Universal Tunneling: Secure & Simple OT Connections

Unique to WALLIX, Universal Tunneling enables users to benefit from all the power and ease of the WALLIX Bastion, while simplifying user experience.

Increasingly Exposed Process Environments  

For many years, the so-called “industrial” and “office” networks have remained well-separated. Technologies and needs differed, as did the challenges and risks each area of the business faced.

Today however, OT relies on IT technologies, but adapted to the operational safety constraints that characterize the industry. The maintenance of IT-OT components is no exception to the need for security. Unfortunately, the proliferation of network access points, secure or not, is characteristic of a massive digitization of industrial environments.

In 2020, Kaspersky’s ICS CERT observed a 53% increase in remote access to OT environments and, at the same time, an average reduction in cybersecurity budgets of 24%.

Rampant, uncontrolled and unmonitored remote access drastically increases the attack surface of OT environments. And in a sector rife with sensitive data and public implications, the potential consequences are significant, in terms of lost production costs, data leakage, or human impacts (public safety, biomedical concerns, etc.).

The IT-OT Context

The industrial sector faces particular and specific regulations for IT security. The ISA / IEC 62443-2/3 standard defines a range of requirements for authentication and management of access rights for operators and service providers working on industrial automation and control systems (IACS).

WALLIX secures IACS by centralizing internal and external connections, and through comprehensive traceability and audit capabilities of all maintenance activity performed across the infrastructure. This enables Industrial organizations to monitor all IT-OT maintenance actions and connections into sensitive assets.

However, in order to ensure production continuity, service providers and operators must be able to access their production resources without any environmental, location or time constraints.

With Universal Tunneling, WALLIX offers a simplified user experience adapted to complex OT environments.

Thanks to the constraints of industrial sites and distributed networks, it’s not always feasible to rely on jump servers to access resources. For instance, some service providers have their own tools to connect to machines, with their own configuration and their own habits. To facilitate their work efficiency, it becomes necessary to secure their connection directly from their workstation to the target to guarantee operational efficiency.

Some confidential programming data cannot be shared on the same engineering station by multiple providers. The versioning of the administration tools cannot be common to all the PLCs of the same manufacturer

Through Universal Tunneling with the WALLIX Bastion, these challenges are no longer an issue, making it simple and efficient for IT and equipment administrators to connect into the resources necessary to carry out critical tasks.

Universal Tunneling

Through this unique tool, the main obstacles to implementing a Privileged Access Management (PAM) solution in OT environments are resolved. Industrial protocols (e.g. Modbus, Profinet, Bacnet, EtherCAT, etc.) are encapsulated directly in an SSH tunnel, allowing service providers to connect to their PLCs, gateways, and other industrial components, exactly as they would without Bastion.

Authentication, traceability and session control remain assured; it has never been easier to secure the maintenance of critical assets in OT.

With the WALLIX Bastion complete with Universal Tunneling, the risk of compromising workstations or servers at the end of a jump to resources targeted by an attacker is reduced to the absolute minimum.

The removal of jump servers allows:

  • A reduction in costs (servers, licenses)
  • Optimized user experience
  • Enhanced security

Universal Tunneling promotes user adoption while reducing the TCO (Total Cost of Ownership) of the solution.

Simplifying OT Access Security

Boosted by digitization – and the digital transformation to Industry 4.0 – the IT-OT convergence has left the industrial sector highly vulnerable to frequent cyber-attacks.

Reduce the attack surface area of your industrial environment by eliminating multiple unmanaged VPNs and by centralizing internal and external access to your IT system.

WALLIX secures the access of operators of industrial automation and control systems (IACS), and offers a simplified user experience perfectly designed for OT environments through Universal Tunneling!