Hardware-Enforced Remote Access for OT Environments
Secure remote access with HERA®
HERA® leverages hardware-enforced protections to ensure safe and secure remote access into OT environments.
HERA® provides hardware-enforced security at the site perimeter, ensuring OT systems remain protected with robust, hardware-based measures. It establishes isolated, non-routable communication channels between the client and site, effectively minimizing opportunities for attack pivoting. Additionally, HERA® reinforces client application security through a powerful combination of application-level protection and Trusted Platform Module (TPM) technology, offering far superior security compared to browser-based alternatives.
HERA® Client
The HERA® client uses simple and filterable protocols to separately:
- Captures and encrypts keystrokes and mouse moves and sent to HERA® Gateway.
- Receives screen capture from HERA® Gateway, decrypted and displayed.
- Communication channels are non-routable, minimizing exposure to external threats.
- The HERA® client utilizes the hardware Trusted Platform Module (TPM) for:
- Key storage.
- Hardware restricted user access.
Encryption keys remain protected from software-based attacks. Hardware-user coupling eliminates the risk of session hijacking or credential theft.
HERA® Gateway
The HERA® Gateway is comprised of two unidirectional gateways, each physically able to send information in only one direction.
- Inbound HERA® with hardware filters to receive, decrypt, validate, and filter user keystrokes and mouse moves.
- Outbound HERA® to encrypt and send screen capture to the user.
HERA® ensures that OT networks remain isolated from external TCP/IP traffic.
HERA® Gateway includes an internal app to activate user actions on local systems and computers.