Automation network managers still believe that setting up firewalls to isolate the automation network from other external networks will be fully protected. Deceptively, threats often enter the automation network directly through notebooks, removable media, and VPNs, completely bypassing perimeter defense solutions.
A secure automation network should protect not only your perimeter but also your internal network. TI Safe is the first Brazilian company to provide specific solutions for the internal security of industrial networks through professionals from the automation area, with technical recognition and international certifications for security architecture of SCADA (CSSA) systems.
Industrial firewalls segment control networks into safety zones. They must be installed on all network segments demarcated in an industrial cyber security project. They are configured to inspect network packets to allow only authorized flow to and from the automation network.
Figure: Palo Alto Industrial Firewall PA-220R
- Protection of industrial networks
In its Rugged model, it is indicated for edge safety of electrical substation networks, water treatment stations (ETAs), sewage treatment stations (ETEs), and any other type of critical network in hostile environments.
- Protection of devices without their own security features
Automation devices may not have native security. With the use of automation firewalls, protection layers can be added without the need for updates to existing systems.
- Real-time security
Industrial firewalls enable real-time data traffic to equipment confined to the same security segment.
- Robust design
Suitable for uncontrolled environments with different temperature and humidity levels, it has the following features:
- High availability active / passive and active / active (HA)
- Passive cooling (no fans) to reduce noise and power consumption
- RJ-45 ports with built-in surge protection
- 12-24VDC power inputs for power redundancy.
Unidirectional security gateways replace firewalls in high security industrial environments against attacks originating from external networks. The solution works with a pair of devices: a transmission (TX), which contains a laser to send data; (RX), which contains an optical receiver. It is physically impossible to send data back to the transmission device, providing complete security between networks. Systems marketed by TI Safe allow the replication of databases, files or even the visualization of screens for remote support.
Figure: Waterfall solution working architecture
Protect your networks from cyber attacks and operational disruptions with Nozomi SCADAguardian. The Solution quickly detects cyber threats and process anomalies, providing unprecedented operational visibility. SCADAGuardian automatically discovers the assets of the industrial network, including its components, connections and topology. It also develops security and process profiles, as well as monitoring the system in real time for any change.
SCADAGuardian provides exclusively: Comprehensive and hybrid detection of threats to ICSs, combining rules based on behavior, signatures and analysis of artificial intelligence. Capture of incidents and superior forensic tools. Easy integration and sharing of information about ICS and cybersecurity with IT / TA environments. Enterprise-class scalability when deployed with your Central Management Console.
Figure: Architecture of the SCADAguardian Solution
- Network Visualization and Modeling: Improve system and process awareness with a visualization interface that shows all network assets and links.
- ICS Threat and Anomaly Detection: Quickly detects threats to cyber security, risk and process anomalies; Hybrid Threat Detection combines best behavior-based anomaly detection with rule-based threat detection (YaraRules, Packet Rules and Assertions) and artificial intelligence analysis; Detects intrusions: scan attacks and MITM · complex or zero-day attacks · known files or malware packages and more; Detects unauthorized behavior: remote access · Configurations · Downloads · Changes in controller logic · Issues for PLC projects and more; Detects states of concern: Wrong settings · Weak passwords · Lost updates · Open ports · Communication faults and more.
- Asset inventory: Asset self-discovery saves time and is always up-to-date; Asset visibility makes it easy to view, find, and detail information about assets.
- Vulnerability assessment: automated device vulnerability identification saves time and improves cybernetic resilience
- Panels and reports: Custom dashboards, detailed reports, and ad hoc queries provide real-time visibility that improves cyber security and operational efficiency.