Operational Cost & Complexity
Purpose-built for OT and Critical Infrastructure (CI)
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Simple to deploy. Intuitive to use. Set and forget.
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Frictionless 3rd-party access. Nothing required aside from a device with a modern browser supporting HTTPS.
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Deployment – Easy to Deploy
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Software must be staged on hardware, VM, or cloud
XONA Systems
Not Applicable
BeyondTrust Bomgar PRA
Good
Network/Firewall modifications required
XONA Systems
Not Applicable
BeyondTrust Bomgar PRA
Concerning
Agent (vendor) required
XONA Systems
Not Applicable
BeyondTrust Bomgar PRA
Worst
User/operator must install proprietary client application for full solution functionality
XONA Systems
Not Applicable
BeyondTrust Bomgar PRA
Worst
Time required to install
XONA Systems
Best
BeyondTrust Bomgar PRA
Concerning
Usability
XONA Systems
Best
BeyondTrust Bomgar PRA
Concerning
Manageability
XONA Systems
Best
BeyondTrust Bomgar PRA
Concerning
Network Complexity
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Risk of losing access to OT Asset
XONA Systems
Best
BeyondTrust Bomgar PRA
Concerning
Authentication (e.g., 1FA, 2FA/MFA, SAML 2.0)
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
Authorization – Enforces least privilege
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
User access is limited to specific OT/CI systems
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
User access is limited to specifics dates and times
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
Data Stream Protection
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Secure File Transfer
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
OT Protocol Isolation
XONA Systems
Best
BeyondTrust Bomgar PRA
Worst
Risk Introduced based on external dependencies
XONA Systems
Not Applicable
BeyondTrust Bomgar PRA
Concerning
Key Features & Functionality
User/Operator Session Monitoring
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
User/Operator Session Recording (video)
XONA Systems
Best
BeyondTrust Bomgar PRA
Good
Compliance support for key OT regulations such as ISA99/IEC 62443, NERC-CIP, NIST 800-53, and TSA SD02C
XONA Systems
Best
BeyondTrust Bomgar PRA
Good
High Availability Option
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
Log Management Integrations (e.g., SIEM, etc.)
XONA Systems
Best
BeyondTrust Bomgar PRA
Best
Incident Management Integrations
XONA Systems
Good
BeyondTrust Bomgar PRA
Best
Conclusion
In evaluating secure user access solutions for OT/CI, it’s important that the solution be flexible enough to address the operational needs and constraints of the environment into which it will be deployed, supports a zero-trust authentication and authorization model, and brings a high degree of security to the OT environment into which it needs to connect.
BeyondTrust Bomgar describes its solution as simple to deploy, manage, and use. However, their administration and remote access manuals illustrate that it’s significantly more complex, and one that is designed for an IT (Enterprise) versus OT environment. BeyondTrust requires the use of Jump Clients (agents), Jumpoints, Jump Hosts, and desktop software such as BeyondTrust Access Console for remote access. BeyondTrust puts a heavy burden on users, operations, and other teams to support from initial deployment to ongoing maintenance and use.
In contrast, the XONA Critical System Gateway (CSG) enables frictionless employee, contractor, and/or vendor access that’s purpose-built for operational technology (OT) and critical infrastructure (CI).
The CSG is the definition of simplicity and can be deployed in less than an hour. It’s approach to data stream protection and protocol isolation mitigates the risk of connecting to a protected OT network, and eliminates common attack vectors, while reducing the overall attack surface. It also enables compliance with OT-specific regulations such as ISA99/IEC 62443, NERC-CIP, NIST SP 800-207, NIST 800-53, and TSA SD02C.
XONA CSG is your secure portal into the cyber-physical world that enables critical operations to happen from anywhere with total confidence and trust.
1 https://www.cisa.gov/critical-infrastructure-sectors
All company and product names, logos, trademarks, service marks and branding are the property of their respective owners. All company, product and service names used in this document are for identification purposes only. Use of these names, logos, and brands does not imply endorsement or criticism. The information included in this document/web page was gathered from publicly available sources and based on our opinion from our research and technical evaluation. This document is intended for general informational purposes.
