Xage Releases Novel Multi-Layer Multi-Factor Authentication Protection for Critical Infrastructure

The first-of-its-kind offering prevents MFA bombing attacks to keep key services online


PALO ALTO, Calif., June 09, 2022 (GLOBE NEWSWIRE) -- Xage, the zero trust security company, today introduced the first-ever distributed, multi-layer multi-factor authentication (MFA) designed for real-world operations.

Critical infrastructure systems are increasingly under attack, and these complex environments filled with legacy technologies are notoriously difficult-to-secure. Federal security directives and alerts from the TSA and CISA require improved MFA in Operational Technology (OT) environments; however, operators can’t rely on traditional IT-based MFA tactics to protect essential services.

Human error causes 95% of security breaches. Bad actors exploit this through MFA bombing, a technique which sends numerous secondary MFA requests until the user unintentionally grants permission. This can happen when MFA requires only one additional factor to log-in, such as a one-time password sent to a secondary device. For instance, digital extortion group Lapsus$ recently breached identity management platform Okta through a third-party provider using MFA bombing.

To prevent attacks that rely on human error and social engineering, such as MFA bombing, critical operations need multiple layers of authentication. Xage’s multi-layer MFA combines zero trust access control with a defense in-depth authentication strategy. Users reconfirm their identity as they are granted each layer of access privilege, allowing independent user verification at the level of a whole operation, a site, or even a single asset. As a result, compromise of an individual authentication factor—such as would happen in an MFA bombing attack—does not allow the attacker to compromise the user’s whole identity and gain illegitimate access to assets, systems, or applications. Xage’s multi-Layer MFA makes critical infrastructure essentially impenetrable to MFA bombing, delivering real world zero trust using a defense-in-depth approach.

“Critical infrastructure asset owners and operators are in the crosshairs of the evolving threat landscape, and TTPs are becoming more sophisticated, including MFA bombing,” said Jonathon Gordon, Directing Analyst at Takepoint Research. “Xage’s multi-layer MFA solution requires users to pass an additional and unique MFA challenge at each layer. This distinctive approach can further secure critical operations against malicious actors using advanced MFA attacks and prevent major shutdowns that impact both production systems and the safety of communities they serve.”

“Multi-layer MFA is hard to achieve in IT environments, and even harder in OT. Managing authentication for thousands of dispersed technologies of different vintages that don’t inherently support MFA becomes too complex,” said Duncan Greatwood, Xage CEO. “Xage now makes it easy for customers to utilize multi-layer MFA at each site, asset, zone, and subsystem, without the need to rip and replace existing systems. Combined with our zero trust identity and access management capabilities, operations can now manage access and interactions at each layer of the environment.”

Xage’s solution fingerprints each device and user across the entire network. User access is then precisely controlled, restricted only to specific devices or systems, time or session length. Even if adversaries break through one layer or an individual site, they’re isolated and unable to further infiltrate the system, ensuring critical services remain operational.

The increase of hacks and new federal regulations combined add urgency to the adoption of Xage’s technology. Just this month, Xage announced that critical infrastructure customers have more than doubled in the past year, and two-thirds are accelerating zero trust rollouts to meet government requirements.

To learn more about how the Xage Fabric can secure and transform your organization, visit Xage.com. Xage is currently offering a free trial for secure remote access solution to qualified critical infrastructure operators.

About Xage
Xage is the first and only zero trust real-world security company. The Xage Fabric accelerates and simplifies the way enterprises secure, manage and transform digital operations across OT, IT, and cloud. Xage solutions include Identity & Access Management (IAM), remote access, and dynamic data security, all powered by the Xage Fabric.

Media Contact
LaunchSquad for Xage
xage@launchsquad.com