Identity and Access Management (IAM)
Malware, Phishing & Ransomware
News
Vendors
Zero Trust

Xage’s Zero Trust Remote Access protects remote access for OT frameworks

March 03, 2021
Xage Zero Trust Remote Access

Industrial cybersecurity company Xage announced the release of its Zero Trust Remote Access technology that secures remote access for operational technology (OT) environments by using cloud to ease and accelerate the deployment of critical features.

With its product, Xage will provide users with access controlled at granular level – device by device, user by user, data stream by data stream, and application by application. The Palo Alto, California-based company enables users to employ identities that secure the environment, while providing authorization solely to a limited set of defined interactions. With its cloud-delivered remote access capability, Xage is maximizing the reach of zero trust OT security, which is turning into a critical element as the operational reliability is often found to be compromised.

For the next two months, Xage is granting any valid organization that signs up six months free use of the baseline Zero Trust Remote Access offering, in order to boost adoption, accelerate its impact and help address urgent OT cybersecurity challenges.

“Modern operations require remote access for workers, apps and physical assets, yet providing access securely has proven incredibly challenging, particularly in OT environments,” said Duncan Greatwood, Xage’s CEO. “Traditionally, enabling access forces operators to manage disparate, dated technologies like VPNs, jump boxes and firewalls—a cumbersome and vulnerable process. Even then, the threat landscape has changed so dramatically in recent years that attackers are now bypassing these traditional protections.”

Users get access to centralized administration, configuration and access delivered via the cloud, from a service that includes multi-factor authentication (MFA). It does not require VPNs or jump boxes, while securely terminating vulnerable protocols such as RDP and VNC before they reach the outside world. RDP (Remote Desktop Protocol) is a protocol built by Microsoft that allows users to graphically control a remote computer, while VNC (Virtual Network Computing) is an open platform independent graphical desktop sharing system designed to remotely control another computer.

The Zero Trust Remote Access architecture terminates these exposed direct-access protocols inside the OT environment, by offering a modern and secure HTTPS (Hypertext Transfer Protocol Secure) interface, and unifying access management across multiple systems and zones. Both these protocols are chosen to deliver graphical access to a remote computer, displaying the desktop as well as communicating keystrokes and mouse actions.

As the offering does not require VPN connectivity, it steers clear of instantiation of an internal IP address for external users. It further manages any needed OT engineering-workstation accounts, removing a potential source of OT vulnerability.

With the recent trend of cyberattacks on critical infrastructure getting increasingly complex and disruptive, causing systems to shut down, disrupt operations, or allow attackers to remotely control affected systems, risks associated with industrial operations have assumed heightened importance, as these operations are online and enabling remote work. Remote access has also emerged as critical to operational efficiency and digital transformation.

By plugging the security air gaps in the critical infrastructure, users of Xage’s Zero Trust Remote Access offering are guaranteed expedited deployment that uses cloud sign-up with on-site enforcement, made possible by self-configuring software, designed to get up and run in minutes.

With the steady increase in the number of cyberattacks on critical infrastructure, ranging from ransomware to remote control, primarily aimed at disrupting operations, increased visibility and management has become indispensable.

Cybersecurity company Dragos detected a three times rise in security threats in hyperconnected industrial environments, confirming a rise in publicly known flaws in systems supporting critical infrastructure and industrial operations. It also analyzed 703 vulnerabilities in industrial control systems (ICS) and OT environments in 2020, a jump of 29 percent from the previous year.

Likewise, IBM Security X-Force disclosed that security vulnerabilities related to ICS were detected in 2020, 49 percent more than those discovered in 2019.

Xage had in April last year released its Dynamic Data Security offering, designed to ensure authenticity, integrity and privacy for data shared between different applications, machines, organizations and locations. The offering hardens the data and securely replicates the data wherever it will be consumed.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base