Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

7/7/2020
11:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Xage Security Introduces Universal Multi-Factor Authentication for Industrial Operations

New technology delivers MFA to protect all industrial assets, regardless of type, connectivity, or location.

PALO ALTO, Calif., July 07, 2020 (GLOBE NEWSWIRE) -- Today, Xage Security introduces a new universal Multiple-Factor Authentication (MFA) offering, enabling industrial organizations to protect their entire operation, across a variety of assets – even those that previously lacked even basic device password protection – for the first time. Built specifically to support OT/IoT use cases, Xage’s MFA solution eliminates operational dependencies to ensure that industries can protect their assets from attacks, including the growing wave of cyberattacks that exploit remote access vulnerabilities.

Many industrial operations include machines with no password protection, or basic lock/unlock features that lack secure access control. In the last two years alone, digital attacks targeting industrial control systems (ICS) and operational technology increased by over 2000%. Many of these attacks involved a combination of exploiting known vulnerabilities in supervisory control and data acquisition (SCADA) and ICS hardware components, along with default-password and password-spraying attacks leveraging brute force login techniques. Furthermore, recent estimates project the number of IoT connections to rise to 83 billion by 2024, with the industrial sector accounting for around 70% of those connections. The layering of new and legacy systems and technologies, combined with an increase in remote work for the foreseeable future, gives operators less visibility and control over logins happening from various locations at all times––and puts them at massive cyber risk if they leave assets unprotected.

Xage’s new solution enables MFA for any device and application, so industrial organizations can enforce authentication with multiple-factors (passwords, one time token, biometric, etc.) across their entire system. For the very first time, operators can add MFA to all of their assets (new and legacy), and enforce universal multi-factor, identity-based, low latency access on remote assets, even over intermittent networks. Xage’s highly resilient authentication and enforcement are delivered at the edge and continue to operate even if connectivity to the center is lost––ensuring universal tamperproofing without additional dependencies. As a result, Xage’s MFA solution mitigates a vast array of common cyberattacks, including password spraying attacks, password theft, identity theft attacks, and phishing attacks to plant malware on target devices.

“In the last few months, we’ve seen operational systems open up to remote access and authorization––out of necessity for business, but often without all the necessary protections in place,” said Xage CEO, Duncan Greatwood. “With the risk of successful remote attacks having increased exponentially, organizations need to utilize identity-based security. Multi-factor authentication is more critical to industrial operations than ever before, and now operators can immediately deploy it to every asset.”

Xage’s unified MFA capabilities include:

  • Identity-based comprehensive access control per device and application, with integration of additional factors as needed
  • MFA enforced via the Xage Enforcement Point (XEP) to any legacy one-factor or zero-factor system
  • Distributed MFA-protected access control, even for assets disconnected from the center
  • Standardization of multi-factor authentication methods and extends them across their deployment base of applications, workstations, control devices, etc.
  • Flexibility in choosing and switching between MFA methods (pins, keys, SmartCards, authentication apps, etc.)
  • Compliance with multiple standards across verticals, without the need to replace existing assets
  • Tamperproof audit trail for all machine-to-machine and user-to-machine interactions

The Xage Security Fabric also enables secure remote access to OT environments, critical to today’s increasingly remote work. Xage provides fine-grained access control to field assets; identity and role-based remote access to individual assets per security policy; protocol, session, and encryption security at the edge; built-in access control and monitoring; tamperproof audit logs for all actions and interactions, and enabled compliance to regulation and standards (e.g. NERC-CIP and IEC 62443).

Visit the Xage blog for more information on the company’s MFA offering, and here for more on Xage’s solution for remote identity and access management.

About Xage
The Xage Security Fabric is the universal security solution for modern industrial operations, creating the essential trusted foundation for every interaction, whether human-to-machine, machine-to-machine, or edge-to-cloud. The fabric protects all equipment, from new IoT devices to vulnerable legacy systems, delivering identity management, single sign-on, and access control with in-field enforcement across the industrial operation. Xage is the first and only blockchain-protected security solution providing tamperproof, non-intrusive protection and enabling efficient operations and innovation across all industries. Xage customers include leaders in manufacturing, energy, utilities, and transportation.

Contact
LaunchSquad for Xage
[email protected]
415-625-8555

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.