Xage’s Remote Access solution enables secure access to modern and legacy assets spanning OT, IT, data center and cloud. The solution is available from the cloud or on-premise or both, enabling easy adoption, easy configuration and easy ongoing management.
Xage’s Remote Access solution is “zero trust,” so access is controlled at the most granular level: device by device, user by user, data stream by data stream, and app by app. Xage’s approach utilizes identities to secure the environment, granting authorization solely to a limited set of defined interactions. As a result, hackers are blocked from launching attacks via a network-zone or other broad access permissions.
The solution also dramatically simplifies access for end users, providing them single-sign-on OT access (with MFA if configured) from anywhere and on any device with a web browser interface.
Xage’s Remote Access solution was designed specifically for OT/IoT environments. To fit with standard architectures, the solution includes the Xage Traversal Tunnel and Proxy which relays access and data across the layers of the Purdue model – for instance, from OT to DMZ to IT. This approach replaces multiple unprotected firewall port-opening with a single Xage-Fabric-controlled point-to-point IPSec tunnel that uses signed tunnel endpoints to block spoofing. It also terminates exposed direct-access protocols (RDP, VNC, SSH etc.) inside the OT or OT-DMZ, providing a modern and secure HTTPS interface, and unifying access management across multiple systems and zones. Administrators can decide to run management and the user access datapath in the cloud; or management in the cloud, but with the user datapath passing through Enterprise IT; or with both management and datapath on-premise. Plus, the solution does not require VPN connectivity, thus avoiding instantiation of an internal IP address for external users. Further, the solution manages any needed OT engineering-workstation accounts, dynamically creating and removing such accounts, so that EWS accounts exist only as long as the user’s session, removing a major source of OT vulnerability.
In other words, as an operation transitions to Xage, vulnerable and hard-to-manage aspects of traditional remote access – jump boxes, exposed RDP interfaces, VPNs, EWS accounts, etc. – are reduced or removed, hardening and simplifying access to the operation for users and administrators alike.
Xage also supports the transfer of secure data and files across OT, DMZ, IT and the cloud. Secure data transfer utilizes the same Traversal Tunnel and Proxy used for remote access, with cryptographic integrity protection and control capabilities that can limit datafile type, size, content, location, originator, and destination.