ProSoft Insights / Technology focus

Ensuring Secure Remote Connectivity

Contact Us

Search Insights

Categories

Tags

Subscribe

Yes, I would like to receive marketing information from ProSoft Technology, Inc., and its affiliates, subsidiary companies and brands indicated below.

I therefore provide my consent to the use of the personal information submitted here for the purpose of providing me marketing information related to ProSoft Technology, Inc. and its affiliates’ and subsidiaries’ products, services and marketing events. I understand that I may withdraw my consent at any time. Additional information regarding ProSoft’s data privacy policies, including how to withdraw this consent, is available at www.prosoft-technology.com/privacy. ProSoft Technology, Inc. is a subsidiary of Belden Inc., and their affiliates, subsidiary companies and brands include ProSoft Technology SAS, ProLinx Comunicacao Industria, LTDA; Global Blue Networks Inc., and ProSoft Technology (Asia Pacific) SDN BHD.

Recent Posts

Attain Reliable Connectivity for Your Mining Application

11 Apr, 2024 / Technology focus

Discover how you can gain reliable connectivity in your mining or metals application. C...

Latest Belden Horizon Updates Prioritize Flexibility

21 Mar, 2024 / Product focus

New updates include on-prem deployment and Layer 3 IP Routing functionality. Get the de...

Modernization Gateway Updates that Help Improve Your Facility

26 Feb, 2024 / Product focus

Get the latest information on ProSoft’s modernization gateways – two new modules have a...

Gather Field Data with New Modbus Router

08 Feb, 2024 / Product focus

Your field devices have essential data that can help identify problems, enable predicti...

  • Friday February 01 2019
  • Myles Heinekey - Regional Sales Manager

Ensuring Secure Remote Connectivity

Security, Vulnerabilities, and Patch Management

The machine has been delivered, installed, and commissioned by the OEM, and the remote connectivity vendor’s “cyber secure” certificate is hanging on your wall. But now, time has passed, the outdated certificate has expired, new vulnerabilities have been discovered and patches issued. The end user has to schedule downtime for the maintenance team to install patches to keep the remote access system secure to maintain service-level agreements with the integrator/OEM.

Remote access doesn’t have to be this way.

Belden Horizon, formerly known as ProSoft Connect, is a secure cloud-native platform for the IIoT. What does this mean?

Belden Horizon is a cloud-native service hosted on Amazon Web Services, which is a highly reliable platform with physical security built in. Belden Horizon uses a container and micro-service architecture. This increases security in multiple ways:

  • Micro-services run independently from each other; this reduces the chance of cascading vulnerability where an attack on one service results in access to another service.
  • Containers only provide the services required for the micro-service to run. This approach significantly decreases the “attack surface” or ways the attacker can penetrate the software.

Anytime a vulnerability is found in a service used in Belden Horizon, we update the container(s) used in that service and immediately eliminate the threat for ALL users.

Learn more about the containers and micro-services architecture in this white paper!

 

Security - Aligned with IEC62443 and NIST 800-82 Industrial and Automation Security Standard

  • EasyBridge Secure Remote Access provides an AES256 encrypted Layer 2 VPN connection between the user's PC and the network connected to the Belden Horizon gateway.
  • VPN uses SSTP and L2TP client with IPSec encryption tunneling protocol.
  • All communications with the Belden Horizon service use HTTPS for site authentication and data encryption.
  • Gateways are activated in Belden Horizon using two-step authentication.
  • Outbound connections only - All gateway connections are initiated by the gateway to prevent a spoofed service from initiating a gateway connection.
  • No user-installed software is required, which eliminates potential “watering hole” attacks and time-consuming software patch maintenance for the user.
  • Belden Horizon uses the native OS VPN client and does not require IT approval to install software, as there isn’t any.

The platform does not require updates for security patches, as these are taken care of by the OS security updates. With Belden Horizon, any hardware firmware updates can be implemented by the Owner (IT) or Administrator (Engineering team leader) during scheduled downtime, minimizing the impact of the live plant or by individual gateway when required.

Learn more in this white paper about security considerations to keep in mind when evaluating remote connectivity solutions for industrial applications.