EtherGuard protects embedded devices and safety-critical industrial control systems (ICS) against sophisticated attacks from internal and external attacks. Using EtherGuard’s government certified encryption, commercial and government customers achieve the network security necessary to safeguard communications against malware infections by trusted computers, deliberate insider attacks within a secure trusted enclave, or connections by unauthorized devices. EtherGuard has been specifically designed to provide the additional inspection and detection capabilities needed to defeat these attacks and keep critical devices safe.
Once an attacker is in the trusted zone a distributed control systems (DCS) and supervisory control and data acquisition systems are defenseless and if compromised an impact an entire facility or operation. EtherGuard extends security to the controller itself, protecting it against an attack wherever it occurs. Utilizing its proprietary DarkNode™ technology, EtherGuard prevents attackers sweeping a DCS or SCADA network to discover what devices and services present, their quantities and type, and hide the controller architecture from view.
- Protects machine-to-machine (M2M) communications
- Affords visibility and control over content
- Deep packet inspection (DPI), can control protocols and inbound commands, as well as their origin.
- DPI provides an independent means for monitoring and managing device input.
- Known device vulnerabilities can be blocked entirely.
- Undesired application-level functionality is blocked.
- Both a local or wide area network (Layer 2) security, and/or public network (Layer 3) security
- VPN and Ethernet trusted encryption algorithms
- Proven secure implementations to ensure our solutions have no weakness or compromise
- Small system size, weight, and power design for optimal functionality
- Maintains high-speed encryption with exceptionally low latency
- Flexible Encryption
- Layer 3 IPsec IKEv2 VPN encryption with NSA Suite B only modes
- Layer 2 AES-128/256 Ethernet encryption
- Separate VLAN encryption to stop security breach propagation
- OCSP, RADIUS authentication
- Traffic inspection & attack prevention
- Network access control
- Industrial firewall
- Protocol filtering
- Application layer command filtering
- User definable rulesets
- Network protections
- DarkNode technology to prevent malicious information gathering attempts
- Port authentication
- Data & management traffic separation
- Out-of-band management option
- FIPS 140-2 Level 2 validated/ Common Criteria certified
- Embedded OEM encryption module available