Security solutions for the industrial edge

Industrial control systems (ICS) and industrial IoT devices require role-based access control (RBAC) for effective operation. RBAC enables remote system access, saving time and money, and dramatically improves and simplifies access security, whether remote or on-site.

Xage RBAC sets secure device passwords and holds the passwords on-site in the tamperproof Fabric, making default, lost, shared or stolen device passwords a thing of the past. The Fabric also holds credentials and access policies, requiring personnel and applications to login to the Fabric using their corporate credentials to gain proxy access to devices, and granting only the access policy allows.

With Xage RBAC, setting passwords is automated, and device passwords are complex, hidden and regularly rotated. Local and remote login for users is made simple with single sign-on, and all changes are tracked with a tamperproof audit-log, protecting against financial and reputational loss.

Xage RBAC enables managed identities and policy-based access control for industrial devices that have device-specific passwords and which allow secure protocol access e.g. via  SSH or HTTPS. However, many industrial control systems and devices have no password nor built-in protection, leaving them open on the network.

To extend security coverage and RBAC enforcement to these most vulnerable systems, Xage attaches a filter called a Xage Enforcement Point (XEP) which allows access solely according to the tamperproofed policies held in the Xage fabric. With XEP, for the first time, Xage enables role-based access control and single sign-on for every device, from legacy control systems to the newest IoT machines–even those previously lacking any password protection. Plus, XEP is deployed unintrusively, without any upgrades or changes to the protected devices and industrial controllers.

To improve efficiency, companies in sectors like energy, manufacturing, transportation, and utilities are digitizing their operations. They’re networking devices from voltage controllers in the electrical grid to transient devices such as the laptops and USB drives used by field technicians. These numerous distributed devices now represent the vast majority of the industrial assets vulnerable to cyberattack.

With Xage Policy Manager, the first automated and decentralized cybersecurity solution for distributed assets, industry can protect critical infrastructure while ensuring compliance with evolving regulations and standards such as NERC-CIP. The Policy Manager enables customers to define and enforce security requirements for all devices, apps and users field-wide from a single dashboard.

Industrial devices and SCADA, PLC, RTU and HMI systems are increasingly linked together, and the network-layer-blocking or air-gapping methods of the past are becoming less effective, exposing many vulnerable systems to heightened risks of cyber-attack.

Xage’s blockchain-protected Fabric already provides tamperproofing for the passwords, enrollment and policies required to run continuous edge operations. Now, Xage Systemic Tamperproofing uses device and industrial control system (ICS) fingerprints stored in the Fabric to protect edge processes end-to-end and prevent device and ICS compromise. Xage detects any unauthorized fingerprint change, and if a device or controller is compromised, it will be isolated to prevent the contagion from spreading.

Today’s industrial operators are experiencing transformational changes focused on autonomous data-driven machine-to-machine IoT cooperation at the edge. Now, machines, people and applications are working together to exchange data, make decisions and take action.

Xage Authentication and Identity Management enables secure any-to-any application-level security and access control. Operators are able to instantly create security groups and policies for devices, applications and people to enable secure cooperation and data exchange. Policies can be set centrally but are enforced autonomously in the field using the Xage Fabric, maximizing industrial uptime by avoiding dependencies on remote cloud assets.