Home Cloud Computing OT distant entry: are you able to belief your technician’s laptop computer?

OT distant entry: are you able to belief your technician’s laptop computer?

0
OT distant entry: are you able to belief your technician’s laptop computer?

[ad_1]

Zero Belief Community Entry (ZTNA) is a safe distant entry service that verifies distant customers and grants entry solely to particular assets at particular instances based mostly on id and context insurance policies. That is half 2 in our ZTNA weblog collection for operational environments. Learn the primary weblog right here.

Proper now, someplace on the planet a robotic arm wants a firmware improve, a wind turbine is stalled, and a freeway message signal is displaying gibberish. If your enterprise relies on operational know-how (OT) or industrial management programs (ICS), you have to enable machine builders, upkeep contractors, or your personal consultants and technicians to remotely entry gear for configuration, troubleshooting, and updates.

Shrink the danger with ZTNA

In our final weblog we gave a ten,000-foot view of Cisco Safe Tools Entry (SEA) and the way it can assist to safe distant entry to your industrial community. Cisco SEA is a Zero Belief Community Entry (ZTNA) answer controlling who can join, which OT property they’ll entry, and when. It begins with a default deny posture and presents least-privilege entry solely as soon as it trusts the person id.

Clientless and agent-based ZTNA

Along with proscribing entry to particular property and schedules, Cisco SEA may also prohibit the entry technique distant technicians can use to log into an OT asset. If they’re utilizing RDP, VNC, SSH, Telnet, or HTTP(S), they solely want an internet browser—no consumer software program is required. Cisco SEA proxies all distant entry visitors, that means that customers by no means have direct IP entry to the asset or the community. Fully isolating important assets provides you unmatched safety.

In some conditions, you would possibly want a full IP communication path between the distant person and an OT asset. Examples are if technicians are utilizing a vendor-specific administration software program, modifying a PLC program utilizing a local desktop software, or transferring recordsdata to and from an asset. To handle these superior use instances, Cisco SEA presents an agent-based ZTNA entry technique known as SEA Plus.

SEA Plus installs a light-weight software on the distant person’s pc to create a safe end-to-end IP reference to the OT asset, enabling any TCP, UDP, and ICMP communications. Nonetheless, in contrast to the community extension supplied by a VPN answer, visitors all the time goes by the SEA belief dealer, which enforces safety insurance policies similar to which property may be accessed, when, and which protocols and ports can be utilized.

Total, SEA Plus gives native IP entry to operational know-how from distant computer systems, however with out the necessity to design, deploy, and keep a VPN infrastructure. It additionally strengthens and simplifies safety with extremely granular controls tightly proscribing entry to OT property as required by the ZTNA least-privilege precept.

Take ZTNA to the subsequent stage with automated security-posture checks

Management over the who, what, how, and when of distant entry is a huge step towards strong safety of your industrial community and demanding infrastructure. However when utilizing SEA Plus, you’re granting full IP entry to an asset. How will you be certain the person’s pc is not going to expose the asset to malware or malicious visitors? To realize full belief, you have to confirm the machine the technician is utilizing to log in.

Excellent news: Cisco SEA and Cisco Duo work collectively to routinely examine machine well being earlier than granting entry to an asset. When a distant person tries to determine a session utilizing the SEA Plus entry technique, Duo verifies that the person’s pc complies together with your safety insurance policies—for instance, working system model and patch stage, firewall standing, use of antivirus software program, and extra. If a tool doesn’t meet your necessities, the technician can not achieve entry.

Stronger safety with much less effort

Summing up: As a hybrid-cloud answer, Cisco SEA avoids the prices and complexity to take care of safe distant entry capabilities at scale throughout your industrial community and demanding infrastructure. As a ZTNA answer, it allows you to take management again by implementing least-privilege safety insurance policies based mostly on id and context. And with the mixing between SEA and Duo, it’s also possible to examine the safety posture of distant computer systems—one other key side of zero belief.

Verify again quickly for our subsequent ZTNA weblog, to find out how Cisco Safe Tools Entry can assist you monitor distant entry classes for regulatory compliance, investigating incidents, or coaching functions.

Within the meantime, ensure you subscribe to our OT Safety e-newsletter, study extra about Cisco Safe Tools Entry (SEA), and take a look at our Cisco Validated Design Information for help on find out how to implement ZTNA in your operational surroundings.

Share:

[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here