- January 30, 2020
Industrial router with firewall
The Lock 150 is an industrial router with firewall sharing access that secures remote connections and protects all devices behind it, in order to build, manage, and scale remote IoT control operations. With modular technology, networks and IoT infrastructures can be scaled from one object to thousands for a secure internal and external IoT ecosystem.
The Lock 150 can be installed in fewer than five minutes without the need for software installations, network configurations, or special IT skills. It has the capacity for up to 10 concurrent VPN connections. Integrated Wi-Fi is an alternate connectivity method and doubles as a wireless device access point. The router is compatible with all existing company products and includes end-to-end encryption between the company’s devices.
Industrial asset monitoring, risk assessment
A new joint solution expands industrial asset monitoring, change management, and risk assessment capabilities for industrial enterprises. Asset Guardian change-management technology manages PLC, DCS, and HMI/SCADA software assets and provides a single point of reference for current asset information, including operational status, location, and controller logic versions. It has been combined with the iSID industrial threat detection system for real-time visibility of networked industrial assets, ports, and protocols on an OT network. By passively analyzing all data traffic, iSID can detect and counteract abnormal network activity in real-time, such as abnormal network access or asset changes and changes in the sequence of SCADA processes.
In this integrated solution, iSID’s asset inventory now incorporates the asset information stored in the Asset Guardian database, including detailed asset information that is not available from traffic monitoring. This detailed information, such as logic version, ownership, and geolocation, produces a more granular risk score calculated by iSID for each asset. Changes to assets, such as new firmware or PLC logic, are detected on the network in real-time by iSID and sent to Asset Guardian for verification, authorization, and validation against the “golden image” of the binary stored in its database.
Industrial network cyber defense
A new hardware/software joint offering helps utilities, oil and gas facilities, and other industrial manufacturing sites to identify and defend against cyberattacks. The solution is a joint venture between Ixia, a Keysight Technologies business, and Nozomi Networks. The Ixia Vision network packet broker (NPB) collects data from all locations connected to an operational network and delivers it to Nozomi Networks Guardian for real-time processing and analysis.
Aggregating traffic removes duplicate packets and unwanted traffic to improve performance and visibility into critical systems and processes to secure connected operational environments. The joint solution can also be integrated with security information and event management, as well as other systems, to establish an automated threat response. In addition, the NPBs integrate with tools such as firewalls to improve policy enforcement and mitigate unwanted traffic.
A developer of Modbus firewalls for industrial control networks has released PortBloque E, adding Ethernet firewall functionality and Modbus TCP/UDP deep packet inspection to filter and block harmful and unwanted Modbus traffic. These capabilities make the PortBloque E suitable for automation, utility, and energy operators who want to protect serial Modbus devices from Internet attacks. The browser-based interface gives operators customization flexibility. Operators can control Modbus traffic by slave IDs, function codes, and block commands that repeat too soon. Additionally, operators can define a permissible range of slave registers and values to prevent malicious memory access. The offering also provides bidirectional conversion between Modbus RTU/ASCII and Modbus TCP/UDP.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.