Request demo
ot_security_cranes_min
PROTECT YOUR SITES AND INDUSTRIAL CONTROL SYSTEMS (ICS)

Full-scale Secure Access for Operational Technology 

Manage on- and off-site OT secure remote access to any ICS/OT target at scale in industrial automation and manufacturing businesses with PrivX OT Edition.

Book a Demo Get the Buyer's Guide

DIGITAL GATEKEEPER FOR OPERATIONAL TECHNOLOGY 

Plant-wide, global, or local IT/OT access control at industrial scale  

Centralize on- and off-site secure access management to any ICS/OT/IT target
with the cost-efficient PrivX OT Edition software solution. 

Book a Demo Watch a Demo

 

Go beyond VPNs, firewalls, and physical remote access tools

In information technology (IT), the focus is on risk mitigation and security. In operational technology (OT), it’s on cost-efficiency and safety. As IT and OT are converging, PrivX OT Edition is purpose-built to bridge the security/safety gap between IT and OT. The solution offers a single pane of glass to control, grant, and restrict access to critical infrastructures, energy grids, production sites, power plants, cyber-physical systems (CPS), or machines.

The solution supports granular, least-privilege, and just-enough-access (JEA) models that are not available in VPNs/Firewalls, which grant too broad access to industrial ICS/OT targets.

PrivX OT Edition grants Zero Trust access just in time (JIT) - without the risk of shared or leave-behind credentials.

2023_2_28_OT_connection

Secure your OT
environment in the age
of digital transformation

Find out why PrivX OT is the definitive solution to enable plant-wide security and enable digital services adoption, from remote assistance to data collection.

Watch the video >>>

 

zero trust access WITH no leave-behind credentials

Ramp up safety and security.
Cut down on costs and time-to-task.
 

Secure-file-transfer

Maintain and troubleshoot remotely

  • Maintain, upgrade, and optimize operations off-site or on-site for savings

  • Reduce the risk of lost production time with instant access for troubleshooting 

  • Strong biometric authentication and device trust-based access to production sites 

Number-one

Centralized control

  • Access hundreds of machines or other critical IT/OT targets from a single digital gatekeeper 

  • Work with multiple directories or IDMs and map them with the right roles for role-based access control (RBAC) 

  • Audit trails, session recording, and monitoring for compliance (NIS2, IEC 62443)

Checklist

Approve, restrict, authorize

  • Workflows for job approvals or integrations to ticketing systems 

  • Restrict the access to the minimum to get the job done 

  • Manage credentials and migrate to passwordless and keyless authentication for efficiency and true Zero Trust security 

     
Finance

Save on costs  

  • Scalable, flexible, and easy to deploy: No costly hardware required  

  • Uniform access using industrial protocols or standard IT protocols, like SSH, RDP, VNC, HTTP(S), Profinet, EtherNet/IP, Modbus, OPC UA, and more!
  • Software from leading security experts with a strong footprint in demanding projects in OT, banking, healthcare and MSPs.

See PrivX OT Edition in action

Multiple access methods and NTA functionality

PrivX OT offers three types of access methods designed to safeguard all connections between users and network devices. All the security benefits designed for remote connections can be also applied to users located on-site.

While the internal maintenance team typically utilizes an engineering station/jump host to run the software tools required to execute a certain task, it is often required for third-party personnel to employ their own computers and applications for troubleshooting OT devices.

This is why PrivX OT incorporates the Network Target Access (NTA) functionality, which allows for the traffic of industrial communication protocols between the user’s laptop and the target OT device, eliminating the need for a local computer/jump host.

 

For more information on PrivX OT’s access methods, watch the video →

 

 

Secure File Transfer

Troubleshooting computers typically involves installing additional software, necessary for upgrading applications and enhancing system capabilities.

PrivX OT includes a secure file transfer feature that enables the transfer of files between the user’s computer and the target device. This tool is highly intuitive and simple to use, and it can seamlessly integrate with various anti-virus software for automatic malware checking.

 

← Watch the demonstration of the Secure File Transfer functionality

Access Request/Approval

PrivX OT is a Zero Trust access control solution, and it enforces Just-in-Time, Just Enough Role-Based Access. This means that users can only connect to devices based on an assigned role, for a specific amount of time and limited to the approved network target(s).

With all these conditions in place, ease of use becomes essential. Requesting and approving access using PrivX OT is straightforward. Requests are exchanged in real-time between users and approvers, and multiple user interfaces are available to facilitate communication, including a smartphone app.

 

Watch how simple it is to request and grant access using PrivX OT →

 

 

Session Logging, Recording, and Real-Time Monitoring

Full access control is not limited to granting and revoking user access, it should also include having total visibility into each user’s connection to systems and networks. 

PrivX OT comes with the capacity to log all connections, record session videos, and monitor users in real time as they reach out to network devices.

 

← Click here to see the visibility features of PrivX OT

2023_03_27_OT_buyers_guide_WP_mockup

Find the best Secure Remote Access management solution for your organization

Learn about the 8 challenges OT businesses face when choosing an access management solution & how to solve them.

Get the Guide

PrivX_OT_Edition_Architecture

OT/ICS access security for Industrie 4.0

System uptime is critical in IIoT/OT environments. This requires constant monitoring and management of the devices and systems within them.

With IT/OT convergence, site engineers, administrators, maintenance personnel, remote operators and consultants access industrial control systems (ICS) targets, including:

  • Programmable Logic Controllers (PLC)
  • Supervisory Control and Data Acquisition (SCADA)
  • Distributed Control Systems (DCS)
  • Human-machine Interfaces (HMI)
  • Remote Terminal Units (RTU)

PrivX OT Edition governs, identifies, authorizes, approves, audits, and monitors access to these resources in a secured and restricted manner. All while keeping your organization compliant with regulations.

Learn more about the unique PrivX technologies behind the solution >

Customer use cases

Secure Remote Access (SRA) in the Forest Industry

Premise: The customer is a manufacturer of fiber products, wood products, molecular bioproducts, and low-emission energy for the forest industry. They have more than 50 sites in 12 countries around the globe.

Challenge: With their multiple production sites, the business needed a transparent remote access solution, so their trusted vendors can access the sites securely. The customer had several clear requirements, including the need for an efficient and reliable approval process for session requests, limitations to view other vendor options when requesting access, or capability for each site to manage their own access and approval processes.

Solution: The customer selected PrivX by SSH as their secure remote access solution. We at SSH worked very closely with the customer to achieve their objectives, including the development of new features not existing in the proposed solution.

When fully deployed, PrivX allows the customer to provide secure remote access to their trusted vendors. It provides access just-in-time (JIT) and with just-enough-access (JEA) – this allows external users to request session-specific access to just the right targets. Additionally, PrivX allows each production site to individually configure and manage users, roles, and end targets.

Read more
 
 

Global IoT Device Provider Secures Maintenance Operations

Premise: Headquartered in Europe, the customer is a manufacturer of home appliances with a turnover of +10 B€, +50K employees and +35 factories worldwide. The company’s brand portfolio includes more than 10 well-known appliance brands. 

The customer was looking for a secure access management solution that would radically reduce the risk of sharing a 'golden key' that grants access to all their IoT devices.

Challenge: The golden key was shared among all QA Engineers that connected to customer IoT devices to perform maintenance tasks. This was a serious security risk since often the identity of key users was unclear. The QA Admins were also constantly manually rotating and managing new golden keys.

Solution: With PrivX Privileged Access Management solution, the customer was able to ensure that their Quality Assurance Engineers would be able to maintain IoT devices as easily as before but without actually handling, sharing, or seeing keys anymore.

Moreover, all sessions are identified and tracked, the QA Engineers are assigned the right role for the task at hand on login and the golden key is used through a vault. The key is safe from misuse, accidental misconfigurations or ending up in the hands of bad actors looking to steal intellectual property (IPR). Moreover, QA Admins no longer need to replace and rotate keys all the time.

Read more

 

 

Secure Role-Based Access Control (RBAC) for Maintenance Engineers

Premise: The customer is a leading manufacturing company operating in the field of industrial equipment. As a part of their services, the business offers remote maintenance of their operational technology (OT) devices.

The customer is using multiple connection protocols (including SSH, RDP, and VNC) that were previously managed via a combination of VPN- and firewall-based security controls.

Challenge: The prior security controls lacked granularity and functionality that the customer needs to be able to provide their services easily and securely. The previous solution lacked transparency and proper auditing capabilities. There was a clear need for a lean and easy-to-use solution that would provide secure access between the cloud, customer facilities, and end-target devices.

Solution: The access to OT target devices is now done via the PrivX OT Edition solution, which is utilized as a part of the customer’s own service business. Maintenance engineers have access to over 30k devices in various customer environments in a fast and secure way. They are granted just enough access (JEA) in a just-in-time (JIT) fashion.

The PrivX OT solution provides the customer with a centralized management system that ensures increased, layered security. The system also provides improved verification capabilities to identify and authenticate users, without the end-users seeing any of the vaulted secrets. Additionally, the customer can audit and monitor maintenance-related sessions through optional sessions recording.

Read more

 

 

Secure OT Access for Third-Party Engineers in Power Plant

Premise: A global energy company operating dozens of electricity plants. Each plant has critical equipment (OT devices) from 3rd party vendors with service contracts. Access to OT devices is realized through an application gateway. The company needed a secure remote access solution to allow 3rd party vendor technicians to perform scheduled and on-demand maintenance.

Challenge: 3rd parties had visibility into the whole OT environment. No visibility into the use os shared credentials.  Granting access took a long time and revoking access was cumbersome No session monitoring or audit trail.

 

 

Solution: Direct access to the application servers is restricted, and externals don't handle shared credentials. No one ever sees any access secrets. User IDs are verified by multi-factor authentication (MFA) and are visible with access sessions. Effective workflows for access requests and approvals.  Time-boxed access for the OT target site; automatic revocation after the job is done.  Always up-to-date list of OT targets based on user role (RBAC). Session recordings and auditing events for SIEM.

A Marine Vessel Operator Secures Remote Access and IoT Data Collection 

Premise: With the help of IoT sensors, onboard computing, satellite communication, and cloud-based analytics, the customer aimed to enhance operational profitability.  However, connectivity from the public cloud environment to mission-critical vessel systems came with risks.

Challenge: Limited transparency into the remote access without visibility into the sessions. The VPN connections to the ship networks were always on. Indiscriminate access to all areas once logged in to VPN service. Untracked and unidentified connections to ship subsystems. Shared accounts and manually managed access credentials.

 

 

Solution: Increased transparency and compliance via audit trail and session recording. Secrets secured and managed centrally for risk mitigation. Automated linking of roles to identities. Just-in-Time (JIT) access granting and revocation with least privileged for granular security. Scalable cloud deployment and increased level of automation for easy fleet expansion.

Secure OT Remote Access for Third-Party Vendors in an Industrial Automation Environment

Premise: The customer is a global manufacturing company operating in dozens of factory sites in multiple regions. There are production-critical automation equipment on each site that needs to be accessed by multiple 3rd party vendors and in-house personnel.

RDP, SSH, and VNC connections were managed via Citrix and (programmable logic controller) PLC access is administered on the VPN and network level. The company needed modern centralized solution for all access protocols as well as role-based approval process tool.

Challenge: The previous solution lacked transparency and a proper audit trail for sessions and tasks performed on the device. No visibility into the use of shared credentials. The VPN solution did not provide needed granularity to be secure.

 

 

Solution: Access to OT targets inside the demilitarized (DMZ) network is now done via PrivX and its Extender component (reverse proxy) offering secure connections between sites. Internal and External users (such as on and offsite maintenance engineers) now have access to the required resources with just enough access (JEA) permissions needed to get the job done and based on their roles.