Protect your sites and industrial controller systems (ICS).

Secure Access Management for Critical Operational Technology (OT) 

Just-in-Time (JIT) and Zero Trust access for on and off-site operators and maintenance engineers with PrivX OT Edition.

role-based access control (RBAC)

Flexible segregation, segmentation restriction management with access groups, workflow approvals and extenders

3rd party access management

Easy to use by the supply chain and external contractors  - and for auditing their remote access

swiss army knife of tech for industry 4.0

Comprehensive functionality for OT targets & applications in the hybrid cloud, including RDP, VNC, HTTP(S) and SSH

Hourglass

Identity and authorization verified in real time, every time, for every user and connection attempt without permanent credentials. On-site job approvals. Just-in-time Zero trust access.

Users

Manage multiple user groups, vendors, geographies, and asset types with ease. Users only see the resources they have the right to access with least privilege. No exposed secrets. User ID always visible.

Robot-hand

Update role memberships in real time from user directories (LDAP, AD) or IAM/IGA systems for multiple targets based on on-premise, hybrid cloud (AWS, Azure, GCP) or SaaS technologies in IT/OT convergence.

Zero Trust OT ICS cybersecurity for Industrie 4.0 and IIoT

System up time is critical in IIoT/OT environments and it requires constant monitoring and management of the devices and systems within them. Access to resources must be governed, identified, authorized, approved, audited and monitored in a secured and restricted manner. Proper secure access must be implemented in accordance with regulations, directives and practices, such as the EU network information security (NIS), NIST, IEC62443 and ISO27001.

With cloudification and IT/OT convergence, site engineers, administrators, maintenance personnel, remote operators and consultants access OT targets remotely, including:

  • Industrial control systems (ICS)
  • Supervisory control and data acquisition (SCADA)
  • Programmable logic controllers (PLC)
  • Discrete process control systems (DPC)
  • the human-machine interface (HMI) remote terminal units (RTU)
PrivX_OT_Edition_Architecture

PrivX OT Edition

PrivX OT Edition is a tailor made secure access management solution for the requirements of the highly automated operational technology in the middle of IT/OT convergence.

Provide secure, single sign-on (SSO) access with optional multi-factor authentication (MFA) to any OT target. Restrict the level of access to the least amount of privilege needed to get the job done. Apply a level of granularity that VPNs and firewalls alone cannot provide. All through one centrally managed system.

PrivX OT Edition aligns manufacturing industries and critical infrastructure providers  with the Zero Trust cybersecurity framework that advocates the principle of ‘Never trust, always verify’, providing  just-in-time access for every connection for operational and cost efficient access management.

Learn more about the unique PrivX Technologies behind the solution.

PrivX Technologies

Manufacturing: the 2nd most-attacked industry

According to IBM, manufacturing moved to second place in 2020, up from eighth in 2019. Typically, vulnerable credentials are leveraged for ransomware attacks.

22%

The EU Commission has estimated a 22 % increase in costs for implementation of NIS 2.0. 

2000%

In Q1 2021, there was a massive increase in attacks agains VPN services, driven by the popularity of remote work. 

Zero Trust prioritized in the US

“...[Advance] toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)” - Executive Order on Improving the Nation’s Cybersecurity.

faster operations with automation

Secure access made fast and easy 

Secure-file-transfer

Automated

Keep your joiners, movers and leavers in sync with the targets they need to access automatically. Enjoy a minimized need for manual configurations or maintenance

Cloud

Cloud-scale

PrivX OT Edition is based on cloud-native architecture with microservices and open REST APIss for all functions. That's why it is light on hardware requirements but great on scalability, resiliency and high availability (HA) in any technological context.

Finance

Fast and flexible to deploy

Deploy PrivX OT Edition to

  • Cloud (AWS, Azure, GCP), private clouds and VMs
  • on-premise (datacenters or manufacturing sites)
  • hybrid and legacy environments.
zero trust access wtih no leave behind credentials

Users and secrets managed

Checklist

Identified and audited

Clear and easy-to-use

  • workflows for managing roles, approving sessions and segregation of access to targets and sites
  • on-site and off-site secure access for 3rd parties, remote operators and maintenance engineers
  • multi-factor authentication (MFA), role-based access control (RBAC) , audit trails and session recording.   
Number-one

Centralized control room

PrivX OT Edition synchronizes identities from multiple directories, including  Active Directory (AD) Lightweight Directory Access Protocol (LDAP), and OpenID and maps them automatically to the right roles. All accessible targets managed under a single pane of glass.

Success

Easy to use and secure

Enhance productivity through a single-sign-on (SSO) and HTML5 ‘thin-client’ user interface. No software agents on the client or the server, no complex configuations. Just-in-Time Zero Trust access without credentials left behind for misuse.

compliant secure remote accesS

Comply with regulations 

Regulations

ISA/IEC 62443

ISA/IEC 62443 Industrial Automation and Control Systems Security series of cybersecurity standards is applicable to automation and control system applications. 

Regulations

ISO 27001

ISO 27001 is one of the most recognized industry standards. In particular annex A.9.1 of ISO 27001:2013 focused on the business requirements of access control. 

Regulations

NIS/NIS2.0

The European Network And Information Security Directive (NIS) is applicable to measures for the security of network and information systems across the Union. 

Regulations

NIST

National Institute of Standards and Technology  (NIST) has several recommendations for proper access control and governance, including NIST Special Publication 800-210 for General Access Control Guidance for Cloud Systems.

Customer cases

PrivX OT Edition- Power plant-1

Secure OT access for 3rd party engineers in power plant

Premise:A global energy company operating dozens of electricity plants. Each plant has critical equipment (OT devices) from 3rd party vendors with service contracts. Access to OT devices is realized through an application gateway. The company needed a secure remote access solution to allow 3rd party vendor technicians to perform scheduled and on-demand maintenance.

Challenges: 3rd parties had visibility into the whole OT environment. No visibility into the use os shared credentials.  Granting access took a long time and revoking access was cumbersome No session monitoring or audit trail.

Change: Direct access to the application servers is restricted, and externals don't  handle shared credentials. No one ever sees any access secrets. User IDs are verified by MFA and are visible with access sessions. Effective workflows for access requests and approvals.  Time-boxed access for the OT target site; automatic revocation after the job is done.  Always up-to-date list of OT targets  based on user role (RBAC). Session recordings and auditing events for SIEM.

PrivX_OT_Edition_shipping_Remote_Access

A Marine Vessel Operator Secures Remote Access and IoT Data Collection 

Premise: With the help of IoT sensors, on-board computing, satellite communication and cloud-based analytics, the customer aimed to enhance operational profitability.  However, connectivity from the public cloud environment to mission critical vessel systems came with risks.

Challenges: Limited transparency into the remote access without visibility into the sessions. The VPN connections to the ship networks were  always on. Indiscriminate access to all areas once logged in to VPN service. Untracked and unidentified connections to ship subsystems. Shared accounts and manually managed access credentials.

Change: Increased transparency and compliance via audit trail and session recording. Secrets secured and managed centrally for risk mitigation. Automated linking of roles to identities. Just-in-Time (JIT) access granting and revocation with least privileged for granular security. Scalable cloud deployment and increased level of automation for easy fleet expansion.

Why the Manufacturing Industry Should Get Serious About Zero Trust and Just-in-time Access

IT/OT convergence is shaking up the utility, transportation, energy and manufacturing industries. Learn why secure remote access is at the center of this transformation and how companies can protect their critical operations.

Read the blog