Critical Asset Management
Based on the most modern concepts of Zero Trust architecture, we change the way organizations manage their Information Technology (IT), Operational Technology (OT) and Industrial Control System (ICS) critical assets. The Zero Trust concept assumes no trust in networks, devices or users, requiring constant, real-time authentication of network components, whether users, systems, equipment and devices.
In a modern environment that increasingly requires the integration of systems, equipment and connected devices, an attack on an OT network or ICS device can be initiated by an exploited vulnerability in an IT system. The centralized and integrated management of these critical assets mitigates the potential risk of a hacker attack.
Solution based on security best practices and compliant with the General Data Protection Regulation (GDPR, 2016), the US Government’s IoT Cybersecurity Improvement Act (2020) and the UK Government’s Code of Practice for Consumer IoT Security (2021).
Our Security Mindset
We develop solutions based on best practices and security policies, and in compliance with the General Data Protection Laws
We use the concept of Zero Trust – which assumes no trust in networks, devices or users, and requires constant, real-time authentication of users accessing data.
Our solutions focus on Preventing, not Remedying problems
Our solutions are low complexity, quick setup and easy onboarding.
Key Security Vulnerabilities and Average Cost of Violations
of hacking-related breaches use stolen or weak passwords.
Source: Verizon, 2020
of ransomware attacks start by stealing credentials.
Source: Dark Reading, 2021
average total cost of a breach involving ransomware.
Source: IBM, 2021
average Cost of Financial Losses per data breach (fines, lost business, response).
Source: IBM, 2021
- Users shall only access devices authorized by the administrator and without knowledge of credentials
Audit and Compliance
- Log, Keylogger and Video Audit, compliant with global regulations
Secure and Reverse Tunnel
- Access to devices, systems and equipment shall occur through a secure tunnel, automatically, without user management.
- Reverse access tunnel when firewall restrictions apply, reducing operational costs.
- No system, equipment or device shall be accessible anonymously and outside the Platform.
- Secure software updates
- Protection against equipment theft
- Passwordless authentication to the Platform, with non-repudiation guarantee
Secure Data Collection and Storage
- Secure data collection and storage from devices
- Automatic Deployment.
- Remote provisioning of new devices.
- Easy, contactless record.
No Default Passwords
- IoT device uses private key for authentication instead of passwords (suitable for new UK legislation on IoT devices)
Main Advantages of the Solution
Access without using a password
All users who access the Platform and the critical assets, managed through it, shall do so without the use of login and password, using the concept of a private key in authentication, ensuring non-repudiation of those who access.
No knowledge of credentials
All users who access critical assets managed through the Platform shall do so without knowledge and access to their credentials. This will prevent external access to the Platform, reducing numerous security threats.
Secure Access to Systems
Connections between user workstations and critical assets shall be made through a Secure Channel automatically generated by the Platform itself, avoiding the need to manage VPNs, as well as the risks inherent in their use. Significant reduction of operational costs, due to the possibility of remote access, often prevented by firewalls .
Audit and Compliance
All accesses can be audited. Therefore, in the event of any incident, the user who made the access can be identified. The solution complies with best practices and the GDPR.
Authorization and Revocation of Access
All authorization and revocation of access takes place, centrally, through the Platform, and this can be done individually, by group, department, etc. In case of termination of an employee, all accesses are revoked simultaneously by the Administrator.
Safe Operational Management
1 Users may be authorized to access one or more Platforms through the same ID.
2 Each entity shall have its Platform and its hubs.
3 A user may be authorized to access other Platform(s) from their main Platform.
4 Each entity shall manage its IT, OT and ICS critical assets.
Best Security and Compliance Practices key regulations
Best security practices are based on international standards for data protection and privacy (such as GDPR and LGPD), which guarantees organizations and governments the prevention of fines and a competitive advantage in the market.
- 1. Privacy by Design Concept.
- 2. Non-repudiation and user authenticity guarantee.
- 3. Authentication without the use of Password.
- 4. Identity management and access control, according to best security practices.
- 5. Not having default passwords on IoT devices.
- 6. Ensuring that all access between the user and devices occurs through secure means.
- 7. Secure software update.
- 8. Access to all critical assets through the Platform and with audit.
The return on investment (ROI) generated by adopting the Zero Trust concept:
Reduced Data Breach Risk
Reducing the risk of data breach can reach up to 50%
In medium and large companies, savings can reach US$ 20 per employee per month. Advanced Audit can reduce by up to 25%
Technical support calls can be reduced by up to 50%. Agility to deliver new infrastructure can be reduced by up to 80%