In early 2020, enterprises worldwide faced the unanticipated challenge of quickly pivoting to remote operations at the onset of the COVID-19 pandemic. For many, this was a wake-up call that shed a spotlight on their organization's lack of secure remote access capabilities, particularly with regards to operational technology (OT).
Many security decision makers quickly identified the need for a solution that would enable OT personnel to monitor connections, enforce privileged access control, and meet auditing and compliance requirements while working from home. However, when it comes to secure remote access, OT has some unique requirements and challenges that differentiate it from IT.
VPN- and gateway-based remote access remain popular for IT use cases, and while many of these solutions have improved with next-generation software-defined perimeter (SDP) features, they are ill-suited to OT environments due to their limited access controls and lack of monitoring and auditing capabilities. Furthermore, traditional VPNs and gateways inadvertently expand an organization's attack surface and present adversaries with a potential point of entry via stolen credentials or internet-facing vulnerabilities.
Secure-by-Design Remote Access for OT
Understanding the specific requirements of OT environments and the limitations of existing VPN, gateway, SDP offerings on the market, Claroty set out to create a secure remote access solution for OT that offers the highest security measures with efficiency and operability in mind. In fact, Claroty xDome Secure Access is the industry's only solution that is purpose-built for OT and fully integrated as a native component of a comprehensive OT security platform.
Claroty xDome Secure Access was designed with the following security infrastructure principles in mind:
Data at Rest: Password vault data for user access and asset data is stored and encrypted in the Claroty database using AES-256 and hashed using SHA-256.
Data in Transit: xDome Secure Access splits data in transit between two encrypted tunnels in a manner that reduces the attack surface by removing direct connectivity between remote users and OT assets.
In addition, Claroty xDome Secure Access' myriad features support adherence to OT security best practices, including architecting according to the Purdue Model, applying the principle of least privilege, and using role-based access control, password-vaulting, and GDPR-compliant auditing/forensics.
The Claroty Platform: SRA Success Stories
The Claroty Platform: xDome Secure Access Success Stories details the following real-world examples of how our customers have leveraged Claroty xDome Secure Access to fulfill their OT security and risk management objectives:
xDome Secure Access Success Story #1: Claroty xDome Secure Access empowers a clean energy leader to minimize onsite staff amid COVID-19, while adapting industrial operations and cybersecurity for a remote workforce.
xDome Secure Access Success Story #2: A global beverage manufacturer uses xDome Secure Access to minimize third-party risk and preserve process integrity at water treatment and bottling facilities worldwide.
xDome Secure Access Success Story #3: xDome Secure Access enables one of Europe's busiest airports to manage secure remote access to building management systems (BMS).
