easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Zero Trust Network Access (ZTNA) is a secure remote access service that verifies remote users and grants access only to specific resources at specific times based on identity and context policies.\u2026 Read more on Cisco Blogs<\/a><\/em><\/p>\n \u200b<\/p>\n Zero Trust Network Access (ZTNA) is a secure remote access service that verifies remote users and grants access only to specific resources at specific times based on identity and context policies. <\/em>This is part 2 in our ZTNA blog series for operational environments. Read the first blog <\/em>here<\/em><\/a>.<\/em><\/p>\n Right now, somewhere in the world a robot arm needs a firmware upgrade, a wind turbine is stalled, and a highway message sign is displaying gibberish. If your business depends on operational technology (OT) or industrial control systems (ICS), you need to allow machine builders, maintenance contractors, or your own experts and technicians to remotely access equipment for configuration, troubleshooting, and updates.<\/p>\n In our last blog<\/a> we gave a 10,000-foot view of Cisco Secure Equipment Access<\/a> (SEA) and how it can help to secure remote access to your industrial network. Cisco SEA is a Zero Trust Network Access (ZTNA) solution controlling who can connect, which OT assets they can access, and when. It starts with a default deny posture and offers least-privilege access only once it trusts the user identity.<\/p>\n In addition to restricting access to specific assets and schedules, Cisco SEA can also restrict the access method remote technicians can use to log into an OT asset. If they are using RDP, VNC, SSH, Telnet, or HTTP(S), they only need a web browser\u2014no client software is needed. Cisco SEA proxies all remote access traffic, meaning that users never have direct IP access to the asset or the network. Completely isolating critical resources gives you unmatched security.<\/p>\n In some situations, you might need a full IP communication path between the remote user and an OT asset. Examples are if technicians are using a vendor-specific management software, modifying a PLC program using a native desktop application, or transferring files to and from an asset. To address these advanced use cases, Cisco SEA offers an agent-based ZTNA access method called SEA Plus.<\/p>\n SEA Plus installs a lightweight application on the remote user\u2019s computer to create a secure end-to-end IP connection with the OT asset, enabling any TCP, UDP, and ICMP communications. However, unlike the network extension offered by a VPN solution, traffic always goes through the SEA trust broker, which enforces security policies such as which assets can be accessed, when, and which protocols and ports can be used.<\/p>\n Overall, SEA Plus provides native IP access to operational technology from remote computers, but without the need to design, deploy, and maintain a VPN infrastructure. It also strengthens and simplifies security with highly granular controls tightly restricting access to OT assets as required by the ZTNA least-privilege principle.<\/p>\n Control over the who<\/em>, what<\/em>, how<\/em>, and when<\/em> of remote access is a giant step toward robust protection of your industrial network and critical infrastructure. But when using SEA Plus, you are granting full IP access to an asset. How can you be sure the user\u2019s computer will not expose the asset to malware or malicious traffic? To gain full trust, you need to verify the device the technician is using to log in.<\/p>\n Good news: Cisco SEA and Cisco Duo<\/a> work together to automatically check device health before granting access to an asset. When a remote user tries to establish a session using the SEA Plus access method, Duo verifies that the user\u2019s computer complies with your security policies\u2014for example, operating system version and patch level, firewall status, use of antivirus software, and more. If a device does not meet your requirements, the technician cannot gain access.<\/p>\n Summing up: As a hybrid-cloud solution, Cisco SEA<\/a> avoids the costs and complexity to maintain secure remote access capabilities at scale across your industrial network and critical infrastructure. As a ZTNA solution, it lets you take control back by enforcing least-privilege security policies based on identity and context. And with the integration between SEA and Duo, you can also check the security posture of remote computers\u2014another key aspect of zero trust.<\/p>\n Check back soon for our next ZTNA blog, to learn how Cisco Secure Equipment Access can help you monitor remote access sessions for regulatory compliance, investigating incidents, or training purposes.<\/p>\n In the meantime, make sure you subscribe to our OT Security newsletter<\/a>, learn more about Cisco Secure Equipment Access<\/a> (SEA), and have a look at our Cisco Validated Design Guide<\/a> for assistance on how to implement ZTNA in your operational environment.<\/p>\n \u00a0\u00a0Discover how Cisco Secure Equipment Access enables clientless and agent-based ZTNA remote access and checks device security posture by integrating with Cisco Duo.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Zero Trust Network Access (ZTNA) is a secure remote access service that verifies remote users and grants access only to specific resources at specific times based on identity and context policies.\u2026 Read more on Cisco Blogs<\/a><\/em><\/p>\n \u200b<\/p>\n Zero Trust Network Access (ZTNA) is a secure remote access service that verifies remote users and grants access only to specific resources at specific times based on identity and context policies. <\/em>This is part 2 in our ZTNA blog series for operational environments. Read the first blog <\/em>here<\/em><\/a>.<\/em><\/p>\n Right now, somewhere in the world a robot arm needs a firmware upgrade, a wind turbine is stalled, and a highway message sign is displaying gibberish. If your business depends on operational technology (OT) or industrial control systems (ICS), you need to allow machine builders, maintenance contractors, or your own experts and technicians to remotely access equipment for configuration, troubleshooting, and updates.<\/p>\n In our last blog<\/a> we gave a 10,000-foot view of Cisco Secure Equipment Access<\/a> (SEA) and how it can help to secure remote access to your industrial network. Cisco SEA is a Zero Trust Network Access (ZTNA) solution controlling who can connect, which OT assets they can access, and when. It starts with a default deny posture and offers least-privilege access only once it trusts the user identity.<\/p>\n In addition to restricting access to specific assets and schedules, Cisco SEA can also restrict the access method remote technicians can use to log into an OT asset. If they are using RDP, VNC, SSH, Telnet, or HTTP(S), they only need a web browser\u2014no client software is needed. Cisco SEA proxies all remote access traffic, meaning that users never have direct IP access to the asset or the network. Completely isolating critical resources gives you unmatched security.<\/p>\n In some situations, you might need a full IP communication path between the remote user and an OT asset. Examples are if technicians are using a vendor-specific management software, modifying a PLC program using a native desktop application, or transferring files to and from an asset. To address these advanced use cases, Cisco SEA offers an agent-based ZTNA access method called SEA Plus.<\/p>\n SEA Plus installs a lightweight application on the remote user\u2019s computer to create a secure end-to-end IP connection with the OT asset, enabling any TCP, UDP, and ICMP communications. However, unlike the network extension offered by a VPN solution, traffic always goes through the SEA trust broker, which enforces security policies such as which assets can be accessed, when, and which protocols and ports can be used.<\/p>\n Overall, SEA Plus provides native IP access to operational technology from remote computers, but without the need to design, deploy, and maintain a VPN infrastructure. It also strengthens and simplifies security with highly granular controls tightly restricting access to OT assets as required by the ZTNA least-privilege principle.<\/p>\n Control over the who<\/em>, what<\/em>, how<\/em>, and when<\/em> of remote access is a giant step toward robust protection of your industrial network and critical infrastructure. But when using SEA Plus, you are granting full IP access to an asset. How can you be sure the user\u2019s computer will not expose the asset to malware or malicious traffic? To gain full trust, you need to verify the device the technician is using to log in.<\/p>\n Good news: Cisco SEA and Cisco Duo<\/a> work together to automatically check device health before granting access to an asset. When a remote user tries to establish a session using the SEA Plus access method, Duo verifies that the user\u2019s computer complies with your security policies\u2014for example, operating system version and patch level, firewall status, use of antivirus software, and more. If a device does not meet your requirements, the technician cannot gain access.<\/p>\n Summing up: As a hybrid-cloud solution, Cisco SEA<\/a> avoids the costs and complexity to maintain secure remote access capabilities at scale across your industrial network and critical infrastructure. As a ZTNA solution, it lets you take control back by enforcing least-privilege security policies based on identity and context. And with the integration between SEA and Duo, you can also check the security posture of remote computers\u2014another key aspect of zero trust.<\/p>\n Check back soon for our next ZTNA blog, to learn how Cisco Secure Equipment Access can help you monitor remote access sessions for regulatory compliance, investigating incidents, or training purposes.<\/p>\n In the meantime, make sure you subscribe to our OT Security newsletter<\/a>, learn more about Cisco Secure Equipment Access<\/a> (SEA), and have a look at our Cisco Validated Design Guide<\/a> for assistance on how to implement ZTNA in your operational environment.<\/p>\nShrink the risk with ZTNA<\/h2>\n
Clientless and agent-based ZTNA<\/h2>\n
Take ZTNA to the next level with automated security-posture checks<\/h2>\n
Stronger security with less effort<\/h2>\n
Shrink the risk with ZTNA<\/h2>\n
Clientless and agent-based ZTNA<\/h2>\n
Take ZTNA to the next level with automated security-posture checks<\/h2>\n
Stronger security with less effort<\/h2>\n