RTAPSCADA.com    |    Teltone.com

Industrial Defender  

Products

Electronic Security Perimeter

 

Comprehensive Perimeter Security Protection

There was a time when Information Technology (IT) and Operational Technology (OT) networks were completely isolated from each other and used different equipment, operating systems and communication protocols. Due to the wealth of valuable information contained in SCADA, DCS, EMS or MES computers, many companies have integrated the two networks to make detailed production, inventory and other operational data readily accessible throughout the corporation. This introduces enhanced security risk in that a breach to either the IT or OT network can easily cross to the other through these open tunnels.

First Line of Defense

As with enterprise security, the solution often deployed first is an electronic security perimeter. This boundary protects the operations network from threats that may arise on enterprise networks and protects the enterprise network from vulnerabilities in the control system networks and devices. Due to the unique nature of the control systems environment, a traditional firewall at the perimeter will not suffice.

The Industrial Defender Electronic Security Perimeter (ESP) solution combines the Industrial Defender Security Event Manager (SEM) with the Fortinet FortiGate Unified Threat Management (UTM) products, which include multiple security technologies in a single device (firewall, in-line intrusion prevention, antivirus, VPN and content filtering; as well as a high availability option); all are optimized for the unique requirements of these environments.

The UTM is used at the edge of the control network to dynamically regulate traffic to and from the mission-critical systems, to block viruses and intrusion attempts, and to provide secure connections to authorized external users. Our unique threat-adaptive technology configures the UTM appliance for a variety of pre-planned lock-down responses based on current threat levels, or routine maintenance requirements.

Tight Integration with Security Event Manager

The SEM, which centralizes critical security and performance information and integrates information and alerts from all Industrial Defender sources for consolidated management and centralized reporting, is tightly integrated with the UTMs to segment the plant network to maximize security, and to provide a simple means of blocking a wide variety of cyber attacks before they can enter the plant.

A variety of UTM models are offered, providing the flexibility to select a model with the appropriate interfaces and throughput for a particular operational environment. Software functionality is consistent across models.

The Industrial Defender solution also supports monitoring and managing many third-party firewalls including Cisco PIX and multiple brands from Secure Computing including Sidewinder, CyberGuard, Classic and SnapGear.

Unified Threat Monitoring Highlights

The UTMs provide a variety of functionality including:

  • Firewall

    Typical firewall functionality is used to determine which connections and services are allowed into, and out of, the control system environment, preventing unauthorized users from accessing the systems and networks.

  • Virus Protection

    The Industrial Defender ESP solution moves the virus protection scanning to the UTM appliance which eliminates the need to run antivirus applications on the control equipment. Virus scanning software should only be run if certified by the control system vendor.

  • Intrusion Prevention

    The UTMs can be configured to recognize and automatically discard a wide variety of malicious traffic, including traffic seeking to exploit vulnerabilities in infrastructure software. Combined with virus scanning, it ensures that the content of traffic allowed by the firewall is free from forms of attack.

  • Integrated Virtual Private Networking (VPN)

    The UTMs also provide a secure "virtual connection" for site-to-site or remote access applications or to provide a secure connection for management staff or third-party contractors. There is built-in gateway support for common options such as IPSEC, PPTP, L2TP, DES, 3DES, AES and others, and it is also designed for use with all common forms of user authentication such as LDAP, Radius or internal databases.

  • Pre-Planned Lockdown States

    Maintaining availability of the control system under various threat conditions is a top priority. Under normal circumstances all the connections that are required by the business will be enabled. As the threat level increases, it is practical to trade off convenience for a greater degree of protection, for example, to drop all external connections under heightened threat conditions, or to completely isolate the control network from the corporate network. Making such decisions on the fly can be difficult and error-prone; the SEM console includes facilities to predefine a set of lockdown states that can be implemented on the UTM appliance. Authorized users, through the simple click of a mouse, can change the configuration of perimeter devices. Operators can choose a lockdown state based on indicators such as the current level of malware activity from one of the many industry-tracking organizations, or an industry specific threat indicator provided by organizations such as ISACs (U.S.) or WARPs (UK).