Real-world cyber solutions

Real world operations today have two urgent needs: cyber hardening, and digital transformation. The network-layer isolation security methods of the past are insufficient, exposing vulnerable systems to the risk of cyber-attack and slowing needed innovation.

Xage’s Identity and Access Management provides zero-trust protection for OT and OT-IT-cloud interactions. Xage’s IAM is delivered either on-premise and/or via the cloud. It remains robust even if the network is breached, and covers a comprehensive array of IoT, SCADA, PLC, RTU and HMI systems together with the latest control and monitoring applications.

Xage’s solutions deliver granular application-level security and control. Operators are able to instantly create or revoke groups and policies for devices, applications, and people, enabling secure access and secure cooperation. All access attempts are tracked with a tamperproof audit-log. Policies (e.g. for access control, device password rotation or multi-factor authentication) are set centrally but delivered and enforced autonomously in the field using the Fabric. This maximizes uptime and avoids inline dependencies on remote assets. Plus Xage’s XEP protects legacy systems, detecting any unauthorized changes, and blocking attempts at compromise.

Xage is deployed non-intrusively, without any changes to the protected devices and industrial controllers. The Xage Policy Manager manages all devices, apps, users and data-streams field-wide from a single dashboard. Policy Manager also automates operational security, ensuring compliance with evolving regulations such as NERC-CIP.

Xage’s Remote Access solution enables secure access to modern and legacy assets spanning OT, IT, data center and cloud. The solution is available from the cloud or on-premise or both, enabling easy adoption, easy configuration and easy ongoing management.

Xage’s Remote Access solution is “zero trust,” so access is controlled at the most granular level: device by device, user by user, data stream by data stream, and app by app. Xage’s approach utilizes identities to secure the environment, granting authorization solely to a limited set of defined interactions. As a result, hackers are blocked from launching attacks via a network-zone or other broad access permissions.

The solution also dramatically simplifies access for end users, providing them single-sign-on OT access (with MFA if configured) from anywhere and on any device with a web browser interface.

Xage’s Remote Access solution was designed specifically for OT/IoT environments. To fit with standard architectures, the solution includes the Xage Traversal Tunnel and Proxy which relays access and data across the layers of the Purdue model – for instance, from OT to DMZ to IT. This approach replaces multiple unprotected firewall port-opening with a single Xage-Fabric-controlled point-to-point IPSec tunnel that uses signed tunnel endpoints to block spoofing. It also terminates exposed direct-access protocols (RDP, VNC, SSH etc.) inside the OT or OT-DMZ, providing a modern and secure HTTPS interface, and unifying access management across multiple systems and zones. Administrators can decide to run management and the user access datapath in the cloud; or management in the cloud, but with the user datapath passing through Enterprise IT; or with both management and datapath on-premise. Plus, the solution does not require VPN connectivity, thus avoiding instantiation of an internal IP address for external users. Further, the solution manages any needed OT engineering-workstation accounts, dynamically creating and removing such accounts, so that EWS accounts exist only as long as the user’s session, removing a major source of OT vulnerability. 

In other words, as an operation transitions to Xage, vulnerable and hard-to-manage aspects of traditional remote access – jump boxes, exposed RDP interfaces, VPNs, EWS accounts, etc. – are reduced or removed, hardening and simplifying access to the operation for users and administrators alike.

Xage also supports the transfer of secure data and files across OT, DMZ, IT and the cloud. Secure data transfer utilizes the same Traversal Tunnel and Proxy used for remote access, with cryptographic integrity protection and control capabilities that can limit datafile type, size, content, location, originator, and destination.

Download the Solution Brief

View the Benefits Video

View the Explainer Video

View the Demo Video

Data, data sharing, and data-driven automation lie at the heart of the digital transformation of industry. By enabling and controlling data sharing across multiple processes, locations and ecosystem participants, from the edge to the cloud, industrial companies can transform how they use their data with opportunities for new optimization, revenue and customer value creation.

Xage’s Dynamic Data Security enables end-to-end security across the entire data platform, from physical machines through edge analytics to shared cloud-based data lakes. Multiple participants and their applications can both access and publish data securely, enabling them to work together without losing control or exposing themselves to cyber risk.

The Dynamic Data Security system digitally hashes, signs and encrypts operational data at source, committing the resulting security information to the Xage Fabric. The Fabric protects and replicates the security information to ensure that the underlying operational data can be published or consumed anywhere as needed, with its authenticity, integrity and confidentiality protected by the Fabric. Additionally, Xage’s XEP protects data as it travels from system to system, automatically and dynamically establishing a XEP-to-XEP encryption tunnel or relay when data, such as Modbus information from a PLC, is being transmitted.

Xage’s Dynamic Data Security empowers businesses to transform the ways they operate internally, work with partners and suppliers, and serve their customers. It supports applications from transactive energy (TE/DER) through custody transfer tracking to advanced supply chain cooperation.

Download the Solution Brief

Enterprises are deploying more and more connected devices as the Industrial Internet of Things (IIoT) becomes a reality. Operators require a flexible enrollment solution to authenticate and enroll devices at scale.

Xage Device Lifecycle Management verifies device authenticity in the field, based on owner, manufacturer, location, and device fingerprints. It tracks assets and enrolls legitimate devices in the multi-vendor trust system, which enables users, applications, and devices to work together–all without the need for pre-staged app and device enrollment or configuration.