Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:20 AM
Dark Reading
Dark Reading
Products and Releases

Xage Security Introduces Universal Multi-Factor Authentication for Industrial Operations

New technology delivers MFA to protect all industrial assets, regardless of type, connectivity, or location.

PALO ALTO, Calif., July 07, 2020 (GLOBE NEWSWIRE) -- Today, Xage Security introduces a new universal Multiple-Factor Authentication (MFA) offering, enabling industrial organizations to protect their entire operation, across a variety of assets – even those that previously lacked even basic device password protection – for the first time. Built specifically to support OT/IoT use cases, Xage’s MFA solution eliminates operational dependencies to ensure that industries can protect their assets from attacks, including the growing wave of cyberattacks that exploit remote access vulnerabilities.

Many industrial operations include machines with no password protection, or basic lock/unlock features that lack secure access control. In the last two years alone, digital attacks targeting industrial control systems (ICS) and operational technology increased by over 2000%. Many of these attacks involved a combination of exploiting known vulnerabilities in supervisory control and data acquisition (SCADA) and ICS hardware components, along with default-password and password-spraying attacks leveraging brute force login techniques. Furthermore, recent estimates project the number of IoT connections to rise to 83 billion by 2024, with the industrial sector accounting for around 70% of those connections. The layering of new and legacy systems and technologies, combined with an increase in remote work for the foreseeable future, gives operators less visibility and control over logins happening from various locations at all times––and puts them at massive cyber risk if they leave assets unprotected.

Xage’s new solution enables MFA for any device and application, so industrial organizations can enforce authentication with multiple-factors (passwords, one time token, biometric, etc.) across their entire system. For the very first time, operators can add MFA to all of their assets (new and legacy), and enforce universal multi-factor, identity-based, low latency access on remote assets, even over intermittent networks. Xage’s highly resilient authentication and enforcement are delivered at the edge and continue to operate even if connectivity to the center is lost––ensuring universal tamperproofing without additional dependencies. As a result, Xage’s MFA solution mitigates a vast array of common cyberattacks, including password spraying attacks, password theft, identity theft attacks, and phishing attacks to plant malware on target devices.

“In the last few months, we’ve seen operational systems open up to remote access and authorization––out of necessity for business, but often without all the necessary protections in place,” said Xage CEO, Duncan Greatwood. “With the risk of successful remote attacks having increased exponentially, organizations need to utilize identity-based security. Multi-factor authentication is more critical to industrial operations than ever before, and now operators can immediately deploy it to every asset.”

Xage’s unified MFA capabilities include:

  • Identity-based comprehensive access control per device and application, with integration of additional factors as needed
  • MFA enforced via the Xage Enforcement Point (XEP) to any legacy one-factor or zero-factor system
  • Distributed MFA-protected access control, even for assets disconnected from the center
  • Standardization of multi-factor authentication methods and extends them across their deployment base of applications, workstations, control devices, etc.
  • Flexibility in choosing and switching between MFA methods (pins, keys, SmartCards, authentication apps, etc.)
  • Compliance with multiple standards across verticals, without the need to replace existing assets
  • Tamperproof audit trail for all machine-to-machine and user-to-machine interactions

The Xage Security Fabric also enables secure remote access to OT environments, critical to today’s increasingly remote work. Xage provides fine-grained access control to field assets; identity and role-based remote access to individual assets per security policy; protocol, session, and encryption security at the edge; built-in access control and monitoring; tamperproof audit logs for all actions and interactions, and enabled compliance to regulation and standards (e.g. NERC-CIP and IEC 62443).

Visit the Xage blog for more information on the company’s MFA offering, and here for more on Xage’s solution for remote identity and access management.

About Xage
The Xage Security Fabric is the universal security solution for modern industrial operations, creating the essential trusted foundation for every interaction, whether human-to-machine, machine-to-machine, or edge-to-cloud. The fabric protects all equipment, from new IoT devices to vulnerable legacy systems, delivering identity management, single sign-on, and access control with in-field enforcement across the industrial operation. Xage is the first and only blockchain-protected security solution providing tamperproof, non-intrusive protection and enabling efficient operations and innovation across all industries. Xage customers include leaders in manufacturing, energy, utilities, and transportation.

LaunchSquad for Xage
[email protected]


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.