Gain Insights into the Challenges of Securing OT to IT Communication. Read our whitepaper here.

SOLUTIONS

Industrial Identity and Access Management for Manufacturing

Make Cyber a Bridge not a Blocker on the Shop Floor

Vector (2)

The Challenge Today

Manufacturing equipment is not designed with cybersecurity in mind.

Vector 12 (1)
iStock-1403862024 1
For decades, shop floors have been isolated enclaves of equipment that are difficult to monitor, patch, program, or draw insights.

Today, Industry 4.0 is reinventing how businesses and the shop floors design, manufacture, and distribute their products. The Industrial Internet of Things (IIOT), digital engineering platforms, the cloud, AI, robotics, and automation are integral parts of the digital manufacturing thread. 
iStock-1403862024 2
Effective cybersecurity and strong Identity and Access Management is critical. 

In the future of manufacturing, where an IT network ends and OT network begins is very gray. For competitive intelligence, manufacturing enterprises need to push past air-gapped enclaves with the confidence that connections can be trusted and real-time data can stream securely. Realistically this means finding solutions for legacy equipment that isn’t going anywhere anytime soon and meeting cybersecurity requirements without requiring equipment manufacturers to cooperate. 

The Corsha Solution

Corsha takes an Identity-first approach to OT cybersecurity ensuring that only trusted machines can access OT equipment. Corsha’s unique dynamic Identity Provider focused only on machines of all types and sizes and flavors, whether that is a vendor laptop trying to push updates, a workload in the cloud acting as a Digital Twin, or a Data history storing backups or streaming telemetry data. 

Remote Vendor Access

Digital Twins

Real-time Secure Backups

Remote Vendor Access 2
Remote Vendor Access
Digital Twins
Digital Twins
Real-time Secure Backups
Real-time Secure Backups

Up and Down The Purdue Model

At its core, the Purdue Model provides a structured hierarchical framework for ICS architecture. This framework efficiently organizes the diverse components within an ICS, empowering security professionals to implement tailored security measures at each level.

The Purdue Model for Industrial Control System (ICS) Security

The ZoneCorsha Coverage
Level 5 External/ Vendor Support/ Cloud Access Remote Access that can be scheduled, controlled, and monitored. Pin OT communication to trusted, controlled points in the cloud or vendor environments.
Level 4 This is the corporate IT network. Enterprise digital engineering platforms, databases, email servers, and other logistics-related systems that manage manufacturing operations and provide communication and data storage Provide uniform identity and access for any machine whether that is a cloud workload, digital engineering platform, or a PLC on the floor.
Level 3 The Industrial Demilitarized Zone (IDMZ). Serves as a buffer between the IT and OT networks. Supports bidirectional control and data flow between OT and IT. Corsha is tailored for secure data movement and automation across network boundaries, Corsha adds human-like one-time-use credentials to every request across OT and IT networks
Level 2 The devices that control the overall processes of the system, such as human-machine interfaces (HMIs) and SCADA software, which enable human operators to monitor and control the system. These are often laptops/ workstations or touch pendants Proxy all requests into an HMI or SCADA software pinning incoming communication to only trusted machine clients. Start/stop access in real-time, monitor and audit every incoming request.
Level 1 the systems that supervise and direct the devices at Level 0, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Intelligent Electronic devices (IEDs) Proxy all requests into an PLC without modifying the PLC. Support for Level 1 standard protocols like OPC-UA
Level 0 The physical devices that form the foundation of the equipment, such as motors, pumps, sensors, and valves
The Purdue Model for Industrial Control System (ICS) Security
Level 0
select (1)

Level 0 is the physical devices that form the foundation of the equipment, such as motors, pumps, sensors, and valves.

Level 1
select (1)

Level 1 is the systems that supervise and direct the devices at Level 0, including Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and Intelligent Electronic devices (IEDs).

Level 2
select (1)

Level 2 involves devices that manage the overall processes of the system, such as human-machine interfaces (HMIs) and SCADA software, which enable human operators to monitor and control the system. These are often laptops/ workstations or touch pendants.

Level 3
select (1)

Level 3 facilitates the management of production workflows and includes batch management, manufacturing operations management (MOM), manufacturing execution systems (MES), and data historians. The Industrial Demilitarized Zone (IDMZ) serves as a buffer between the IT and OT networks. The IDMZ helps prevent infections within the IT environment from spreading to OT systems and vice versa.

Level 4
select (1)

Level 4 encompasses systems such as Enterprise Resource Planning (ERP) software, databases, email servers, and other logistics-related systems that manage manufacturing operations and provide communication and data storage.

Level 5
select (1)

Finally, Level 5 is the enterprise network, which is not an ICS environment but collects data from ICS systems for business decisions.

iStock-1403862024 3-1
Corsha can provide uniform Identity and Access Management all the way from Level 5 to Level 1 and back again. 

This enables strong OT security and identity that makes sense all along the digital thread from the shop to the enterprise cloud. A uniform approach to identity allows for strong authentication and access control across the Purdue model with features tailored for the shop floor.

One-Time-Use Credentials

For all supported protocols, Corsha can support one-time-use credentials on every request.

Strong Encryption End-to-End

Every request can now go with modern encryption.

Scheduled Access

For Remote or Local Vendors, start/stop access with a simple press of a button instantly reducing your threat surface.

Deep Visibility and Monitoring

A web-based control plane that provides deep visibility into all trafficacross your OT network from knowing that your equipment is up and responsive tomonitoring every request that hits your PLC.

Automatic Identity Rotation

Never worry about rotating static passwords, keys, or certificates again.  Identity rotation is automatic and hassle-free. 
Group 118 (1)

Corsha can provide uniform Identity and Access Management all the way from Level 5 to Level 1 and back again.

This enables strong OT security and identity that makes sense all along the digital thread from the shop to the enterprise cloud. A uniform approach to identity allows for strong authentication and access control across the Purdue model with features tailored for the shop floor.

News

Press Releases

Article

Corsha Wins MxD Project to Fortify Manufacturing Supply Chains

READ MORE

OT Security

Article

Corsha Adds Experienced CISO Marene Allison to Advisory Board

READ MORE

OT Security

Article

Corsha wins 2023 CyberSecurity Breakthrough Award for Industrial IoT Security Solution of the Year

READ MORE

News

OT Security

White Paper

From Legacy to Leading Edge: Challenges and Solutions for OT to IT Security

Read More

OT Security

Article

Corsha wins 2023 CyberSecurity Breakthrough Award for Industrial IoT Security Solution of the Year

Read More

OT Security

Article

Securing Machine-to-Machine Communications in the Age of Industry 4.0

Read More

Ready to push past boundaries?

Get in Touch