Protocol Isolation is a cybersecurity technique that separates user endpoints from direct interaction with backend systems by brokering communication through a secure gateway. Instead of allowing native network-layer connections (e.g., RDP, SSH, VNC, HTTP/S), the user connects to an isolated proxy that mediates the session using specific protocols without placing the user or their device on the same network as the target system. Protocol isolation enforces strict control over how users access critical systems and eliminates the risk of lateral movement, malware propagation, or direct attacks on OT and IT assets.
Traditional access methods such as VPNs, jump servers, or desktop clients, establish direct network paths between the user and critical infrastructure, even if credential controls are in place. This network-layer exposure allows threat actors to scan, pivot, or exploit vulnerable systems if the user’s session or device is compromised.
Protocol isolation removes this risk by decoupling the user from the system’s network. Users interact with applications and systems via proxied sessions, where only authorized protocol traffic (e.g., RDP or SSH) is allowed and only through the isolation layer. This creates a one-way control flow where the backend system never directly interacts with the user’s device or identity context.
In Operational Technology (OT) and Cyber-Physical Systems (CPS) environments, where legacy systems often lack modern security features, protocol isolation is critical. It supports compliance with IEC 62443, NERC CIP-005, TSA SD02E, and Zero Trust Architecture by ensuring only specific, controlled interactions occur without expanding the attack surface or requiring software agents.
Xona enforces protocol isolation by acting as a hardened access gateway that proxies user sessions over authorized protocols like RDP, SSH, VNC, and HTTP/S, without placing users on the OT or ICS network. All access occurs through a browser-based interface, with no need for agents, VPNs, or direct routing between the user and the system.
This design ensures:
Xona’s protocol isolation model delivers Zero Trust enforcement at the protocol layer ensuring that even if a user device is compromised, critical systems remain segmented, secure, and auditable. This is especially vital in high-risk, regulated environments where segmentation alone is insufficient to prevent breaches.