Secure Remote Access

Industry Proven Software, installed at over 4000 industrial sites worldwide

Secure Remote Access

Industry Proven Software, installed at over 4000 industrial sites worldwide

Honeywell provided the cybersecurity knowledge base required to better protect our refinery’s control system. Their secure remote access solution helps our site stay securely connected to remote employees, Honeywell support and third parties when needed. We have 24/7 coverage regardless of what is happening in the plant

Site Automation Leader, Major US Refinery

Major Food & Beverage Company

Challenge: after ransomware attack, needed to increase cyber defenses to protect 100+ manufacturing sites located around the world

Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access and asset management solutions

Value to Customer: increased protection for assets; industrial grade secure remote access for employees and third parties located anywhere in the world

Major Pulp And Paper Company

Challenge: needed secure way to manage third party connections from 60+ vendors

Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access across 140+ sites

Value to Customer: increased cyber protection and reduced risk; industrial grade secure remote access for employees and third parties

Major Oil And Gas Company

Challenge: needed to overcome limited in-house cybersecurity expertise across multiple refineries

Solution: Honeywell’s Managed Security Services (MSS) with secure remote access selected for secure remote connections, software patch and anti-virus management, and security and performance monitoring for multiple sites in North America, South America, Europe and Asia

Value to Customer: increased cyber protection and reduced risk, industrial grade secure remote access for employees and third parties

Major Food & Beverage Company

Challenge: after ransomware attack, needed to increase cyber defenses to protect 100+ manufacturing sites located around the world

Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access and asset management solutions

Value to Customer: increased protection for assets; industrial grade secure remote access for employees and third parties located anywhere in the world

Major Pulp And Paper Company

Challenge: needed secure way to manage third party connections from 60+ vendors

Solution: Honeywell Forge Cybersecurity Suite selected for secure remote access across 140+ sites

Value to Customer: increased cyber protection and reduced risk; industrial grade secure remote access for employees and third parties

Major Oil And Gas Company

Challenge: needed to overcome limited in-house cybersecurity expertise across multiple refineries

Solution: Honeywell’s Managed Security Services (MSS) with secure remote access selected for secure remote connections, software patch and anti-virus management, and security and performance monitoring for multiple sites in North America, South America, Europe and Asia

Value to Customer: increased cyber protection and reduced risk, industrial grade secure remote access for employees and third parties

Honeywell
Secure Remote Access

What is it?

  • A Managed Security Service (MSS), delivering an industrial grade secure remote access solution to help ensure responsible, safer, and more controlled use of remote service capabilities
  • Enables service delivery, troubleshooting or remote operations support from your employees, Honeywell, or trusted third-parties in an extremely controlled and more secure manner, at any time, from anywhere in the world.

Value

  • Maintain Business Continuity
  • Access Experts On-Call, Augment Site Skills
  • Improve Incident Response, Reduce Impact
  • Industrial Grade – Improve Safety & Security
  • Rely on Trusted Partner
  • Eliminate Travel Time & Costs
  • Staff, Contractor, Honeywell – to all your Systems

Honeywell
Secure Remote Access

What is it?

  • A Managed Security Service (MSS), delivering an industrial grade secure remote access solution to help ensure responsible, safer, and more controlled use of remote service capabilities
  • Enables service delivery, troubleshooting or remote operations support from your employees, Honeywell, or trusted third-parties in an extremely controlled and more secure manner, at any time, from anywhere in the world.

Value

  • Maintain Business Continuity
  • Access Experts On-Call, Augment Site Skills
  • Improve Incident Response, Reduce Impact
  • Industrial Grade – Improve Safety & Security
  • Rely on Trusted Partner
  • Eliminate Travel Time & Costs
  • Staff, Contractor, Honeywell – to all your Systems

The Value Of Honeywell Secure Remote Access

Eliminate Travel Time & Travel Costs
  • Avoid travel time to/from site
  • Avoid flights/hotel/cars
Business Continuity / Pandemic
  • Allow staff in isolation or restricted from site to continue working
Faster Incident Response
  • Detection and response time has a direct relationship to severity of impact
  • Allow remote response personnel to start faster, and support local onsite teams
Mature OT Solution
  • Trusted for over 15 Years by Honeywell and OEM Partners for Secure Remote Support
Reduce Cyber Risk with Honeywell Unique Capabilities
  • Unique: No inbound firewall rules, all connections initiated from inside the control network, no direct attack surface
  • Unique: Customer-controlled human authorization that is time-limited per-session, per-user, per-protocol
  • Unique: just-in-time tunnel creation per session (not always on like traditional VPN)
  • Unique: Real-time supervision, recording, & playback of any session
Enable Valuable Remote Services (Use-Cases)
  • Technical Support, Maintenance and Troubleshooting
  • Expert On-Call
  • Remote Preventative Service
  • Secure File Transfer: software patches, files/data, logs, manuals, etc.
  • Training
  • Staff & Contractor Remote Access

Differentiating Honeywell Secure Remote Access

Unique Honeywell Technology

  • No inbound firewall rules, all connections initiated from inside the high trust network over a single outbound port (aka., reverse tunnel). No direct attack surface!
  • Multifactor authentication to Security Center, separate from local per-site authorization.
  • Customer-controlled human authorization per session. Allowing site autonomy in addition to centralized user management
  • Authorization is time-limited per-session, per-user, per-protocol.
  • Just-in-time point-to-point channel is established within reverse-tunnel, after authorization. By default, no remote access channel from Security Center to Site until needed.
  • Remote user or remote computer is never part of trusted network. Cannot escape the point-to-point channel established across trusted and untrusted networks
  • Password vault holds the actual password, it is never revealed to the remote user. Avoids the complexity of sharing passwords or changing them after each use or termination of access.
  • Real-time supervision (i.e., screen sharing), recording, playback, and session termination. Supports both forensic incident investigation and training.
  • Local authority to terminate sessions for unrecognized, suspicious behavior, or plant operational situation changes (e.g., plant upset, shutdown, emergency).
  • Full audit trail of requests, authorizations, protocols, sessions, users, etc.
  • Remote VSE Service Node must be pre-registered with Security Center to function (no rogue nodes)
  • ISA-Secure Certified Development Organization (HPS Secure Development Process)
  • ISO/IEC 27001 Certified security management system for Managed Security Service Center.
  • Numerous customer, OEM partner, 3rd-party, and internal penetration tests and security reviews of Managed Security Service Centers and software code.

Trusted by Honeywell, OEM Partners, and Customers for Secure Remote Support of over 4,000 Industrial Installations

Traditional User VPN

  • Remote computer is member of Company network
  • Once connected, unrestricted access to trusted networks
  • Always-on 24/7
  • Always authorized
  • Logging of session connection & termination only
  • Network access pre-configured in firewall rules
  • Can be accidentally left connected

Both VPN And Honeywell

  • Multifactor Authentication (Internet edge)
  • TLS 1.2 encryption. FIPS 140-2 compliant.
  • Tunneled across Internet
  • PKI Certificates