Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks

Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks

Zero trust security vendor Xage launched Thursday its Zero Trust Session Collaboration tool that delivers secure multi-user session collaboration for critical infrastructure and industrial organizations. The tool enables operators to allow multiple remote users to securely work together on an IT or OT (operational technology) asset, and access is controlled using policies enforced by the Xage Fabric

The Zero Trust Session Collaboration tool allows administrators to securely invite approved users to remotely view or control a desktop, application, or terminal screen. The tool also provides complete visibility and command to administrators who can disconnect a participant, take over controls, entirely terminate a session, and review a complete audit of all actions taken by all participants.

Announced Thursday, the Session Collaboration tool comes baked with zero trust principles. Each collaborator must first verify their identity and can only connect if they have authorized access to the remote workstation, device, or asset. Administrators with higher privileges can voluntarily shadow all ongoing collaboration sessions to monitor actions, provide ‘over the shoulder’ monitoring to avoid any inadvertent mistakes, and terminate sessions at any time.

The Session Collaboration tool will be available as part of the full Xage Fabric subscription, which includes zero trust access management for users, devices, and applications; as well as remote access and secure file transfer capabilities.

“Xage’s Zero Trust Session Collaboration is a first-of-its-kind solution that securely allows partners and contractors to remotely view and control a desktop, application, or terminal screen,” Roman Arutyunov, co-founder and vice-president of product at Xage, told Industrial Cyber. “This is crucial for companies with distributed assets, such as oil pipelines and wind farms. It’s far more efficient to remotely troubleshoot issues and deploy new technologies than it is for personnel to travel to physical sites.”

Arutyunov pointed out that for OT environments, this type of secure remote access is integral to preventing cyberattacks. “Several recent hacking groups—including Conti, Lapsus$, and more—have leveraged remote desktop access as an attack vector. With critical infrastructure, the consequences of attacks can be extreme,” he added. 

The Zero Trust Session Collaboration from Xage enables granular control over specific assets, unlike the status quo patchwork solutions of firewalls and VPNs. The zero trust concept of ‘never trust, always verify’ is baked into the Xage solution, empowering multiple remote users to securely work together via identity-based access control, according to Arutyunov. “Collaborators are never actually inside the network, and are limited to access to individual assets per policy. What’s more, administrators have complete visibility and command: they can disconnect a participant, take over controls, entirely terminate a session, and review a complete audit of all actions taken during the session,” he added. 

“Real-world operations are often distributed and difficult to secure. Safe collaboration solutions suited for these environments have long been missing in the market,” Duncan Greatwood, CEO at Xage, said in a media statement. “Xage now makes it easy to invite users to collaborate on distributed, modern and legacy assets while maintaining granular control over what the user can do. Zero Trust Session Collaboration boosts operator productivity and speeds up operational work to keep critical infrastructure running.”

“Remote access and third-party collaboration are vital for the continuing operation of many industrial networks,” Jonathon Gordon, directing analyst with Takepoint Research, told Industrial Cyber. “However, many of the methods and platforms currently in place are potential backdoors for malicious actors to infiltrate the OT/ICS environment. A secure remote access and collaboration platform, tightly integrated with zero-trust and IAM capabilities will make a lot of sense for many organizations that need to provide access, but are keen to minimize the associated risks,” he added.

Explaining how the tool overcomes the challenges of third-party and supply chain stakeholders, Arutyunov said that every critical infrastructure organization taps third-party vendors or auxiliary teams to build, service, or fix physical assets in the field. “Zero Trust Session Collaboration accelerates this process, allowing the operator to visibly demonstrate an issue, work simultaneously, and ensure no unintentional damage occurs. Allowing outside connections to critical assets introduces risk. With Zero Trust Session Collaboration, access to an IT or OT asset is controlled via policies enforced by the Xage Fabric, eliminating risk of accidental or intentional harm during this process,” he added. 

Any attempt to access assets beyond those explicitly allowed by the policy is blocked, flagged, and recorded and the session may be terminated immediately, according to Arutyunov. 

Addressing the challenges that Xage faced when it came to baking the zero trust principles into its Session Collaboration capability, Arutyunov indicated that every solution powered by the Xage Fabric will inherently embody the principles of zero trust. 

“The Fabric enables an airtight, identity-based model for protecting every single asset and application in an operation, ensuring that each asset—even those with no built-in identity of their own—is assigned an identity that determines who and what has access to it,” Arutyunov said. “This model also controls when, where, and how each asset may communicate with any other asset. This makes common adversarial behaviors such as asset enumeration and lateral movement much more difficult, or impossible, in environments secured with the Xage Fabric. With the Fabric as its foundation, no extra steps were needed to bake zero trust into Session Collaboration. Zero trust principles are in its bones,” he added.

Pointing out that the Zero Trust Session Collaboration is browser-based, Arutyunov highlighted that there’s no need for a company to install any agent, nor corresponding patches. “To maintain the integrity of the OT security model, access sessions are secured with a multi-hop network approach that terminates connections at each layer of security separation. When authorized, session participants can also securely transfer files in and out of the operation, with malware scanning and file integrity checks at defined security boundaries,” he added.

Multiple deployment models are supported fully on-premise, cloud, or hybrid. The product is installed on virtual machines typically in just a few hours, according to Arutyunov.

In September, Xage launched its Cybersecurity Services to accelerate a shift to proactive cyber defense. It will also help improve compliance with cybersecurity mandates for oil and gas pipeline operators from the Transportation Security Administration (TSA).

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related