on it.
- Model: a reference site, or your own from a walkdown.
- Check: automatic, deterministic, against IEC 62443-3-3 and NIST SP 800-82.
- Read: findings to fix, coverage to evidence, all drawn onto the design.
Where to next
The natural next step is to close one of those findings and watch the check turn green:
Find and fix a segmentation gap
Or see how a real site gets in here in the first place, in From a messy walkdown to a defensible design.
Try it yourself
It's open, free to try, and there's nothing to install. Load a reference site and follow along.
Open the studio