When a hacker broke into the computer systems of the Oldsmar Florida water supply last month, it sent red flags to the world of operational technology, whether it was utilities. or oil and gas pipelines. Xage, a security startup that has developed a solution to help protect these hard-to-secure operations, today announced a Zero Trust remote access cloud solution that could help prevent such attacks.
Duncan Greatwood, CEO of Xage, categorically states that if his company’s software was in place at Oldsmar, this hack would not have happened. Small operations like Oldsmar’s tend to be one-man IT shops running older remote access software that are vulnerable to multi-layered hacking.
“It’s not difficult to compromise a VNC (Virtual Network Computing) connection. It is not difficult to compromise an expired account that has been left in a jump box. What we started doing last year is providing what we call a zero trust remote access solution to these types of customers, ”Greatwood told me.
This involves controlling access device by device and person by person by determining who can do what based on their authentication and proof of who they are. “It doesn’t rely on knowing a device password or a VPN zone password,” he explained.
The solution goes one step further with a secure tunnel traversal, which relies on a tamper-proof certificate to prevent hackers from entering the operations side of the house – whether it is a distribution network, water or an oil and gas pipeline – to the IT side where they could then start to laugh at operational technology.
Xage also uses a distributed ledger as a central part of its solution to help protect identity policies, logs and other key information on the platform. “Having a distributed ledger means that instead of an attacker having to compromise only one node, they would have to compromise the majority of nodes simultaneously, and that’s very difficult. [if not impossible] to do, ”he says.
Additionally, ledgers operate independently across locations in a hierarchy with a global ledger acting as the ultimate enforcer of the rules. This means that even if a location is offline, the rules will be enforced by the main system every time it reconnects.
They introduced an on-premises version of the Zero Trust remote access system last October, but with this kind of technology that is difficult to configure and maintain, some customers were looking for a managed solution like the one introduced today. With the cloud solution, customers get a hosted solution accessible through a web browser with much faster deployment.
“What we have done with the cloud solution has made it really easy for people to adopt us by hosting the management software and basic Xage fabric nodes in that Xage cloud, and we are really reducing that time to value significantly for a long time. remote control. access solution for OT, ”said Greatwood.
You might think that CISOs might not trust a cloud solution for these types of sensitive environments, and he admits that there is some caution in this market, even if they understand the benefits of switching. cloud. To alleviate these issues, they can do a PoC in the cloud and there is a transfer tool to easily get back to the site if they are not comfortable with the cloud approach. So far, he says no early-stage customer has chosen to do so, but the option is there.
Xage was founded in 2017 and has raised $ 16 million so far, according to data from Crunchbase.