Company
Support
Login
Book a Demo
Contact Us
Cybersecurity & Compliance

Secure and compliant OT remote access – even in isolated environments.

Gain full visibility and control over every remote session with audit-ready logs, Zero Trust enforcement, and NIS2-aligned policies – ensuring secure access without exposing your OT infrastructure to the Internet.

Remote Access as it should be

Book a Demo
The Challenge
NIS2 and similar regulations demand strict oversight of OT access. Yet VPNs, PAM tools, and traditional remote access solutions struggle in air-gapped, offline, or segmented environments. This leaves a compliance gap that audit teams quickly expose.
The Solution
With Unified Out-of-Band Access (UOA), every remote session is secured, authenticated, and logged – without touching production networks. Access works even in isolated environments, closing the compliance gap.
Cybersecurity & Compliance

Secure and compliant OT remote access – even in isolated environments.

Gain full visibility and control over every remote session with audit-ready logs, Zero Trust enforcement, and NIS2-aligned policies – ensuring secure access without exposing your OT infrastructure to the Internet.

The Challenge
NIS2 and similar regulations demand strict oversight of OT access. Yet VPNs, PAM tools, and traditional remote access solutions struggle in air-gapped, offline, or segmented environments. This leaves a compliance gap that audit teams quickly expose.
The Solution
With Unified Out-of-Band Access (UOA), every remote session is secured, authenticated, and logged – without touching production networks. Access works even in isolated environments, closing the compliance gap.

Why BifrostConnect is the ideal tool for you, as a Cybersecurity & Compliance Leader

Unlike VPNs or PAM tools that depend on network availability, BifrostConnect’s Unified Out-of-Band Access (UOA) works even when systems are offline or segmented. Every session is authenticated, encrypted, and logged without creating new attack surfaces. That means you can prove compliance, enforce Zero Trust, and maintain security in environments where other tools simply cannot operate.

Why BifrostConnect is the ideal tool for you, as a Cybersecurity & Compliance Leader

Unlike VPNs or PAM tools that depend on network availability, BifrostConnect’s Unified Out-of-Band Access (UOA) works even when systems are offline or segmented. Every session is authenticated, encrypted, and logged without creating new attack surfaces. That means you can prove compliance, enforce Zero Trust, and maintain security in environments where other tools simply cannot operate.

How it Works

Connect

Plug in the BifrostConnect device to the controller, HMI, or network port – no software installs required.

Authenticate

The session is verified with MFA and role-based access controls, ensuring only authorized users gain entry.

Access

The expert works on the OT system through BifrostConnect’s hardware tunnel, using their native engineering tools – without exposing or joining the production network.

Audit

All actions are logged and encrypted, creating a full audit trail for compliance and incident reviews.

How it Works

Connect

Plug in the BifrostConnect device to the controller, HMI, or network port – no software installs required.

Authenticate

The session is verified with MFA and role-based access controls, ensuring only authorized users gain entry.

Access

The expert works on the OT system through BifrostConnect’s hardware tunnel, using their native engineering tools – without exposing or joining the production network.

Audit

All actions are logged and encrypted, creating a full audit trail for compliance and incident reviews.

❝The secure, instant connection to our critical systems streamlines operations, enhances service reliability, and aligns with our commitment to innovation and efficiency.
Water Management
❝The secure, instant connection to our critical systems streamlines operations, enhances service reliability, and aligns with our commitment to innovation and efficiency.
Jorge Figueiredo, Head of Automation, SCADA, and Remote Management, Luságua

Proof

Critical infrastructure operators already rely on BifrostConnect to demonstrate NIS2 compliance and maintain secure, auditable access to isolated OT assets. From water utilities ensuring regulatory reporting, to energy providers protecting distributed assets, UOA closes compliance gaps without adding network risk.

❝For me, BifrostConnect was the only option. It let me stay involved without being on-site 24/7. I could guide the process, assist the vendor, and still keep operations running smoothly.
Testing, Inspection & Certification
❝For me, BifrostConnect was the only option. It let me stay involved without being on-site 24/7. I could guide the process, assist the vendor, and still keep operations running smoothly.
Jan Wilgers, Lab Manager at SGS
❝BifrostConnect gives us a portable solution that saves resources, keeps customers running, and supports rising security demands.
Industrial Automation & Manufacturing
❝BifrostConnect gives us a portable solution that saves resources, keeps customers running, and supports rising security demands.
Marc Jonathan Skov, Automation Manager AT DamGaard Automatik A/S

With BifrostConnect you get

  • Audit trails you can trust – Every session is logged, exportable, and verifiable.

  • Zero Trust enforcement – MFA, role-based access, and least privilege by default.

  • NIS2 alignment – Demonstrate secure access without redesigning networks.

  • Offline security – Access assets securely even when they are isolated.

❝The secure, instant connection to our critical systems streamlines operations, enhances service reliability, and aligns with our commitment to innovation and efficiency.
Water Management
❝The secure, instant connection to our critical systems streamlines operations, enhances service reliability, and aligns with our commitment to innovation and efficiency.
Jorge Figueiredo, Head of Automation, SCADA, and Remote Management, Luságua

Proof

Critical infrastructure operators already rely on BifrostConnect to demonstrate NIS2 compliance and maintain secure, auditable access to isolated OT assets. From water utilities ensuring regulatory reporting, to energy providers protecting distributed assets, UOA closes compliance gaps without adding network risk.

❝For me, BifrostConnect was the only option. It let me stay involved without being on-site 24/7. I could guide the process, assist the vendor, and still keep operations running smoothly.
Testing, Inspection & Certification
❝For me, BifrostConnect was the only option. It let me stay involved without being on-site 24/7. I could guide the process, assist the vendor, and still keep operations running smoothly.
Jan Wilgers, Lab Manager at SGS

With BifrostConnect you get

  • Audit trails you can trust – Every session is logged, exportable, and verifiable.

  • Zero Trust enforcement – MFA, role-based access, and least privilege by default.

  • NIS2 alignment – Demonstrate secure access without redesigning networks.

  • Offline security – Access assets securely even when they are isolated.

❝BifrostConnect gives us a portable solution that saves resources, keeps customers running, and supports rising security demands.
Industrial Automation & Manufacturing
❝BifrostConnect gives us a portable solution that saves resources, keeps customers running, and supports rising security demands.
Marc Jonathan Skov, Automation Manager at DamGaard Automatik A/S

BifrostConnect's 5 Z approach

1. Zero Trust Management 

BifrostConnect enables your organization to assign a dedicated administrator to define security and access management policies. By emphasizing just-in-time access and granular policy enforcement, BifrostConnect ensures precise access control to specific endpoints and applications.

Access management can seamlessly integrate with your organization’s existing Identity and Access Management (IAM) solution. Additionally, BifrostConnect provides audit logging for tracking usage and monitoring events. These logs can be integrated into your organization’s Security Information and Event Management (SIEM) systems for efficient and streamlined security management.

 
2. Zero Unit Configuration

Your BifrostConnect solution is dedicated and pre-configured for your organization, allowing Bifrost Units to be shipped directly and installed at the desired location or endpoint. These units provide secure remote access immediately, enabling plug-and-play implementation by nontechnical personnel.

To ensure maximum security, Bifrost Units retain access and security policies even after a hardware reset. Your organization’s security policies are managed exclusively through your dedicated Bifrost Manager, and Bifrost Units cannot be accessed or configured via a local web interface, ensuring the integrity of your BifrostConnect solution.

 
3. Zero Software Installs

The deployment of the BifrostConnect Solution requires no software installation on endpoints , facilitating a seamless integration process. The user can control where endpoint data is processed, depending on the type of session connection. This flexibility allows for on-premises data processing or data communication between endpoints if permitted.

 
4. Zero Internet Exposure Bifrost

Units utilize internet connections either in-band or via the integrated out-of-band LTE connection. Crucially, these units do not share the internet connection with the endpoints during a Remote Access Session, ensuring secure and undisturbed communication channels.

 
5. Zero Network Compromise

Advancing on Zero Trust Network Access (ZTNA) principles, BifrostConnect decouples application access from network access. This reduces your attack surfaces, inhibits lateral movement, and ensures that access to endpoints and applications is exclusively granted to authorized users, eliminating implicit trust.

The solution effectively renders endpoints and network infrastructure invisible to unauthorized users by leveraging inside-out connections from the Bifrost Unit to the user. IP addresses remain hidden from unauthorized users and the internet, ensuring your network remains secure and inaccessible.

Under the hood

BifrostConnect is a hardware-based remote access solution (“BifrostConnect Solution”) that allows secure remote access without installing software on the endpoints .The solution enables access to IT and OT equipment and devices, including but not limited to computers, PLCs, mobile phones, IoT devices, and network equipment.

The BifrostConnect Solution consists of the following components:

  • The Bifrost Unit is a compact remote-control unit that relays actions based on the operated remote access type.
  • The Services provide authentication, a web-based remote access interface, identity and access management, audit logging, and API integrations (E.g. SIEM or SSO).
  • The optional Software Clients for using Direct IP Tunnels and USB Tunnels.

The BifrostConnect Solution enables secure (i) remote access to, (ii) remote control of, and/or (iii) remote connection between IT & OT equipment (each a “Remote Device”). Remote access is controlled via the BifrostConnect Manager, depending on the remote access type. The web client can also activate a relay remotely, typically used for remote reboot operations.

Technology Overview

 

  • BifrostConnect Service: Currently hosted on DigitalOcean using Docker containers.  
  • Web-Based Authentication: Implemented with Auth0, which complies with multiple data privacy and security standards, including ISO 27001/27018, SOC 2 Type 2, and CSA STAR certifications .
  • End-to-End Encrypted Data Sessions: For Direct Native Access, sessions are secured over WebRTC, utilizing TURN servers. These servers can be customer-hosted for added control. For the Direct Tunnel Access, WireGuard technology is used along with TURN servers, while a P2P connection can be established using STUN technology.
  • Secure Messaging: Messages are end-to-end encrypted over MQTT using secure WebSockets (wss), with a custom authentication layer enhancing security.
  • HTTPS (TLS): All web clients and web-facing endpoints are secured with HTTPS, ensuring data integrity and privacy.
  • Clients (optional):
    • A Direct Tunnel client enabling Direct IP Tunnels, leveraging a peer-to-peer overlay network based on WireGuard®. 
    • A VirtualHere USB Client4 , enabling USB Tunnelling.

Learn more about our security documentation on this page:

BifrostConnect Security Documentation

Let us show you why security leaders and technicians alike, trust us to save the day, when everything else fail.
Let us show you why security leaders and technicians alike, trust us to save the day, when everything else fail.
Let us show you why security leaders and technicians alike, trust us to save the day, when everything else fail.
Let us show you why security leaders and technicians alike, trust us to save the day, when everything else fail.
See how it works
Book Demo