Zero Trust Access Controls and Discovery and Threat Intelligence for advanced compliance combined in the solution, as SSH expands its OT security offering.
OT security is a wide concept with a lot of elements involved, so it’s good we have frameworks that help organizations categorize their needs. One of the prime examples of such frameworks is the Cyber Security Framework 2.0 by National Institute of Standards and Technology (NIST CSF 2.0). Even though CSF 2.0 is not OT specific, it still applies. In Europe, NIS2 is impacting OT as well with its expanded scope and requirements for critical infrastructure safeguarding.
We at SSH Communications Security (SSH) have been offering OT security solutions for years, with a strong focus on scalable and comprehensive off-site and on-site Zero Trust access management for critical industrial control systems (ICS) in OT. Now that we have partnered with Honeywell, we have been able to expand the scope of our offering in OT.
Honeywell Acquires SCADAfence
Before going into details about the combined solution, a few words about Honeywell. The company is a Fortune 500 giant focusing on industrial automation, aviation and energy transition with a strong focus on safety and security. Last year, Honeywell acquired SCADAfence, whose solutions are now part of the Honeywell Forge Cybersecurity+ suite.
In particular, the SCADAfence portion of the suite provides expanded asset discovery, threat detection, and compliance management capabilities. These Cyber Insights and Cyber Watch solutions are also the core of the combined solution between Honeywell and SSH.
The Combined Solution within the NIST Cybersecurity Framework 2.0
Bolstered by the Honeywell partnership, our OT security offering now covers areas in Identify, Protect, Detect and Respond of the NIST CSF 2.0 framework. This combination allows companies to put a lot of emphasis on preventive cybersecurity to ensure that cyberattacks, unauthorized access or ransomware injections are all very hard to achieve while improving the organizations’ capacity to respond if an incident occurs.
.jpg?width=800&height=431&name=honeywell_scadafence_blog_post(1).jpg)
The combined solution includes Honeywell Cyber Insights and Cyber Watch, as well as PrivX OT, and it allows customers to:
- Manage access to OT/ICS environments at scale with full lifecycle access management, just like with Zero Trust Privileged Access Management in IT
- Discover OT assets
- Apply continuous passive monitoring to deliver visibility, asset management, traffic analysis and real-time threat detection
- Pre-emptively thwart suspicious access attempts based on artificial intelligence (AI)
This is how the solution works on a high-level:
.jpg?width=800&height=332&name=honeywell_scadafence_blogpost(2).jpg)
Benefits of Honeywell Forge and SSH PrivX OT
Benefits of the combined solution include:
1. Easy-to-use, access management and maintenance locally or globally.
The Honeywell Forge platform combined with PrivX OT makes it possible to have a full visibility of all assets in an OT environment, apply real-time threat detection to the environment and manage access at scale. This allows engineers and technicians to securely troubleshoot problems or carry out maintenance tasks without a team on site, reducing downtime and the risk of lost production time.
.jpg?width=704&height=391&name=honeywell_scadafence_blogpost(3).jpg)
2. Access IT/OT as one.
As IT and OT are converging, customers put more emphasis on solutions that can handle both environments. PrivX OT is protocol agnostic and allows managing critical secure remote or local access from one centralized solution to IT and ICS/OT targets alike, regardless of the vendor. With this approach, there is no need for multiple point solutions, train staff to use different tools or worry about vendor technician getting untracked access to your environment.
3. Strong ID and workflow approvals.
PrivX OT links with multiple directory or identity and access management (IAM) solutions like Active Directory, Microsoft Entra or any other IAM, even at the same time. It then maps these identities to roles for critical IT/OT access, and restricts access to the minimum needed to get the job done.
In a true Zero Trust fashion, every access attempt is verified each time it's made without anyone having permanent access.
4. Device Trust and continuous session validation.
.jpg?width=318&height=310&name=honeywell_scadafence_blog_post(4).jpg)
For access to production sites, we offer PrivX Authorizer that can enforce a second-step authorization from an external administrator, like the site manager, for access.
User Entity and Behavior Analytics (UEBA) can automatically block access from suspicious location, time, behaviour patterns, as defined in the company security policies.
Device Trust ensures that only verified devices are allowed to access a target, and if the security of the device is compromised during the session, PrivX OT can stop the session automatically.
5. Multi-protocol support.
The solution supports various IT (SSH, RDP, HTTPS, VNC, TCP/IP) as well as OT protocols (Ethernet/IP, Profinet, Modbus TCP, OPC UA, IEC61850...) which allows organizations to combine IT/OT data.
6. Asset discovery and intelligence.
Organizations can discover IT and OT assets, enable real-time threat detection, process and product data analysis, and increase operational efficiency without the fear of data compromise. They also stay up-to-date on the status of their environment and which targets to protect.
7. Secure patch management and file transfers.
Maintaining, running diagnostics or patching IT/OT targets is always a critical operation. With malware scanning for file uploads or file transfers between site, we ensure that ransomware or other malicious payloads cannot enter your critical infrastructure. The connections can be secured up to a quantum-safe level.
8. Secrets and password management.
Stolen credentials are a massive risk. PrivX OT manages and vaults passwords and other credentials when needed but also allows organizations to migrate to completely credential-less access management with just-in-time (JIT) ephemeral access.
With this approach, the users never see or handle any passwords or authentication keys, and there is not need to manage them after the session is over, since the secrets needed to establish the connection disapper automatically. What doesn’t exist, cannot be shared, lost stolen, or misused, making your secrets management truly Zero Trust.
9. Auditing, recording and monitoring.
Every session produces a solid audit trail, they can be recorded as needed or the admin can turn on session recording for live four-eyes inspection for the most critical sessions.
.jpg?width=451&height=300&name=honeywell_scadafence_blogpost(5).jpg)
10. Comply with regulations.
The solution enables organizations to stay compliant with strict regulations applicable to remote access, automation, control system applications, and network and information systems, such as: ISA/IEC 62443, ISO 27001, NIS/NIS 2.0, and NIST. With easy-to-read policy reporting, any violations are flagged immediately.
Intelligent Security for Assets, Access and Production Sites
Cybersecurity and safety are intertwined in critical infrastructures. The good news is that there are companies like us and Honeywell who can help businesses ramp up their OT security without investing significant resources in-house for cybersecurity projects.
You can discover your assets, secure access to them at scale, verify the device and the ID, and monitor the security posture of the session as needed.
Read more about the joint solution between Honeywell and SSH here. While you are at it, book a demo with us to discuss the topic further.
