Serial Tunnel
Next-gen Serial Connectivity

Establish Serial connections on-demand without exposing endpoints to unauthorized users or the Internet.

Remote Access as it should be

Point-to-Point IP communication to critical infrastructure

In the OT world, Serial communication has set the standard for nearly three decades. Both legacy and cutting-edge systems hinge on this protocol for configuration, troubleshooting, and data extraction. To modernize and keep pace with today's needs, interfaces like Serial-to-Ethernet were crafted to bring devices into the realm of Ethernet-based networks.

But, diving into these ready-made solutions isn't without its pitfalls.

Implementation
Challenge:
Challenge:
Implementing Serial-to-ethernet typically calls for extensive configuration and maintenance, requiring applications specialists to travel onsite for each installation.
Bifrost Serial Tunnel:
Bifrost Serial Tunnel:
As a portable clientless solution preconfigured for your organization, Bifrost integrates easily with the endpoint out-of-the-box, eliminating the need for onsite specialists.
Security​
Challenge:
Challenge:
Installing Serial-to-ethernet as an Always-on solution without continuous auditing and maintenance introduces an attack surface vulnerable to brute force and zero-day strikes. And if linked to a company network? You're potentially looking at a backdoor for lateral movement.
Bifrost Serial Tunnel:
Bifrost Serial Tunnel:
Bifrosts just-in-time approach ensures that access stays as brief as the job demands. Out-of-band implementation confines access to the endpoint, safeguarding the network from lateral movement.
Access Management​
Challenge:
Challenge:
Managing Serial-to-Ethernet devices via local web interfaces or command lines? It's not just a chore – it's a hazard as these typically lack sufficient authentication, exposing them to cyber-attacks or factory resets that drop security configurations.
Bifrost Serial Tunnel:
Bifrost Serial Tunnel:
To maximize security, Bifrost Units and Users are managed via the Bifrost Manager, upholding MFA, Least Privilege and Audit logging. Company dedication ensures that Bifrost Units maintain access and security policies even in the event of hardware resets.

Zero Trust
Serial Connectivity

A Bifrost Serial Tunnel facilitates a secure, encrypted session between two Bifrost Units. These tunnel sessions are initiated just in time, safeguarding sensitive information by ensuring session data is transient and never stored on servers.

Bifrost Units can connect using standard LAN or Wi-Fi or a dedicated 4G connection. Notably, a Bifrost Unit won't expose the endpoints to the Internet while in a Serial Tunnel Session.

Building on the principles of Least Privilege, only Users or Admins with the appropriate permissions can initiate a Serial Tunnel Session.

When paired with Bifrost KVM Access, authorized users can initiate clientless Remote Access concurrently with setting up a Serial Tunnel Session. This feature allows the privileged user and the Bifrost Units to be in separate locations during the Remote Access sessions.

Image link
Grant Endpoint Access
Grant Endpoint Access
Connect Users to specific endpoints without VPN or network connection.
Minimize Attack Surfaces
Minimize Attack Surfaces
Ensure endpoints are not exposed to unauthorised users and the internet.
Boost User Experience
Boost User Experience
Provide easy access without extensive setup, configuration, or expert knowledge.
Deploy Clientless Access
Deploy Clientless Access
Establish instant Serial communication without software installation or server configuration.

Remote Serial Communication as it should be

Grant Endpoint Access
Grant Endpoint Access
Connect Users to specific endpoints without VPN or network connection.
Minimize Attack Surfaces
Minimize Attack Surfaces
Ensure endpoints are not exposed to unauthorised users and the internet.
Boost User Experience
Boost User Experience
Provide easy access without extensive setup, configuration, or expert knowledge.
Deploy Clientless Access
Deploy Clientless Access
Establish instant Serial communication without software installation or server configuration.

Establish Next-gen Serial Tunnels

Hasslefree Point-to-Point Access without extensive setup or expert knowledge.

Endpoint

Image link
User:
On-site Staff
Action:
Prepare the endpoints for Remote Access by connecting the devices to the Bifrost Units via Serial Cable.
Result:
The endpoints are ready for a privileged user to initiate a Serial Tunnel session.

MFA Interface

Image link
User:
Admin or Privileged User
Action:
Authenticate via Multi-Factor Authentication (MFA).
Result:
The Authenticator service validates the User's right to enter the Interface or Manager.

The Authenticator service validates the Users’ right to access and configure the specific Bifrost Unit.

Serial Tunnel Interface

Image link
User:
Admin or Privileged User
Action:
Select the supported Baud Rate and initiate a just-in-time Serial Tunnel between the endpoints.
Result:
Endpoints connected to the Bifrost Units will have a direct serial connection.
Image link
User:
Privileged User or Remote Operator.
Action:
Use applications to communicate or transfer data through the serial connection.
Result:
Users can interact with the endpoint just as if they were on-site.

Session Terminated

Image link
User:
On-site Staff or Privileged User
Action:
Terminate the session upon completion.
Optional: Disconnect the Bifrost Unit
Result:
If the Operator wishes to reconnect, a new session with valid authentication is required.
Product Tour

Try our
Serial Tunnel Product Tour

Discover how easy and secure it is to establish a remote serial communication via our serial tunnel solution

Image link

Zero Trust
Serial Connectivity

A Bifrost Serial Tunnel facilitates a secure, encrypted session between two Bifrost Units. These tunnel sessions are initiated just in time, safeguarding sensitive information by ensuring session data is transient and never stored on servers.

Bifrost Units can connect using standard LAN or Wi-Fi or a dedicated 4G connection. Notably, a Bifrost Unit won't expose the endpoints to the Internet while in a Serial Tunnel Session.

Building on the principles of Least Privilege, only Users or Admins with the appropriate permissions can initiate a Serial Tunnel Session.

When paired with Bifrost KVM Access, authorized users can initiate clientless Remote Access concurrently with setting up a Serial Tunnel Session*. This feature allows the privileged user and the Bifrost Units to be in separate locations during the Remote Access sessions.

Discover How You Can Establish Zero Trust Access to Your Equipment

Get in touch with one of our experts today.

How it works

Image link

Site A: Attach the Bifrost Unit to the computer you intend to use for operating the serial equipment at Site B or to the serial equipment you plan to connect with the equipment at Site B directly.

Site B: Link the Bifrost Unit to the Serial Equipment.

Once set up and activated, devices linked to the Bifrost Units at both Site A and Site B will essentially be bridged by a virtual serial cable without borders. Authorized users at Site A can then engage with the equipment, bypassing the need for vulnerable login details that could be jeopardized post-session.

For enhanced security, devices at both locations can remain offline, paving the way for Air-gapped Remote Access.

A Unified Remote Access Platform

Together as a suite, the BifrostConnect Solution gives you unmatched flexibility in tailoring your Zero Trust Access and scaling up your existing setup.

Secure

Versatile

Plug and Play

Explore related resources

Remote IP Communication
as it used to be

Conventional firewalls, VPNs, and Remote Access Software provide a considerable attack surface.

Externally exposed endpoints are vulnerable to cyber threats, allowing attackers to see and exploit them.

VPNs, in particular, can give attackers easy access to sensitive data by putting users directly on the network.

Traditional network security approaches often fail to prevent free lateral movement, leaving your network vulnerable to cyber attacks.

Legacy devices not designed with contemporary security standards are susceptible to cyber threats.

Connecting Legacy equipment to a VPN could inadvertently expose the entire network to attack.

Image link