Analysis
Attacks and Vulnerabilities
Critical infrastructure
ICS Security Framework
Industrial Cyber Attacks
News
Vendors
Zero Trust

Xage Cybersecurity Services rope in defense-in-depth capabilities with zero trust security for proactive cyber defense

September 01, 2022
Xage Cybersecurity Services rope in defense-in-depth capabilities with zero trust security for proactive cyber defense

Zero trust security firm Xage launched Wednesday its Cybersecurity Services to accelerate a shift to proactive cyber defense. It will also help improve compliance with cybersecurity mandates for oil and gas pipeline operators from the Transportation Security Administration (TSA). 

The services provide assessment, design, implementation, and support services that help with the proactive cyber-defense transformation. They can also be used to immediately understand cyber-readiness, boost adoption of industrial cybersecurity best practices, and quickly augment organizational industrial cybersecurity posture. 

Using its industrial control systems (ICS), operational technology (OT), and cybersecurity experience, the Xage Cybersecurity Services are built on industry-accepted cybersecurity standards, covering all vital aspects of a modern industrial cybersecurity program. They assist organizations in gaining new levels of visibility into their cybersecurity posture with an assessment of the operational environment. Furthermore, a team from Xage will also assist in uncovering gaps, potential problems, and opportunities for new efficiencies through a deep analysis of operational networks, systems, policies, and procedures. 

Xage Cybersecurity Services offerings have been based on the company’s proven zero trust defense-in-depth methodology, developed to address the spectrum of risks faced by industrial organizations. Furthermore, enterprises will also benefit from the latest zero trust cybersecurity measures and OT risk management designed for the real-world needs of industrial organizations. 

Xage Cybersecurity Services accelerates the transformation of security posture from assessing the current state to identifying and designing the right cybersecurity measures, through choosing and implementing industry best practices and frameworks. It also helps scale cybersecurity and operations teams to meet any near-term challenge or ongoing digital transformation initiative. 

Xage Cybersecurity Services also help organizations immediately address a recent cyber incident or build new cyber capacity across the OT and OT-IT converged infrastructure. They also feature a full lifecycle of consulting and global implementation capabilities, including the capabilities to assess, design, implement, and support. Xage analyzes and evaluates current systems and networks for vulnerabilities and gaps against any federal security guidelines. Following the assessment, Xage outlines suggested technologies and strategies based on gaps, and develops a roadmap and implementation plan to meet goals and compliance requirements.

Once an implementation plan is drawn, Xage guides organizations through adoption. For pipeline operators focused on meeting TSA guidelines for their operations in North America, this process includes developing and maintaining a required Incident Response Plan. Post implementation of cybersecurity controls based on TSA-approved plan, Xage covers ongoing maintenance and improvements through continuous review and SLA-based operational support, including ongoing implementation assessment programs.

Xage is also partnering with global system integrators (GSIs), starting with HCL Technologies, to help scale its service delivery. The cybersecurity services and the alliance with HCL Technologies will help create submission-ready TSA implementation, assessment and incident response plans to expedite compliance. Xage-based plans have already been approved by the TSA, establishing the track record and methodology for approval success. These measures will help pipeline operators boost the cyber-hardening of critical infrastructure and expedite compliance ahead of federal deadlines. 

The joint Xage Services and HCL offering will assess existing cybersecurity controls readiness to meet SD02C requirements and create an implementation plan ready for TSA approval. It will also develop a cybersecurity incident plan based on operational risk profile and measure incident response plan effectiveness across people, processes, and technology. Furthermore, the offering will develop and manage operator-specific assessment programs, and carry out review of cybersecurity measures implemented to cyber-harden critical cyber systems.

To meet TSA pipeline security directive requirements, Xage Cybersecurity Services will establish and implement a TSA-approved cybersecurity implementation plan that outlines specific cybersecurity measures. It will also develop and maintain a cybersecurity incident response plan to reduce the risk of operational disruption. Further, it will establish a cybersecurity assessment program with an annual plan with details on the assessed effectiveness of the cybersecurity measures defined in the implementation plan.

Duncan Greatwood - Xage Security
Duncan Greatwood, CEO of Xage Security

“Our objective is to cyber-harden critical infrastructure against growing threats, and Xage has deep experience securing operational technology (OT) and OT-IT environments in compliance with the newest regulatory requirements,” Duncan Greatwood, CEO of Xage, said in a media statement. “For example, we’ve helped some of the largest oil and gas pipeline operators in North America obtain TSA compliance approval across thousands of sites.” 

Greatwood said that while there is clear urgency to adopt proactive cybersecurity approaches such as zero trust, it’s not easy to bring modern security to existing systems. “We’re expanding our capabilities and welcoming Amit to the team to provide critical infrastructure operators with the expert assessment, design, and implementation services they need to achieve both protection and compliance,” he added.

In July, Xage reported that increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. The data comes as half of these critical infrastructure installations are on a fast track to blocking cyber attacks, while the other half of organizations risk falling behind. In addition, concerns with rip-and-replace costs and lack of resources could also add years to zero trust implementations.

Industrial Cyber will be hosting a webinar presented by Xage and TP Research covering the Zero Trust approach to securing OT /ICS. Join us on Sep 14th.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation