Use Case
OT and IT/OT convergence security
Boost resilience with identity-centric access security at the point of IT and OT convergence in layer 3.5 and in OT networks in zone 2. With UserLock, there’s a simple, secure way to keep attackers out and business operations running.
The challenge of IT/OT convergence security
Informational technology (IT) and operational technology (OT) systems often share identity infrastructure and systems in isolated or legacy Windows systems.
These may be AD-based or on a standalone Windows server, but native identity management is limited or nonexistent.
As IT and OT networks converge, OT teams often struggle to fight identity-based threats:
Shared or weak credentials on OT workstations
No MFA or login audit on ICS, SCADA, or HMI systems
Inconsistent policy enforcement between environments
Centralized auditing and reporting on access
How UserLock supports secure IT/OT integration
Put identity controls exactly where you need them, on level 3.5 and Windows-based level 2 assets, without touching fragile PLCs or HMIs.
Enforce granular MFA
Apply contextual access controls
Set limits on sessions
Block suspicious behavior without disrupting users
UserLock helps critical infrastructure and industrial control systems (ICS) apply modern access controls to Windows-based OT devices using the existing AD identity.
It’s easy to use, easy to scale, and keeps IT in control.
Comprehensive access control for IT and OT
)
)
Enforce MFA on Windows-based systems and apps
Enforce MFA with or without smartphones across IT and OT endpoints. MFA on UAC prompts helps block lateral movement at the IT and OT convergence layer. Maintain access policies in offline or airgapped OT environments.
)
)
Extend strong authentication to SaaS access
Enable single sign-on (SSO) for AD identities to extend on-prem authentication from local systems to SaaS resources. Users enter their password once at login, complete strong authentication, and gain access to SaaS apps.
)
)
Limit access with contextual restrictions
Restrict access based on location, time, device, and block concurrent logins. Apply policies by AD user, group, or OU.
)
)
Monitor and manage logon sessions
See all AD identity access IT into sensitive OT environments. Set up alerts so IT can quickly spot and react to threats across all Windows-based systems and apps.
)
)
Audit and report on access
Produce clear reports of who accessed what, when, and from where, no manual logs required.
Why IT and OT teams choose UserLock
Phone-less MFA
Use YubiKeys or Token2 hardware tokens for easy, secure MFA. at the Windows credential provider level.
Days to value
Set up UserLock in minutes or hours, not days. The agent-based software is easy to install and manage, and allows for granular session-based access controls.
Air-gap compatible
Bring modern access controls to air-gapped Windows-based systems, terminal servers, and legacy apps.
Remote access security
Apply MFA policies and and session limits to Remote Desktop, RDP, VPN, and RemoteApp connections.
Instant visibility and response
See who logs on, where, and how in real time. Block, log off, or disable an account with one click.
Audit ready
Take the manual work out of auditing and reporting. UserLock records every successful or failed Windows login in tamper-proof, searchable logs.
)
)
)
)
Secure air-gapped networks with MFA and access controls
An air-gapped network has no physical connection to the public internet or to any other local area networks or systems that are not themselves air gapped. Here’s how UserLock enables secure multi-factor authentication (MFA) and access controls on air-gapped networks.
Read)
)
)
)
Prevent lateral movement with multi-factor authentication (MFA)
Prevent lateral movement in your network with zero trust access security measures including multi-factor authentication (MFA), access controls, and privileged access management.
Read)
)
)
)
Leading energy company simplifies compliance adherence with MFA and SSO
UserLock helps a leading energy company secure its OT network and fortify its DMZ with MFA, meeting strict compliance.
Read
Read the case studyStrong 2FA and concurrent login restrictions for HIPAA compliance.
I can’t trust that someone is a legitimate user or administrator just because they were on a computer on-site. Now I can verify who’s using our computers with UserLock. ”
Mark Shorts
Lead Support Tech | Meadville Medical Center
Read the case studyWindows MFA meets cyber-insurance requirements
I've seen a lot of software over the years. UserLock is one of the most simple and user-friendly I've ever used. ”
IT Supervisor
US City Government
Read the case studyUserLock MFA is a high quality, full-featured product that performs as advertised.
Michael Commons
System Administrator | Dobbs Peterbilt
