SECURE REMOTE ACCESS FOR ICS/SCADA

Transcription

1 SECURE REMOTE ACCESS FOR ICS/SCA Drivers Remote Access Enable remote monitoring by responsible parties. Provide user and third-party access to facilitate support and maintenance for: Emergency incident response Manual system backups and system failover Utilize modern technologies that have made remote communication affordable and dependable from almost anywhere. Accommodate flexible mobile workforces with 4/7 access. Enforce two-factor authentication for people accessing assets on the plant control network. Protect the PCN against access by unauthorized equipment. Control remote access VPN for vendors and other support personnel. Ensure devices that access the PCN are compliant and malware-free. Isolate critical systems from the general business and/ or control remote network access by outside companies quickly, with minimal impact. Enforce compliance in a scalable, easily managed manner. Leverage advancements in technology that require specialized knowledge to support systems commonly found in outside resources. Benefits Protect industrial control and automation systems from threats that emanate from remote systems normally outside the owner- operators spheres of influence. Provide owner-operators with a remote access approach that is flexible, scalable and secure. Provide a means to monitor and enforce service level agreements with outside support providers. Operational Benefits Get a more streamlined, cost-effective approach to remote access to critical systems. Enjoy greater return on investment on the current production network by leveraging existing infrastructure. Problem Why Remote Access Is Needed in ICS/SCA Systems Owner-operators of ICS/SCA systems, like their IT counterparts, are continually being asked to do more with less. The need to reduce costs while striving for 00 percent uptime and availability with minimal staffing has become one of the most important driving factors in the decision to supply remote access to vendors and support staff. Just like IT systems, OT systems require maintenance and support. However, they generally need it at times that fall well outside regular business hours, when operational issues become emergent. Furthermore, the geo-diverse nature of their networks and devices often means they are not readily accessible. In addition, supporting these systems often requires the expertise of third parties with specialized knowledge not found in the existing enterprise support infrastructure. Accordingly, remote access to these critical systems offers the potential for enhancement of business operations, reduction of operational costs, increased productivity and easy access to real-time data. Providing remote access and connectivity to ICS/SCA systems opens them up to considerable risk, however. Many third-party service providers, system manufacturers/implementers and internal users have made remote access to ICS a basic criterion for day-today operations, maintenance and support. With the deployment of more advanced IP-enabled assets into the ICS, the need for remote access will continue to grow for both company employees and third-party support. Traditional Approach Thanks to advancements brought about by the technological revolution, several remote access solutions are available today: remote access /service (RAS), remote computer access software (RCAS) and virtual private networks (VPN). Conventional IT/OT approaches to remote access are typically mixtures of different forms of these. These hybrid solutions offer OT with the desired accessibility to remote assets, easy deployment and the necessary capabilities to manage assets. The downside to many of these custom solutions, particularly those using RCAS, is that they expose these locations to internet traffic, and in many instances, the security features are not fully enabled a critical oversight when most companies leave their RDP services running 4/7. There is a significant market for stolen credentials because of how easy they make it to break in to data systems. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case

2 Shortly after Microsoft released its RAS solution, several software vendors began to develop and release RCAS offerings, making commercial off-the-shelf remote access software commonplace and affordable. These offerings featured multiple key benefits, such as cross-platform capabilities, desktop sharing and network backups for key critical systems. VPNs leverage internet infrastructure with on- or off-premise security devices to provide users with a secure tunnel for remote communications. The strengths of VPN technology are in its use of protocols that prevent the alteration of content, as well as its encryption of data between departure point and destination. VPN-based solutions are the most secure approach to remote access ICS/SCA networks and the most costly. Site-to-site VPN can be expensive to set up and maintain, and often adds a level of complexity that can degrade system performance. Typical Remote Access Deployment Scenario Found in Both IT and OT Environments In most businesses, IT is responsible for providing both OT users and outside vendors remote with access to ICS/SCA resources. Depending on the age of the network, connectivity is supplied through either an IPsec/SSL VPN appliance or concentrator; many businesses deploy a hybrid. Depending on the industry, it is not uncommon to find businesses that still maintain much older technologies, such as analog dial-up modems using V.90 protocol or Async calls from ISDN Ts. The advantage of a VPN deployment is the ability to use some type of access policy to check, authenticate and authorize users to enforce company compliance. Implementers typically place the VPN appliance at the network for external remote access, or at the ingress/edge of a LAN to segment an internal network. The deployment of an IPsec/SSL VPN offers OT users great flexibility in addressing the difference software support scenarios that may arise, but IPsec/SSL VPNs cannot always be utilized in situations where direct ICS/SCA access is required. In these cases, owner-operators often deploy some form of high-speed internet connection if available, such as cellular modems, satellite or even analog lines with modems hence the need to retain an access with a Primary Rate Interface (PRI T) for incoming Async and ISDN calls. Installations like these raise security concerns for two reasons. First, and most disconcertingly, these locations are connected to a public switched telephone network or, worse, the internet. Second, remote administration software is usually needed to provide remote users with the necessary functionality, potentially creating a security hole that is often overlooked. Improperly configured remote management software employed by those connecting to remote endpoints is one of the first components targeted for attack, as it is not uncommon to find the software was incorrectly installed, is outdated or contains cached super-user credentials. Another issue with the use of RCAS is that the device using this direct-connect method may already be compromised or attached to a compromised network, which can lead to the propagation of malware and exploits, or exfiltration of resources. The inability to control devices or the remote systems to which they may be connected is a primary concern for IT and OT alike. Vendors have also begun making products with internet connectivity for patching and support, further weakening overall business network security and opening control systems to various cyberattacks. Owner-operators need a flexible security architecture that still maintains visibility and safety. Remote user or vendor support Flat private network using NAT to connect back to enterprise Public switch telephone network REMOTE SITE B Site internet connection Engineer station PRI T Corporate internet access point-to-point VPN ISDN modem user Access BB modem Engineer station Mixer Furnace Terminal/Citrix MLPS Filter Air separator Agitator network SQL ENTERPRISE BUSINESS Remote A File REMOTE SITE A Fluid separator Dual homed machine tied to control ring and business network Class B network no segmentation PLC directly connect to ethernet with no security measures in place Figure : Typical remote access design in older systems Palo Alto Networks Secure Remote Access for ICS and SCA Use Case

3 Palo Alto Networks Approach Use Zero Trust architecture and design principles based on the never trust, always verify premise to address the deficiencies of a traditional remote access implementation. Palo Alto Networks understands that, due to specialized system requirements and the likelihood that legacy technology still exists within a plant control network, migrating to a Zero Trust network must be done thoughtfully and carefully. Doing a complete rip and replace on an existing, fully operational system to create a Zero Trust network is unwise. The Zero Trust principle was designed to address these challenges by augmenting existing legacy networks to incrementally, iteratively and safely help you move to a Zero Trust network. With some due diligence, planning and an understanding of the capabilities of Palo Alto Networks Next-Generation Security Platform, many of the principles and best practices that make up a Zero Trust architecture can be applied to an existing ICS ecosystem, bringing remote access to critical personnel and third-party vendors in a manner that is enabling, flexible, easily managed and compliant. Using the principles of Zero Trust through the application of the Next-Generation Security Platform with the PA-0R ruggedized next-generation firewall, owner-operators can offer a robust, highly secure PCN capable of addressing the complex issues of remote access through: Increased visibility of traffic to and from PCN/ICS/SCA networks through App-ID and User-ID technology. Isolation of PCN/ICS/SCA, following NIST SP and ISA/IEC 644 best practices. Network segmentation that is more compliant and cost-effective as well as easier to maintain. Improved ability to respond to and remediate cyberthreats and incidents. Access control over the control system (User-ID) and allowed applications (App-ID). The ability to apply compensating solutions where needed. Full inspection and logging of all traffic. Deep packet inspection via Content-ID technology, further reducing the attack surface of ICS/SCA. Fewer incidents involving known and unknown malware and zero-day exploits with a subscription to WildFire cloud-based threat analysis service. Reduced configuration complexity with a single policy and inspection point for all security services (AV, IPS, C, malware, file blocking, etc.). Restriction of access to compliant machines only, using HIP profiling from GlobalProtect network security for endpoints to identify compliant nodes. What Is a Zero Trust Network? A Zero Trust network, built on the premise, never trust, always verify, addresses the threat of lateral movement the techniques attackers use to move through a network in search of critical assets and data through micro-segmentation and perimeter enforcement. Palo Alto Networks next-generation firewalls, such as the PA-0R, can serve as segmentation gateways, making it possible to create micro-perimeters that will contain the critical assets behind clearly defined access criteria. Placing assets in these zones achieves two major security objectives: Assets are isolated, or segmented, from the rest of the network. Controls are as close to the assets as possible, allowing for the enforcement of strict, granular access control policies that address vulnerabilities from Layers to 7 based on users and applications. With the rise in the number of geo-diverse networks in use by OT especially those with internet-facing locations and their support and maintenance needs, a company s RAS is an ideal point of entry for attackers. In many instances, the owner-operator of an automation process network may not be able to completely replace the network s existing remote access solution. It can be enhanced, however, using Palo Alto Networks Next-Generation Security Platform, to meet the fundamental assertions of Zero Trust: that the network is now an enforcement point and that all traffic needs to be protected. Proper deployment will enable the OT network to leverage the existing infrastructure and allow for a better return on investment while enforcing the concepts of Zero Trust: Ensure all resources are accessed securely. Strictly enforce need-based access. Never trust, always verify. Inspect and log all traffic. Note: The PA-0R can perform segmentation in harsh environments that have flat networks with a technique called VLAN insertion.. PA-0R ruggedized next-generation firewall. VLAN insertion can be used for network segmentation and incident response, as a remediation factor, etc. The technique is minimally intrusive to production processes. Read Applying VLAN Insertion in ICS/SCA to learn more. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case

4 Remote Access Greenfield User-ID supplying NGFW with network user information Note: The remote site in this example represents a harsh environment, which requires a ruggedized product like the PA-0R. Control center Network services VPN connection for users and PP MPLS APN rdpa Circles represent zone or enclave PA-0Rs are in-line either in VWire or Layer ; receive information from Active Directory and Terminal Services to identify user, application and port Terminal Services client supplying NGFW with IP and port information from terminal or Citrix product Jump Plant control system PLC REMOTE SITE A ENTERPRISE BUSINESS Figure : Greenfield deployment Zero Trust network with jump s If you are in the process of completely re-engineering your existing remote access solution or embarking on a Greenfield installation, the recommended deployment strategy is the Zero Trust model using jump s. A Zero Trust network design requires a different type of planning before implementation, but the benefits are well worth the effort. Zero Trust network deployments with the Next-Generation Security Platform alone will match or exceed many of the best practices associated with remote access to an automation network. Without a jump, the platform can accomplish: Restricted access control into the PCN: With the number of applications being developed for ICS/SCA, the need for remote access is steadily increasing. Also, more ICS/SCA devices are being deployed that are IP-enabled and have some form of web-based access. Ensuring the right people have the right access can be challenging, but the next-generation firewall s built-in User-ID technology facilitates enforcement. Plus, with App-ID, you can control what applications users use to connect with the remote devices, further ensuring the health and well-being of your network. Validation of remote system health: GlobalProtect offers an SSL VPN that can establish secure connections to the enterprise network or serve as an internal gateway to supply secure connections to automation networks systems. GlobalProtect can perform a host-based inspection to analyze the health of a remote system before it connects. In conjunction with User-ID and/or HIP checks, an internal gateway can be used to provide a secure, accurate method of identifying and controlling traffic by user and/or device state, replacing other network access control services. Internal gateways are useful in sensitive environments like ICS/SCA, where authenticated access to critical resources should be required. GlobalProtect can also function as a clientless VPN. Multi-factor authentication: Enabling MFA will help ensure the identity of the user. This feature can be used both externally and internally for your plant control network. Threat prevention: Zero Trust architecture means different threat subscriptions can be applied per zone, making it easy to verify that all devices in each network segment are at the same level of protection with regard to antivirus, malware and exploit prevention. Network segmentation and incident response: Using techniques like VWire, VLAN insertion or a combination of the two, network segmentation or isolation of assets can be done in a minimally disruptive way. Those are just a few of the features and capabilities of Palo Alto Networks Next-Generation Security Platform when deployed in a Zero Trust network architecture. The recommended approach is to leverage the use of a jump a purpose-built designed and configured to withstand attacks running Terminal Services. In concert with the above features, owner-operators can impose granular constraints on what remote access users can do. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 4

5 A bastion host/jump can bring several added benefits to the remote access design: With Palo Alto Networks Traps advanced endpoint protection installed, it becomes an even stronger security choke point against attackers. Tools required for support and maintenance are maintained on a centralized system. Traps can help ensure the software load on the remains compliant with business standards. Machine virtualization and virtual desktop infrastructure reduce hardware costs. Software licensing costs are reduced. Strong password enforcement and the ability to implement two-factor authentication bolster security. IP-based access restriction to and from the gives you strong activity controls. Remote Access to the ICS Using Zero Trust Principles With a Jump Server The remote user, using GlobalProtect or another VPN, connects and is placed in the zone. GP cloud services Note: GlobalProtect can run a HIP check before the client connects to network, reducing the chance of network infection. Figure : Step Initial connection from remote user Once the user has been authenticated by RIUS, TACACS,, etc., the next-generation firewall runs checks against its policy list for: User-ID Application Source IP and port Destination IP and port (if the user is attempting to access the jump ) If any one of these fails, the traffic is blocked. From here, the user connects to the designated and must again meet the security standards being enforced. GP cloud services Jump Figure 4: Step Client s connection is checked to determine access permissions Once logged into the jump, for the user to reach the remote asset at Site A, the traffic must leave the jump zone and pass another policy check performed by the next-generation firewall. The same criteria must be met, or the traffic will be discarded. GP cloud services Jump Figure 5: Step User s access level is checked to determine what the user can access from the jump Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 5

6 Once the traffic clears the firewall at the corporate office, it is directed across the network to the remote destination. At this point, it enters the next-generation firewall at Site A, and must once again clear the security policy the same criteria as before to access the third-party access zone (rdpa). MPLS GP cloud services Jump Server TR rdpa Figure 6: Step 4 A connection is established with the remote workstation If successful, the remote user will be allowed to connect to the allocated workstation using remote desktop software. From here, to connect to devices in the PLC zone, traffic must pass from the rdpa zone to the next-generation firewall and meet the requirements of a security policy for that user to gain access. MPLS GP cloud services Jump Server PLC TR 4 rdpa Figure 7: Example setup of direct access to a remote location Another benefit of this design is that if Remote Site A is required to provide direct access to vendors for support through some form of broadband or dial-up connection, site security is not diminished. If the connection is placed in the third-party access enclave of rdpa, it must still meet all the same security requirements. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 6

7 Brownfield Deployment: Applying Zero Trust Principles to an Existing OT Infrastructure Remote user or vendor support Flat private network using NAT to connect back to enterprise Public switch telephone network REMOTE SITE B Site internet connection Engineer station PRI T Corporate internet access point-to-point VPN ISDN modem user Access BB modem Engineer station Mixer Furnace Terminal/Citrix MLPS Filter Air separator Agitator network SQL ENTERPRISE BUSINESS Remote A File REMOTE SITE A Fluid separator Dual homed machine tied to control ring and business network Class B network no segmentation PLC directly connect to ethernet with no security measures in place Figure 8: An older remote implementation that has been upgraded over the years Enterprise Network Network: Corporate network (flat Class B) Connectivity: Upgraded over the years from Ts and modem banks for remote site connectivity to a 5 Mbps internet connection and a 5 Gbps MPLS. The company still supports and maintains an old PRI T and access technology for several key locations where high-bandwidth broadband is unavailable. Remote Site A Network: Part of the corporate Class B, with a set range of IP addresses totaling 5 usable IPs Connectivity: Site A has a 5 Mbps MPLS connection back to corporate, and a broadband internet connection supplies PLC manufactory remote access for support. Broadband can also be used for failover routing in the event of MPLS service disruption. Remote Site B Network: Private Class C Connectivity: Site B is an older location, and the only high-speed connection available is multiple ISDN. The plant manager at this site would like to install satellite for failover, but there is no line of sight due to tall pine trees. Customer Issue The last 0 years have seen major advancements in communication technology, and the enterprise side of the business has grown and evolved with the landscape. The operations side of the firm has not been so open or responsive to change, however, due to uptime requirements and associated upgrade costs. Now, to remain competitive in the market and protect the production network from the growing risk of cyberattacks, system updates are required. Due to the increase in cyberattacks against automation systems in their industry and the risk these disruptions bring, the company is taking steps to improve cybersecurity in all areas, especially in controlling access from outside the company. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 7

8 Requirements The organization s new deployment must provide access to key personnel, partners and support groups in a secure manner that allows for flexibility and growth. That means: Access control based on user identification for both individuals and groups Strong encryption Deep packet inspection A means of isolating the main areas of concern and associated devices The ability to leverage all or as much as possible of the existing infrastructure The choice to automate some or all of the process Centralized management Minimal disruption during deployment Empowering users to perform their duties What follows is an example of how Palo Alto Networks can be used to implement Zero Trust principles in this existing infrastructure. We will walk through the setup of both the corporate office and Remote Site A. Remote user or vendor support Public switch telephone network PRI T Corporate internet access point-to-point VPN ENTERPRISE BUSINESS NETWORK user Access Terminal/Citrix MLPS network SQL Figure 9: Existing network architecture In this implementation, the next-generation firewall will be deployed in-line using VLAN insertion to provide segmentation at both the corporate office and Remote Site A. Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 8

9 Corporate Network Restrictions The customer has an SSL VPN solution in place that can be displaced at this time. Approach Step : Implement segmentation within the corporate business network. Place a next-generation firewall in-line with the Layer device and leverage a managed switch fabric. This way, you can use VLAN insertion to create micro-perimeters. This placement of the next-generation firewall allows for the grouping of devices and people by workgroup and function. Crucially, this positioning of the next-generation firewall is also minimally disruptive to the network and production system. Remote user or vendor support Public switch telephone network Site internet connection PRI T Corporate internet access point-to-point VPN ISDN modem user Access Terminal/Citrix MLPS BB modem Engineer station Mixer Filter network SQL ENTERPRISE BUSINESS Remote A File REMOTE SITE A Fluid separator Class B network no segmentation PLC directly connect to ethernet with no security measures in place Figure 0: Completed segmentation Step : After creating zones/enclaves and grouping network devices by function: Monitor network traffic for a time to ensure you have grouped devices correctly. Develop baselines of all enclaves, as the data gathered could help identify performance issues with applications, network devices and indicators of compromise. Start creating policies, using the principles of positive enforcement, to allow desired traffic and block unwanted. The example below focuses on traffic in and out of the rdpa zone. Public switch telephone network PRI T Corporate internet access point-to-point VPN AS VPN Zone: rdpa Zone: Jump network Citrix MLPS Terminal SQL Zone: Control Figure : Completed segmentation Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 9

10 Final Steps Enable User-ID on the next-generation firewall with the client software on an Active Directory or create a service account for the next-generation firewall to access necessary files directly. Install the Terminal Services client on your jump or Citrix farm so the firewall can be updated about which users are on which ports. Site A: Follow the same steps for Remote Site A as for the corporate office, with one caveat: make the zone for the broadband connection the same as the business office zone rdpa. GP GlobalProtect with HIP check NGFW is connected to Active Directory to receive User-ID and group information used in access policies. Site internet connection Broadband connectivity is placed in rdpa. NGFW policy uses scheduling to control when access is allowed. The engineering workstation remote and support users are allowed to access is running Traps. Two-factor authentication is required to reach and PLCs. TR Engineer station TR Mixer MLPS Filter Remote Site A is a flat network, so VLAN insertion was used to segment it. Each colored circle represents a zone. All traffic is logged and forwarded to Panorama. TR File Remote A TR Fluid separator Each zone has a different security profile that sets Threat Prevention subscriptions as needed. Figure : Brownfield example. Remote users are placed into the rdpa zone upon connecting through a VPN. Note that all remote solutions in this example are in the rdpa zone. Remote user or vendor support PSTN PRI T AS VPN Note: The only application allowed to connect in this zone is the customer VPN solution. With GlobalProtect, a Host Inspection Profile could be enabled to determine if client machines meet the necessary compliance. Figure : Establishment of VPN connection by third-party vendor or remote user Figure 4: Example of policy application after third-party VPN has established connection Palo Alto Networks Secure Remote Access for ICS and SCA Use Case 0

11 For the user to access their assigned remote access in the jump zone, the client must be authenticated by the following criteria: User-ID Source zone Source IP address, if specified (in our example, it is not) Source port(s), in case set to application default Destination IP address Destination port(s) Application(s) AS VPN Jump CS jump If any one of these does not match, access is denied. Figure 5: Criteria for zone access. Once a user gains access to the assigned jump, to access any network assets, the user must be allowed access out of the jump zone by matching the same set of criteria. This time, the source address and ports change, as do the destination address and port. The defined list of applications allowed changes as well, lowering the possibility of pivoting. Also, because this is a hardened jump, users are not able to upload any tools or applications. Figure 6: Example of how policies and user access are more restricted In the above example, traffic was to be allowed out of the jump zone. Notice the only applications allowed out are those needed to establish a remote desktop connection. Figure 7: Policy defining access to remote engineering workstation Before the traffic is allowed egress from the corporate headquarters, another policy must allow traffic to the corporate MPLS. If all three of the aforementioned sets of policy criteria are met, traffic will proceed to Remote Site A. CS jump MPLS Jump Figure 8: Example of how the connection to the remote site is established Palo Alto Networks Secure Remote Access for ICS and SCA Use Case

12 CS jump MPLS Jump Figure 9: Connection of jump to remote engineering workstation Remote Site A In this design, Remote Site A has its own next-generation firewall in place. In our implementation, all traffic must be passed to the rdpa zone. The remote access zone at Remote Site A matches the remote access zone at corporate to make policy writing simpler in this example. The reason for this will be demonstrated later in the deployment. Upon arriving at Remote Site A s next-generation firewall, the same series of steps must be taken to access any resource located there. Figure 0: Policy for establishing a connection from business unit to Remote Site A Once in the rdpa zone and connected to the assigned engineering workstation, the user must pass another access policy to work on any of the other remote assets outside of this zone. Figure : Engineering workstation and local toolbox machine Zone: rdpa Recommendation: An endpoint offering such as Traps will increase both security and visibility. Traps will prevent lateral movement within the zone, preventing the spread of zero-day exploits, malware and Trojans. Engineering workstation In the second rule for Site A (see below) the user Joe Doe is restricted not only by the applications of DNP and Modbus, but also by the functions he is able to perform with each of the protocols. Restricting what users can do by application function prevents the intentional or unintentional misconfiguring of assets. Such granular control is recommended in a control environment. Figure : Policies that define remote users access to resources at remote locations 4 4 PLC Figure : Controlled access from engineering stations to PLCs and the protocols the user can use Engineering workstation Palo Alto Networks Secure Remote Access for ICS and SCA Use Case

13 How It Works for Third-Party Access That Does Not Come Through the VPN A Zero Trust design supports consistent protection, even in situations where a location needs direct site access capabilities. When direct access is a mandate of the service provider, owner-operators have the means to isolate critical systems by implementing a dedicated zone for remote access. Other benefits and capabilities of Zero Trust include: A means of determining whether third parties are fulfilling their service level agreements. Ability to enforce maintenance windows by setting access times within the access policies themselves. Ability to use GlobalProtect to host inspections on remote machines to ensure that only compliant and healthy devices can connect to the plant control network. Capacity to use two-factor authentication to gain access to the site. Deployed in this fashion, the security policy is the same whether the vendor is passing through the business network or accessing locally, reducing the number of access rules required. This consistency in access enforcement reduces the potential for policy misconfigurations that could allow undesired access to critical assets. Engineering station Broadband modem PLC Figure 4: Example of a direct connection to Remote Site A Take the Next Step and Regain Control Over Your Remote Access Network Discover more about how our prevention-oriented approach safely enables remote access, and how you can use our Next-Generation Security Platform and PA-0R ruggedized next-generation firewall to automatically stop cyberattacks on both your business and control system networks. Choose your next step: Online product demonstration that we can tailor to your organization s unique needs. Hands-on workshops, where your teams can get practical experience with our technology in an automation environment. Free, on-site proof of concept, in which we will help deploy our platform in your environment without hindering process operations. We ll also provide a detailed Security Lifecycle Review that summarizes our findings. 000 Tannery Way Santa Clara, CA Main: Sales: Support: Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at All other marks mentioned herein may be trademarks of their respective companies. secure-remote-access-for-icsand-scada-uc-068