Edge Security aims to prevent unauthorized access and maintain the integrity of information flowing to and from the automation network. To achieve this goal, it is necessary to use a tool and adopt specific policies and procedures.
TI Safe works with an integrated and centralized solution that uses the latest technology to guarantee and monitor the edge security of your company's automation network.
A next-generation firewall is an integrated network platform that combines traditional firewall (address and port control) systems with other filtering features such as deep application packet inspection and advanced persistent threat checking (APTs). They are high performance systems, also used to analyze TLS / SSL encrypted traffic, web browsing content, and offer integration with identity systems such as LDAP, RADIUS and Active Directory, as well as other capabilities.
Figure: Next Generation Firewall Palo Alto
The main characteristics of these systems are:
- Application classification
Identifies the application, regardless of port, encryption (SSL or SSH) or evasive techniques used.
Uses the application, not the port, as the basis for all your decisions about the secure activation policy: allow, deny, schedule, inspect, and apply traffic formatting.
Categorizes unidentified applications for policy control, forensic threat study, or application signature development.
- Applying security policies to all users, anywhere
Implements consistent policies for local and remote users using Windows®, Mac® OS X®, Linux®, Android®, or Apple® iOS platforms.
Enables agentless integration with Microsoft® ActiveDirectory® and Terminal Services, LDAP, Novell® eDirectory ™ and Citrix®.
Easily integrate your firewall policies with 802.1X wireless, proxies, NAC solutions, and any other source of user identity information.
- Prevention of known and unknown threats
Blocks a number of known threats, including exploits, malware and spyware, on all ports, regardless of the common threat evasion tactics employed
It limits the unauthorized transfer of files and sensitive data and securely enables non-work-related web browsing.
It identifies unknown malware, analyzes it based on hundreds of malicious behaviors, and then automatically creates and delivers protection.
- Centralized management
Next Generation Firewall systems should contain the possibility of using centralized management systems to deploy policies and manage resources.
Figure: Centralized Management Using the Panorama Console
Unidirectional security gateways replace firewalls in high security industrial environments against attacks originating from external networks. The solution works with a pair of devices: a transmission (TX), which contains a laser to send data; (RX), which contains an optical receiver. It is physically impossible to send data back to the transmission device, providing complete security between networks. Systems marketed by TI Safe allow the replication of databases, files or even the visualization of screens for remote support.
Figure: Waterfall solution working architecture