Agilicus AnyX

agilicus-cybersecurity-platform

Zero-Trust Secure Connectivity for Critical Infrastructure and Industrial Control Systems

Agilicus enables any user (staff, integrator, vendor), on any device, secure connectivity to any resource they need — without a client or VPN. Whether that resource is a web application, a programmable logic controller, or a building management system, Agilicus can secure it with multi-factor authentication while keeping the user experience simple with single sign-on.

No changes required to network architecture.

CONTACT
BOOK MEETING

The Industry Challenge

wastewater-remote-operations-and-asset-management

Operational Technology has long life cycles, infrequent patch cycles, and weak inherent cyber security.

Current security practices are singular in nature: an air gap blocking inbound and outbound access. Infinitely insecure on the inside, relying solely on no malware or malicious users having access.

The industry has been moving towards cloud, Internet-delivered license managers, more complex systems needing remote support.

The plant is supported by multiple classes of users: staff, integrators, vendors. Typically this is done with a shared-user VPN architecture, negating the effectiveness of the air gap.

As operators seek to enable best practices like non-shared logins, multi-factor authentication, they must grapple with the reality of how the underlying systems and protocols work. Remote Operations and Maintenance must deal with multiple sites, sites must deal with multiple vendors.

Why Choose Agilicus AnyX

Agilicus AnyX: Zero Trust Micro-Segmentation for North-South Traffic. Secure your network with granular access controls, preventing lateral movement and data breaches. Enforce least privilege access and isolate critical assets. Download the Agilicus AnyX brochure to learn more about zero trust security.

Agilicus AnyX is the only purpose-built product to solve the industry challenges of enabling any user (staff, partner, vendor) to safely, securely, simply remotely operate operational technology, without re-architecting the underlying SCADA networks.

AnyX enables the plant operations to safely, conveniently achieve their business objectives. Without architecture changes. Without retraining. Without worry.

Unlike a VPN technology, no shared accounts are created, access is per user per resource with the appropriate permissions only. Remote hands debugging of a system? Allow read-only access to the HMI to the vendor. PLC Firmware updates across multiple sites? Run the same Rockwell Studio you are familiar with without any change, regardless of whether you are on the plant floor or your kitchen floor.

Agilicus AnyX Key Features

Purpose-built for critical infrastructure with enterprise-grade security, compliance, and operational excellence.

icon-smartphone-2

Multi-Factor Authentication

Enforce multi-factor authentication on any system, resource, or device, like web applications and industrial control systems—even on non-participating systems.

icon-padlock

Precise Access Control

Define access controls for all your users, including employees, administrators, contractors, and vendors. Manage individuals or groups for precise controls.

icon-connect

Privileged Access Management

Limit privileges to the minimum needed for people to do their work. Provide the right level of access for the right users at the right time to reduce risk.

icon-gear

Identity-Aware Firewall

Control access based on user identity using Agilicus’ Identity Aware Firewall. Permit traffic to resources only to authorized users, not IP addresses or ports.

icon-hacking

Zero Trust Air Gap

Air gap your resources while still allowing traffic from authorised personnel like third-party support vendors or employees. Keep your resources invisible and protected.

icon-sample

Detailed Auditing

Understand who did what, and when. Perform in-depth security analyses and gather evidence to meet compliance and insurance requirements.

Identity Aware Firewall

Agilicus AnyX: Secure Identity and Access Management Flow Diagram. Visualize how Agilicus AnyX streamlines authentication and authorization for seamless access control to applications and resources. Learn how it enhances security and simplifies user management. Download the Agilicus AnyX brochure for more details.

Identity is intrinsic. Each person is who they are. Yet IT systems persist in the fallacy of creating a new ‘username’ and ‘password’.

Single-Sign-On is often viewed as for Email + Productivity applications only. Or for direct staff only, not for partners. No longer. Agilicus AnyX makes identity intrinsic. Each person uses Single-Sign-On with their native identity, regardless of who they work for.

joe@myco, jane@herco. Both see every resource in your system through Agilicus AnyX as no different than their Email.

Single-Sign-On protects against phishing: a consistent sign-in experience, no passwords to remember/share/write-down.

When staff leave their company, they are automatically removed: no stale accounts.

Simpler for end users, more secure for the operator.

Secure Yet Simple Data Flow

SSH Animated Data Flow
SSH Animated Data Flow

Your plant has a unique network architecture. You use satellite or cellular as a primary or secondary network, preventing inbound access. Your site firewall blocks all access inbound or outbound, and, has limited capability to do more. You don’t run DNS. You have obsolete systems which don’t support modern TLS cryptography.

No worries. Agilicus AnyX fits in without changes. Our unique outbound-only, single HTTPS connection to a fixed, well-known IP and hostname is easy to allow in your firewall.

Outbound only means you don’t need to worry about redundant WAN connections: Agilicus will be seamless as they come and go.

Outbound only means it works with carrier NAT such as used in Starlink, Cellular network technologies.

Agilicus AnyX will participate with an inspecting SSL firewall if you run one, and, is encrypted end to end: the user’s eyeballs into your network. With all of the protection of a Zero Trust Identity-Aware Firewall.

Keep your network intact and deploy with ease.

Key Resource Types

Agilicus AnyX will support any network resource, no matter how complex or legacy.

icon-data-transfer

PLC

Run your PLC programming software such as Rockwell Studio from the comfort of your own PC, to multiple remote sites. Single-Sign On via web, direct access without a VPN.

icon-radar

HMI

Maintain and monitor your HMI, whether embedded hardware such as Rockwell PanelView, or Server-based such as VTScada, Ignition, iFIX

icon-tablet

Remote Desktop/VNC

From the comfort of your tablet at the side of the road over a cellular connection, read-only or read-write access to an HMI, a desktop.

Shared screen with multiple users for convenient diagnostics.

icon-pc

Remote Desktop/RDP

Direct access to a Microsoft Remote Desktop Protocol machine from any device, no VPN, no pre-installed software, no open ports or DMZ.

Multi-factor authentication and Single-Sign-On.

icon-share

Share

View your diagnostic logs, upload new firmware, backup site to site.

The Share integrates natively to your desktop, or, use it from your browser.

Per file access control and audit.

icon-computer

Web Application

The MES dashboard, the web admin of some embedded device, the NVR cameras of the site

Use any web application from anywhere, with full per URL audit and authorisation.

All the Extras

Agilicus AnyX has all the features, all the depth, all the integrations you will need for your Critical Infrastructure Operational Technology environment. Too numerous to cover in detail, here are some bullet points.

  • End to End strong encryption with TLS 1.3, AES 256 and Elliptic Curves
  • Pre-integrated to Microsoft Entra, Google Workspace, Apple, Linkedin, Yahoo, Microsoft Active Directory and ADFS
  • OpenID Connect, SAML
  • Password Stuffing
  • High Availability
  • Nested connectors for true DMZ
  • Requests workflow to allow casual users to request and be granted access as needed
  • Passkey, TOTP, WebAuthn, FIDO multi-factor support
  • Web-based administration
  • Web-based end-user access with all-resources launchpad as icons
  • Geo-IP firewall
  • SIEM integration
  • SDK, CLI, OpenAPI
  • Multi-tenant setup for MSP or Integrator to support multiple concurrent customers with isolation
  • Self updating, self managing
  • Zero touch integration, no network changes
  • Password-stuffing
  • SSH support with ssh-hostkey integrity maintained: add multi-factor to SSH without affecting its encryption
  • Integral support chat

Call To Action

Ready to simplify your workflow, secure your infrastructure?

Agilicus AnyX is the only purpose-built product to solve the critical infrastructure industry challenges of enabling any user (staff, partner, vendor) to safely, securely, simply remotely operate operational technology, without re-architecting the underlying SCADA networks.

Enable Zero Trust on your Operational Technology network today, without reworking or re-architecting it. Incrementally deploy, increasing security while increasing utility and ease of use.

Email ✉ info@agilicus.com