Dull | A Cyber Attack waiting to happen - VPN's provide too much access

A Cyber Attack waiting to happen - VPN's provide too much access

Are Virtual Private Networks suitable for operational technology environments?

Over the last decade, VPNs have worked well to secure the confidentiality of remote user's access to the client or corporate network. However, over the previous few years there has been a paradigm shift towards remote work. Through this change, worker patterns have evolved from working one-two days at home to three-four days.

The change in worker patterns matched with digital transformation has accelerated the pressure to secure critical remote operations from rapidly increasing cyber threats. Organizations have been using IT tools to secure their operational technology systems, which puts OT systems at risk.

Operational technology systems can't be managed with traditional IT tools as they require different security protocols and access control in order for these systems to be securely accessed internally and externally by third-parties and business partners. These systems are mission-critical to large organisations, and support multi-million and billion-dollar operations that require security and continuity on a 24/7 basis.

How can VPNs cause a supply chain risk?

Virtual Private Networks can expose third-party users to all applications and systems within the targeted network, creating a significant attack vector for organisations looking to lockdown critical technology assets.

Virtual Private Networks are susceptible to Shared credentials across multiple users within an organisation, creating huge identity risks for organisations.

Virtual Private Networks allow users to move laterally within the targeted network, if a user is compromised, the compromised user can move laterally across all systems and drop down to the command line to cause severe damage.

Virtual Private Networks increase the attack surface for hackers and become the single point of failure for all connected systems and applications.

Virtual Private Networks provide limited visibility and auditability of who accessed what and when, making it hard to report session logs across multiple organisations accurately.

Where is the value in changing to an OT-native remote access tool?

Secure Remote Access solutions like Dull are focused explicitly on OT & ICS systems and applications, securing more than just the confidentially of communications but increasing the security through granularity and obscurity. Together, this helps ensure the availability and continuity of operating systems.

Using an OT-native secure remote access tool like Dull, organisations can:

Improve their existing security posture across different network environments.

Increase their visibility and auditability of remote access sessions.

Allow engineers to connect directly to OT systems and applications without seeing the corporate network.

Define all users to specific OT systems and applications based on their users’ privileges.

Support many different connection types with standardised remote access, independent of the underlying infrastructure.

Manage third-party access with granular control and reporting.

Centralise critical data and session logs for management and security for better decision-making and forensic investigations.

Isolate multiple organisations and users to individual applications

Dull | Secure Remote Access

Understand how Dull's Secure Remote Access (SRA) secures your supply chain to your industrial control systems (ICS) operational technology (OT).

Talk to an expert

Secure remote access to managed devices, systems and applications