Executive Summary
When a competitor refinery suffered a devastating ransomware attack that shut down operations for weeks, leadership at this leading, vertically integrated energy company asked one question: Could this happen to us? The answer was no, because they had already deployed Xona's protocol isolation architecture.
This company operates major refineries in the Americas with hundreds of users and more than 500 critical OT/ICS assets, including DCS, PLCs, SIS, and HMIs. By deploying the Xona platform, the refinery eliminated every direct connection between user endpoints and operational technology, rendering the ransomware attack vector that devastated its competitor structurally impossible. The result is zero direct network connectivity: users interact with OT systems in real time, but their endpoints are never connected to the OT network.
The Challenge
Managing secure remote access across hundreds of users and critical assets is no small task, especially in high-risk environments like an oil and gas refinery. With hundreds of users requiring secure access to 500+ critical assets, the company sought a modern, centralized remote access solution that a small team could manage without increasing operational overhead.
Their key priorities were:
Enhancing security by eliminating the risk of insecure user endpoints connecting to critical assets and spreading ransomware and malware.
Simplifying administration by reducing the complexity of managing access for hundreds of users and assets.
Improving user experience by eliminating lag, cumbersome access methods, and inefficiencies that slowed down engineering and operations teams.
Deploying with minimal IT overhead by finding a solution that could be quickly implemented without disrupting existing operations.
The legacy environment had evolved over more than a decade, accumulating layers of remote access tooling that were never designed to coexist. VPN concentrators provided broad network-level access, giving any authenticated user, or any attacker with stolen credentials, a routable path into the OT network. Jump servers acted as shared staging points but introduced unpatched operating systems, shared local administrator accounts, and cached credentials that persisted between sessions. Session recording was nonexistent for most access paths, leaving the security team with no forensic evidence when investigating suspicious activity. The refinery's legacy architecture was not merely insecure; it was operationally unsustainable, and left the organization unable to answer the most basic security question: who is connected to our OT systems right now?
The Xona Solution
To enhance security and streamline remote access, the company selected the Xona Platform, a solution designed specifically for critical infrastructure environments. Xona provided a zero-trust approach, isolating critical assets from insecure user endpoints and eliminating the risks posed by traditional VPNs and jump servers.
Browser-based connection: Users connect via any web browser over HTTPS port 443. No VPN, no agent, no plugin required.
Authentication and policy enforcement: MFA via SAML 2.0; role-based and time-based access control policies authorize users for specific assets during specific time windows.
Isolated protocol session: The CSG initiates the OT session from the gateway to the asset, entirely inside the trusted OT network. The user's endpoint is never connected to the OT network.
Encrypted pixel streaming: The CSG converts protocol output into encrypted PNG pixels delivered to the browser over TLS. Users interact in real time but receive only pixels, with no data and no protocol traffic.
Continuous monitoring: Every session is video-recorded. Administrators can shadow sessions live and terminate instantly via the Kill Button. All activity is logged and forwarded to SIEM.
Deployment was completed in just a few days using the platform's overlay architecture, with no network reconfiguration, no firewall changes, and no modifications to OT assets. The deployment team was different from the team that ran the proof of concept, demonstrating that Xona's simplicity does not depend on specialized expertise.
The Xona Difference
Structurally eliminates the attack path. Xona's centralized access control capabilities streamline the process of provisioning, monitoring, and terminating user access. By isolating critical system protocols, the company prevents their exposure on untrusted networks. Protocol isolation does not reduce risk; it makes the ransomware attack vector architecturally impossible.
Seamless and responsive user experience. Xona's user interface delivers a seamless experience accessible from any browser. With zero perceptible delay, it provides a lightweight, real-time experience that engineers and operators described as light years ahead of the previous solution.
Complete audit trail from day one. All 500+ critical assets are now protected with full video recording, detailed event logs, and SIEM integration. When the board asks whether what happened to the competitor could happen here, the security team can demonstrate exactly why it cannot.
“This is one of the better user interfaces I have used. The overwhelming feedback from users is that the experience is light years ahead of our old solution.
- Senior Applications Engineer, Instrumentation and Process Control"
