Honeywell provided the cybersecurity knowledge base required to better protect our refinery’s control system. Their secure remote access solution helps our site stay securely connected to remote employees, Honeywell support and third parties when needed. We have 24/7 coverage regardless of what is happening in the plant
Site Automation Leader, Major US Refinery
Major Food & Beverage Company
Challenge: after ransomware attack, needed to increase cyber defenses to protect 100+ manufacturing sites located around the world
Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access and asset management solutions
Value to Customer: increased protection for assets; industrial grade secure remote access for employees and third parties located anywhere in the world
Major Pulp And Paper Company
Challenge: needed secure way to manage third party connections from 60+ vendors
Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access across 140+ sites
Value to Customer: increased cyber protection and reduced risk; industrial grade secure remote access for employees and third parties
Major Oil And Gas Company
Challenge: needed to overcome limited in-house cybersecurity expertise across multiple refineries
Solution: Honeywell’s Managed Security Services (MSS) with secure remote access selected for secure remote connections, software patch and anti-virus management, and security and performance monitoring for multiple sites in North America, South America, Europe and Asia
Value to Customer: increased cyber protection and reduced risk, industrial grade secure remote access for employees and third parties
Honeywel Secure Remote Access
What is it?
- A Managed Security Service (MSS), delivering an industrial grade secure remote access solution to help ensure responsible, safer, and more controlled use of remote service capabilities
- Enables service delivery, troubleshooting or remote operations support from your employees, Honeywell, or trusted third-parties in an extremely controlled and more secure manner, at any time, from anywhere in the world.
Value
- Maintain Business Continuity
- Access Experts On-Call, Augment Site Skills
- Improve Incident Response, Reduce Impact
- Industrial Grade – Improve Safety & Security
- Rely on Trusted Partner
- Eliminate Travel Time & Costs
- Staff, Contractor, Honeywell – to all your Systems
Differentiating Honeywell Secure Remote Access
Unique Honeywell Technology
- No inbound firewall rules, all connections initiated from inside the high trust network over a single outbound port (aka., reverse tunnel). No direct attack surface!
- Multifactor authentication to Security Center, separate from local per-site authorization.
- Customer-controlled human authorization per session. Allowing site autonomy in addition to centralized user management
- Authorization is time-limited per-session, per-user, per-protocol.
- Just-in-time point-to-point channel is established within reverse-tunnel, after authorization. By default, no remote access channel from Security Center to Site until needed.
- Remote user or remote computer is never part of trusted network. Cannot escape the point-to-point channel established across trusted and untrusted networks
- Password vault holds the actual password, it is never revealed to the remote user. Avoids the complexity of sharing passwords or changing them after each use or termination of access.
- Real-time supervision (i.e., screen sharing), recording, playback, and session termination. Supports both forensic incident investigation and training.
- Local authority to terminate sessions for unrecognized, suspicious behavior, or plant operational situation changes (e.g., plant upset, shutdown, emergency).
- Full audit trail of requests, authorizations, protocols, sessions, users, etc.
- Remote VSE Service Node must be pre-registered with Security Center to function (no rogue nodes)
- ISA-Secure Certified Development Organization (HPS Secure Development Process)
- ISO/IEC 27001 Certified security management system for Managed Security Service Center.
- Numerous customer, OEM partner, 3rd-party, and internal penetration tests and security reviews of Managed Security Service Centers and software code.
Trusted by Honeywell, OEM Partners, and Customers for Secure Remote Support of over 4,000 Industrial Installations
Traditional User VPN
- Remote computer is member of Company network
- Once connected, unrestricted access to trusted networks
- Always-on 24/7
- Always authorized
- Logging of session connection & termination only
- Network access pre-configured in firewall rules
- Can be accidentally left connected
Both VPN And Honeywell
- Multifactor Authentication (Internet edge)
- TLS 1.2 encryption. FIPS 140-2 compliant.
- Tunneled across Internet
- PKI Certificates