Xage Security (Xage) is introducing a new Multiple-Factor Authentication (MFA) offering. It will enable industrial organisations to protect entire operations across a variety of assets – even those that previously lacked basic device password protection. Built specifically to support OT/IoT use cases, Xage’s MFA solution eliminates operational dependencies. It allows industries to protect their assets from attack, including cyberattacks which seek to exploit remote access vulnerabilities.
“In the last few months, we’ve seen operational systems open up to remote access and authorization––out of necessity for business, but often without all the necessary protections in place,” said Xage CEO, Duncan Greatwood.
“With the risk of successful remote attacks having increased exponentially, organizations need to utilize identity-based security. Multi-factor authentication is more critical to industrial operations than ever before, and now operators can immediately deploy it to every asset.”
Many industrial operations include machines with no password protection. Others lack basic lock/unlock features for secure access control. In the past two years, digital attacks targeting industrial control systems (ICS) and operational technology (OT) increased by over 2,000%.
Many of these attacks have involved a combination of exploiting known vulnerabilities in supervisory control and data acquisition (SCADA) and ICS hardware components. Additionally, there have been default-password and password-spraying attacks – leveraging brute force login techniques. Furthermore, recent estimates project the number of IoT connections rising to 83B by 2024. The industrial sector will account for around 70% of those connections.
The layering of new and legacy systems and technologies, when combined with an increase in remote work for the foreseeable future, means operators will have less visibility and control over logins happening from various locations at all times. The implication: this puts them at massive cyber risk if enterprises leave assets unprotected.
Xage’s solution enables MFA for any device and application. The effect is that industrial organisations will be able to enforce authentication with multiple-factors (passwords, one time token, biometric, etc.) across their entire technology landscape. For the very first time (at least according to Xage) operators can, even over intermittent networks:
- add MFA to all of their assets (new and legacy)
- enforce universal multi-factor, identity-based, low latency access on remote assets.
Xage delivers resilient authentication and enforcement at the edge and continues to operate even if there is a loss of connectivity. It ensures universal tamper-proofing without additional dependencies. As a result, Xage’s MFA solution mitigates a wide range of common cyberattacks, including:
- password spraying attacks
- password theft
- identity theft attacks
- phishing attacks.
Xage’s unified MFA capabilities include:
- identity-based access control per device and application, with the integration of additional factors as needed
- MFA enforcement (via the Xage Enforcement Point or XEP) to any legacy one-factor or zero-factor system
- distributed MFA-protected access control, even for assets disconnected from the centre
- standardisation of MFA methods, including extending these across deployment bases of applications, workstations, control devices, etc.
- flexibility in choosing and switching between MFA methods (pins, keys, SmartCards, authentication apps, etc.)
- compliance with multiple standards across different verticals, without the need to replace existing assets
- tamper-proof audit trails for all machine-to-machine and user-to-machine interactions
The Xage Security Fabric and blockchain
The Xage Security Fabric enables secure remote access to OT environments, critical to today’s increasingly remote work. With its Security Fabric, Xage provides:
- fine-grained access control to field assets
- identity and role-based remote access to individual assets per security policy
- protocol, session, and encryption security at the edge
- built-in access control and monitoring
- tamper-proof audit logs for all actions and interactions.
The effect is to deliver compliance to regulation and standards (for example, NERC-CIP and IEC 62443).
The Security Fabric exploits a hierarchical blockchain. It uses a supermajority consensus to ensure:
- secure multi-party collaboration and governance
- operations and efficiency across industrial ecosystems.
A hierarchical tree within the Security Fabric delivers local blockchain updates on any branch, while also supporting subsequent global (hierarchy-wide) resynchronisation and reconciliation. In this way, independent blockchains offer horizontal scaling of operations – without inline dependencies on a global blockchain or central IT resources.
Xage’s hierarchical approach uses consensus to form first among local nodes. Ledger updates continue locally even when a site is disconnected. Subsequently, local ledgers synchronise to, and reconcile with, the global blockchain. To provide further protection, the global blockchain:
- revalidates transaction accepted locally
- reverifies the integrity of the local blockchain as part of the reconciliation process.
This is the mechanism whereby no local compromise can compromise the global system. The global system can override and ‘heal’ local issues revealed during reconciliation.
Enterprise Times: what does this mean
Xage offers MFA based on its Security Fabric. It claims that the latter is a universal security solution for modern industrial operations – because it creates a trusted foundation for every interaction, whether:
With IoT devices being vulnerable, delivering identity management, single sign-on and access control with in-field enforcement across industrial operations matters. By adopting a blockchain-protected security solution, Xage provides what should be tamperproof, non-intrusive protection.