Secure Access for Legacy Systems in OT Environments
Air-Gap · No Inbound Ports · Proprietary RFB · IT/OT Visibility
Join over 5,000 leading companies that trust Cybele Software
Legacy OT Systems: Critical, Exposed, Overlooked
68%
of industrial networks run unsupported OS versions
12 years
average OT equipment lifecycle. Far beyond IT refresh cycles
43%
of OT breaches originate from remote access tools
PLC, SCADA, and HMI systems cannot be patched or replaced. Air-gapped networks require access without internet exposure.
IT and OT visibility gaps leave operations blind to threats. Standard VNC opens inbound ports, exposing the host directly.
Known Vulnerabilities in Standard VNC
Inbound Port Exposure
Listening on TCP 5900 creates a permanent inbound attack vector on every host machine.
Weak Authentication
Many implementations allow single-password auth with no MFA, brute-forceable in minutes.
Unencrypted Traffic
Legacy RFB transmits screen data in plaintext. Trivial to intercept on flat OT networks.
Protocol-Level CVEs
LibVNCServer, TightVNC, RealVNC, all carry documented remote code execution vectors.
No Auditability
Zero native session recording or access logging. Compliance and forensics become impossible.
A Proprietary RFB Protocol Built for Security
Thinfinity VNC does not implement the public VNC or RFB specification. It uses a proprietary extension of the protocol, purpose built to eliminate standard attack vectors.
Standard VNC / RFB
Thinfinity VNC
Zero Inbound Ports on the Host Machine
If there is no inbound port, there is no inbound attack.
How It Works: Outbound-Only Connection Model
OT Host / Legacy Machine
initiates outbound TCP connection
Thinfinity Relay Server
acts as secure broker, no direct access
Remote Operator Browser
connects via HTTPS, no VPN needed
Access Isolated Networks. No Internet Required.
Thinfinity VNC is designed to operate entirely within on-premises or private network environments. The relay infrastructure can be deployed locally. No cloud dependency, no internet exposure.
On-Premises Relay
Deploy Thinfinity's relay and broker components entirely inside the corporate perimeter. Zero outbound traffic to external services.
Isolated Segment Access
Reach PLCs, RTUs, and HMIs on fully isolated OT network segments without bridging IT and OT at the network layer.
Compliance-Ready Isolation
Meet NERC CIP, IEC 62443, and NIST SP 800-82 requirements for strict access control in critical infrastructure environments.
Unified IT and OT Visibility from a Single Pane
Thinfinity VNC bridges the visibility gap between IT desktops and OT devices without flattening the security boundary between them.
IT Layers
OT Layer
Built for the Perimeter-Less Enterprise
Proprietary RFB Protocol
Not based on open-source VNC. No public CVE surface. Protocol behavior is not identifiable by scanners.
No Inbound Ports
Host machine opens an outbound-only connection to the relay. Firewall sees only egress traffic.
TLS 1.3 End-to-End
All session data is encrypted in transit from host to browser, including keyboard input, video, and clipboard content.
On-Prem Relay for Air-Gap
Relay and broker deployable on-premises with no external connectivity. Full control of the data path.
Session Recording & Audit
Every session is logged and optionally recorded. Full audit trail across IT and OT assets.
Multi-Factor Authentication
Token-based identity with MFA support. Access policies enforced at the gateway, not the endpoint.
Where Thinfinity VNC Delivers
Manufacturing & Plant Floor
Energy & Critical Infrastructure
