Xona Systems, an Annapolis MD-based provider of frictionless remote authentication and access to the critical infrastructure, has raised $7.2 million in a Series A funding round led by DataTribe Opportunities Fund with participation from TFX Capital and individual investors. It brings the total raised to date to $9.4 million.
The funds will be used to consolidate the Xona’s global presence in more than 25 countries, for further R&D, and to strengthen its footprint as a secure access provider for energy, oil and gas, transportation, manufacturing, government and other new markets.
“Being able to access operational technology and other critical systems at any time, and from anywhere is becoming a necessity. Hybrid work is convenient, cost effective and plays a role in recruitment and retention – but for critical infrastructure, it’s all that and way more,” said Bill Moore, founder and CEO at Xona. “There are countless reasons professionals running oil rigs in the middle of the ocean, manufacturing plants meeting high demand, water treatment facilities serving large populations and other critical facilities need 24/7 access. But providing that access has traditionally been complex and fraught with security issues – that’s why we built Xona.”
Xona uses protocol isolation and zero trust principals. “We provide a critical system gateway which not only provides multi-factor authentication (MFA) for users but acts as a client, and isolates the protocol and the connection to each system on the OT network,” explained Moore. “Xona drops the protocol and only brings back the display to the remote user’s browser – essentially allowing a remote user to operate the critical OT system without using the protocol, which can be a vector for attacking the OT network.”
The use of MFA increases security without increasing friction through Xona’s ability to use hardware tokens. It allows the user to self-enroll hardware MFA tokens through the browser.
“There is no requirement for clients, agents or plugins on the remote user’s device,” continued Moore. “This essentially makes it much easier for an organization to allow its vendors, contractors and other third parties to access their individual systems.” It also eliminates any mismatch in access methodology, such as different VPN clients or VDI clients, between an organization and the third parties needing to access their systems.
A zero-trust approach is employed by limiting the access to the trusted Xona approach. “We treat all devices authenticating to Xona as untrusted and that is why we enforce security through encryption and multi-factor authentication,” said Moore.
“There is a tremendous need for frictionless user access with rigorous security for operational technology and critical infrastructure systems, and that need will increase exponentially in the coming years as the number and severity of attacks on our critical infrastructure systems increase,” said Mike Janke, managing director at DataTribe Opportunities Fund. Janke, a former member of the US Navy’s SEAL Team 6 and executive chairman and co-founder of Silent Circle, joins the Xona board.
Xona Systems was founded by Bill Moore in 2017. It raised $2 million in two seed funding rounds in 2020.
Related: Project Cataloged 1,100 Ransomware Attacks on Critical Infrastructure
Related: Ransomware Targeted 14 of 16 U.S. Critical Infrastructure Sectors in 2021