Universal industrial cyber solutions

Today, industrial operators are experiencing transformational change focused on autonomous data-driven, machine-to-machine IoT cooperation. The network-layer isolation security methods of the past are insufficient, exposing vulnerable systems to the risk of cyber-attack.

Xage’s Identity and Access Management services are delivered either wholly on-site, or via the cloud with additional on-site enforcement. They remain robust even if the network is breached, and cover a comprehensive array of IoT, SCADA, PLC, RTU and HMI systems together with the latest control and monitoring applications.

Xage’s solutions deliver granular application-level security and control. Operators are able to instantly create or revoke groups and policies for devices, applications, and people, enabling secure access and secure cooperation. All access attempts are tracked with a tamperproof audit-log. Policies (e.g. for access control, device password rotation or multi-factor authentication) are set centrally but delivered and enforced autonomously in the field using the Fabric. This maximizes uptime and avoids inline dependencies on remote assets. Plus Xage’s XEP protects legacy systems, detecting any unauthorized changes, and blocking attempts at compromise.

Xage is deployed non-intrusively, without any changes to the protected devices and industrial controllers. The Xage Policy Manager manages all devices, apps, users and data-streams field-wide from a single dashboard. Policy Manager also automates operational security, ensuring compliance with evolving regulations such as NERC-CIP.

Xage’s Remote Access solution enables secure access to modern and legacy assets spanning OT, IT, data center and cloud, from anywhere. The solution is “zero trust,” so access is controlled at the most granular level: device by device, user by user, data stream by data stream, and app by app. Xage’s approach utilizes identities to secure the environment, granting authorization solely to a limited set of tightly defined interactions. As a result, hackers are blocked from launching attacks via a network-zone or other broad access permissions.

Xage’s Remote Access solution was designed specifically for OT/IoT environments. To fit with standard architectures, the solution includes the Xage Traversal Tunnel and Proxy which relays access and data across the layers of the Purdue model – for instance, from OT to DMZ to IT. This approach replaces unprotected firewall port-opening with point-to-point IPSec tunnels that use signed tunnel endpoints to block spoofing. It also replaces exposed RDP interfaces with modern HTTPS access, and unifies access management across multiple systems and zones. In other words, as an operation transitions to Xage, vulnerable and hard-to-manage aspects of traditional remote access – jump boxes, exposed RDP interfaces, etc. – are reduced or removed, hardening and simplifying access to the operation for users and administrators alike.

Xage also supports the transfer of secure data and files across OT, DMZ, IT and the cloud. Secure data transfer utilizes the same Traversal Tunnel and Proxy used for remote access, with cryptographic integrity protection and control capabilities that can limit datafile type, size, content, location, originator, and destination.

Download the Solution Brief

View the Benefits Video

View the Explainer Video

View the Demo Video

Data, data sharing, and data-driven automation lie at the heart of the digital transformation of industry. By enabling and controlling data sharing across multiple processes, locations and ecosystem participants, from the edge to the cloud, industrial companies can transform how they use their data with opportunities for new optimization, revenue and customer value creation.

Xage’s Dynamic Data Security enables end-to-end security across the entire data platform, from physical machines through edge analytics to shared cloud-based data lakes. Multiple participants and their applications can both access and publish data securely, enabling them to work together without losing control or exposing themselves to cyber risk.

The Dynamic Data Security system digitally hashes, signs and encrypts operational data at source, committing the resulting security information to the Xage Fabric. The Fabric protects and replicates the security information to ensure that the underlying operational data can be published or consumed anywhere as needed, with its authenticity, integrity and confidentiality protected by the Fabric. Additionally, Xage’s XEP protects data as it travels from system to system, automatically and dynamically establishing a XEP-to-XEP encryption tunnel or relay when data, such as Modbus information from a PLC, is being transmitted.

Xage’s Dynamic Data Security empowers businesses to transform the ways they operate internally, work with partners and suppliers, and serve their customers. It supports applications from transactive energy (TE/DER) through custody transfer tracking to advanced supply chain cooperation.

Download the Solution Brief

Enterprises are deploying more and more connected devices as the Industrial Internet of Things (IIoT) becomes a reality. Operators require a flexible enrollment solution to authenticate and enroll devices at scale.

Xage Device Lifecycle Management verifies device authenticity in the field, based on owner, manufacturer, location, and device fingerprints. It tracks assets and enrolls legitimate devices in the multi-vendor trust system, which enables users, applications, and devices to work together–all without the need for pre-staged app and device enrollment or configuration.