Identity and Authentication

Identity and Authentication

Today, industrial operators are experiencing transformational changes focused on autonomous data-driven, machine-to-machine IoT cooperation. Identity and authentication services must be delivered on-site at the industrial edge, and must cover a diverse array of IoT, SCADA, PLC, RTU and HMI systems, together with the latest control and monitoring applications.

Xage’s Identity Management and Authentication solutions enable any-to-any application-level security and control. Operators are able to instantly create groups and policies for devices, data streams, applications, and people, enabling secure cooperation. Policies are set centrally but delivered and enforced autonomously in the field using the Xage Fabric. This maximizes uptime and avoids inline dependencies on remote assets.

Xage’s Identity solution synchronizes with corporate systems such as Active Directory, enabling IT-OT consistency and single-sign-on across the operation. Policies are held securely in the Fabric, enabling on-site authorization and integrity enforcement.

Xage leverages systemic industrial-edge tamperproofing across diverse devices, data streams, and controllers, using a combination of automated credential management and intelligent fingerprinting. Xage detects any unauthorized changes, blocking or isolating attempts at system compromise.

RBAC and Secure Remote Access

RBAC and Secure Access

Given the interconnectedness of today’s industrial operations, the network-layer isolation security methods of the past are ineffective, exposing vulnerable systems to the risk of cyber-attack. Xage’s role-based access control (RBAC) solution enables remote and on-site system access for control systems (ICS), IoT devices, and operational data streams, dramatically improving and simplifying access security, while enabling continuous protection even if the network-layer is breached.

Xage RBAC takes responsibility for setting secure device credentials, holding credentials on-site in the tamperproof Fabric to make default, lost, shared, or stolen passwords a thing of the past. Xage RBAC also automates the implementation of OT security policies such as password complexity, credential rotation, and immediate user revocation. Plus, for the many industrial control systems and devices that have no password nor built-in protection – leaving them open on the network – Xage provides the Xage Enforcement Point (XEP), controlling access according to the tamperproofed policies secured in the Fabric.

With credential management and XEP capabilities, Xage enables universal RBAC for every device, from legacy control systems to the newest IoT machines, while tracking all access attempts with a tamperproof audit-log.

Xage is deployed non-intrusively, without any upgrades or changes to the protected devices and industrial controllers, and. The Xage Policy Manager, part of Xage RBAC, enables customers to define and enforce RBAC requirements for all devices, apps and users field-wide from a single dashboard. This automates critical infrastructure security and maintains compliance with evolving regulations and such as NERC-CIP.

Device Lifecycle Management

Device Lifecycle Management

Enterprises are deploying more and more connected devices as the Industrial Internet of Things (IIoT) becomes a reality. Operators require a flexible enrollment solution to authenticate and enroll devices at scale.

Xage Device Lifecycle Management verifies device authenticity in the field, based on owner, manufacturer, location, and device fingerprints. It tracks assets and enrolls legitimate devices in the multi-vendor trust system, which enables users, applications, and devices to work together––all without the need for pre-staged app and device enrollment or configuration.

White Paper

Download
the whitepaper

The current model of enterprise security is incapable of protecting Industry 4.0 with its intermittently connected, heterogeneous devices and applications, distributed across organizations and geographies. Today’s centralized IT security paradigm needs to be replaced by cybersecurity that is distributed, flexible and adaptive.