Xage Security announced its
new, industry-first Multi-layer Identity and Access Management solution
to bring defense-in-depth to every asset in every layer of operational
technology (OT) and industrial control system (ICS) environments. This
innovation pairs with
Xage's existing multi-layer multi-factor authentication
to protect critical infrastructure, including the ability to stop
attackers from compromising critical assets, even if the attackers have
stolen privileged login credentials.
Today
there's an escalating siege of credential-based attacks on real-world
infrastructure. Nearly every headline-making attack of the past two
decades, from Target to Equifax to the Colonial Pipeline ransomware, has
involved stolen or compromised credentials. In parallel, government
directives from the likes of TSA, CISA and NIST
have led critical infrastructure organizations not only to prioritize
cybersecurity but specifically to seek out an "identity-first
defense-in-depth strategy." Ideally, this type of strategy leverages the
latest in identity and access management (IAM) advancements for zero trust with granular access control over a complex and interconnected OT-IT-Cloud architecture.
"In
operational environments where OT systems are increasingly
interconnected with IT systems and the Cloud, it is imperative to
strengthen defense-in-depth security measures to protect critical
infrastructure," said Jonathon Gordon, directing analyst at Takepoint
Research. "Simply put, Xage enables the deployment of a new line of
defense to secure OT-IT convergence. With its Multi-layer Access
Management solution, Xage markedly reduces risks due to a key attack
vector, that of stolen credentials, designed to improve user experience
without compromising cybersecurity, and supports OT-IT-Cloud
interconnectivity securely for digital transformation initiatives."
Operations
teams struggle to evolve past their legacy perimeter-based approaches
to access management. This causes users to be bogged down with multiple
static credentials across OT and IT environments, makes the whole
environment vulnerable when attackers get inside the perimeter, and can
leave administrators unable to implement modern security features such
as multi-factor authentication (MFA). Xage alleviates these traditional
hurdles of executing an identity-based defense-in-depth strategy.
Xage
Multi-layer Identity and Access Management addresses these challenges
in an innovative way. The solution enables organizations to eliminate
attacks on their critical infrastructure by delivering defense-in-depth
security for their environments, while orchestrating protection across
multiple identity providers, Microsoft AD instances, network security
levels, and locations. By controlling, at a granular level, the access
that each individual has, organizations are able to block
credential-based attacks at earlier stages to limit damage and keep
mission-critical services running.
"Large operational
enterprises design systems for high availability and resiliency, yet
they face the challenge of cyber hardening complex IT, demilitarized
zone (DMZ) and OT environment layers that are increasingly coming under
adversarial attack," said Duncan Greatwood, CEO of Xage Security. "Add
to that the federal regulations and guidance from TSA, CISA and NIST,
and the urgency is clear for our Multi-Layer Identity and Access
Management to deliver unified cybersecurity mesh protection for
disjointed OT/IT/Cloud environments. Organizations have the ability to
realize zero trust with granular control, no matter how complex or
layered their existing equipment and architectures."
Critical
infrastructure operators, for example, can use Xage Multi-layer Identity
and Access Management to create separate identities (e.g. login
credentials) at each layer and site with different admins to ensure that
compromise of corporate IT credentials doesn't result in compromise
within OT. This also assures that compromise of one site does not lead
to compromise of all sites (or even other assets at the same site). In
addition, operations teams can reduce complexity in the access
management flow for their personnel and improve user experience, as well
as block attacks by taking advantage of the following unique
capabilities offered by the new Xage solution:
- Orchestrate multiple Identity Providers (IdPs) and AD domains with
different security zones or network layers, with an ability to
configure different IdPs with different authentication protocols such as
LDAP, SAML, and ADFS.
- Restrict asset visibility for all users until after they authenticate:
Only allow local and remote users to see the assets and systems for a
site or zone after they successfully authenticate against that site
level AD and pass the site-level MFA challenge.
- Enable local users to authenticate with the local site level AD even if that site loses network connectivity.
- Enable local and remote users to use passwordless, hardware-based, and biometric MFA through multiple hops that may be mapped to different identity providers.