RTAPSCADA.com    |    Teltone.com

Industrial Defender  

Products

Unified Threat Management

 

Comprehensive Perimeter Security Protection

Due to the wealth of information that resides in SCADA, DCS, EMS or MES computers, many companies have integrated the their enterprise and process control networks to make detailed production, inventory and other operational data readily accessible throughout the corporation. This introduces enhanced security risk in that a breach to either the IT or control network can easily cross to the other through these open tunnels.

First Line of Defense

As with enterprise security, the solution often established first is an electronic security perimeter. This boundary protects the operations network from threats that may arise on enterprise networks and protects the enterprise network from vulnerabilities in the control system networks and devices. Due to the unique nature of the control systems environment, a traditional firewall at the perimeter will not suffice.

For effective perimeter protection, Industrial Defender has integrated its Security Event Manager (SEM) with the Fortinet FortiGate Unified Threat Management (UTM) products, which include multiple security technologies in a single device (see below). The UTM resides at the edge of the control network to dynamically regulate traffic to and from the mission-critical systems, to block viruses and intrusion attempts, and to provide secure connections to authorized external users.

Unified Threat Management Highlights

The UTM appliances provide cost-effective, comprehensive protection against network, content, and application-level threats without degrading network availability and uptime. Function highlights include the following:

Firewall
Firewalls provide a way to strictly define flows through control networks perimeters, preventing damaging unauthorized traffic. The UTM provides a certified firewall with a powerful, and intuitive graphical interface.

Virus Protection
Host based anti-virus programs present potential problems around resource usage, updating, and incompatibility. UTM’s centrally updated network anti-virus stops viruses before they reach the control system without affecting control host performance, or threatening legacy control applications.

Intrusion Prevention
Patches fix the vulnerabilities that allow worms and other malware to exploit control system hosts. UTM intrusion prevention system detects/stops these threats before they reach key control systems, greatly increasing system reliability and patching schedule flexibility.

Remote Access Authentication
Control systems often have absent, default and/or widely known passwords in use. UTM provides a non-intrusive method to allow individual logins and strong passwords without the effort and potential disruption of changing default system passwords.

Integrated Virtual Private Networking (VPN)
The UTMs also provide a secure "virtual connection" for site-to-site or remote access applications, or to provide a secure connection for management staff or third-party contractors. Gateway support is built in for common options such as IPSEC, PPTP, L2TP, DES, 3DES, AES and others, and it is also designed for use with all common forms of user authentication such as LDAP, Radius or internal databases. UTM not only provides certified VPN technology, but removes worm, exploit and virus threats from the VPN traffic.

Policy and Configuration Vaulting
The UTM security configuration is continually monitored against a vaulted copy. Administrators responsible for control systems will no longer have firewall or other security protection policies changed without their knowledge.

The Industrial Defender Difference

A complete electronic security perimeter solution for the automation system environment should:

  • Be easy for plant personnel to modify without support from corporate IT
  • Be monitored/maintained from the plant’s process control network monitoring system
  • Monitor and log access to perimeter access points and alert for unauthorized attempts
  • Provide tools for logging and reporting to support compliance and audit requirements

Industrial Defender has tightly integrated Fortinet Fortigate UTM/firewall network appliances into the company’s Security Event Manager (SEM) console. This solution provides the following important features and benefits over multiple products that are not tightly integrated, or optimized for industrial control environments:

  • Securely vaulted UTM configurations can be pushed out to one or more UTMs right from the SEM; no configuration changes need to be done by plant personnel.
  • Integrated threat lock-down levels allow users to quickly deploy pre-configured UTM configurations based on possible cyber threats.
  • Ability for users to centrally change multiple UTM units for operational purposes such as when a third party vendor needs temporary remote access; changing many units at once with a previously saved configuration on the SEM takes only a matter of minutes, with an un-integrated solution the end user would have to change each individual firewall; depending on distance and location this could take a few hours.
  • Centralized management of UTM units enables users to easily make changes such as importing rule sets from one unit and downloading to another, eliminating possible errors when trying to implement the same rules over and over to many units.
  • Central management on the SEM of IDS and IPS signatures for both UTMs and the Industrial Defender Network Intrusion Detection System (NIDS); perimeter IPS and process control IDS signatures are managed from one single system instead of multiple products.
  • Centralized logging of UTM incident data; combining critical cyber asset device data within the SEM facilitates generating audit reports for NERC CIP Cyber Security Standards, as well as other future standards. One system for the plant manager to touch for all audit data rather than multiple disparate systems and data formats.