Extranet   Home | Legal & Privacy Notice | Search | Sitemap
flash

Industry Networks

Protecting Industrial Process Automation and SCADA (Supervisory Control And Data Acquisition) Networks with Intrusion Prevention System (IPS) Transparent Access Control (TAC)

Industrial networks are used to transfer data between factory process or production machinery and their control center. For example, a large paper machine cannot run for more than 15 minutes if its control network is down. It is easy to calculate the resulting profit losses. The industrial network forms the core of your business.

Secure information flow between business and production

In an extremely critical environment it would be ideal to have a production network that is totally separated from the office network. On the other hand, having a connection to the office network brings several business benefits. From the business point of view, it makes sense to connect the industrial network and the office network with each other. It is only logical that information should flow easily between business decision makers and production floor systems. That information flow is bidirectional. Business decision makers need also reports and other statistical feedback and information from the production process.

Security risks become reality

Nowadays, most industrial networks are already connected to the enterprise or office network. Often there is only one small router hidden somewhere connecting these two networks. This router has no security implemented; it just physically connects two networks with each other. Sometimes it is well known that there is a connection between the different networks, but the security risk is not seen. Most of the time, the whole connection is just ignored.

Ten years ago this was not a real problem, because network discovery or scanning tools were not that easily available. Today, worms and other malware carry scanning tools with them. These tools will methodically find their way from the office network into any network that is connected to it and not adequately protected.

The problem is that the production process is very vulnerable to any disturbance. Thus, attacks against industrial networks can easily take the whole production line down. To make things even worse, industrial networks are often so-called flat networks. This means that segmenting does not protect the network and all machines in it can have access to each other. This is a big problem when, for example, a worm enters the network. It has access to all machines, infects them and takes them down within seconds.

  industry nw

Connecting production and corporate networks

Is it possible to connect the production and corporate networks together safely, without having to take the whole production line down?

Yes, it is. The answer is StoneGate Intrusion Prevention System (IPS) Transparent Access Control (TAC). It offers both basic firewall access control features and advanced Intrusion Prevention System features. StoneGate IPS TAC segments networks into separate security zones and at the same time performs deep packet inspection to the traffic that goes between them.

Easy installation without the need to change existing network configurations

StoneGate Intrusion Prevention System Transparent Access Control is an efficient security device. Moreover, is is easy and flexible to install, and the installation can be done without disturbing the production process. There is no need to make changes in the network configuration, the implementation is fast and does not require any additional resources. For example, StoneGate IPS TAC can be placed in front of the router that connects the industrial network to the office network. As it is transparent, it can be easily plugged into the existing network infrastructure.

Efficient inspection and prevention

StoneGate IPS TAC appliance does not have an IP -address, so it is invisible to worms and other malware. The appliance inspects all the passing traffic, searching for any unwanted traffic that should be prevented from entering the industry network. When malicious traffic is found, StoneGate IPS TAC blocks it immediately, thus preventing any damage to production. Harmful traffic can then be reported for later investigation. Detailed reports, audit and traffic log help auditors in inspecting the IT environment for regulatory compliance.

Undisturbed process flow

As the average time for packet inspection is 0,3 milliseconds, the inspection does not interfere with process flow. Moreover, with fail-open bypass network interfaces and appliance clustering, traffic flow is guaranteed in all conditions, also in case of an appliance failure.

Furthermore, StoneGate IPS TAC can help you to keep the industrial network operational at all times, removing unexpected outages. There have been several cases where IPS TAC has detected an un-noticed, starting failure in the network card of a computer based on the fault traffic they have sent to the network. Broken network cards were then replaced before they actually broke down and the need for emergency work and production outage could be avoided. This kind of preventive maintenance also helps to keep the operational costs down.

Holistic view on network security through unified management

As industry networks and office networks are connected to each other, also security management should be unified. This way the security policy is consistent throughout the enterprise network.

StoneGate IPS TAC belongs to the StoneGate product family that includes firewall/VPN, IPS and VPN solutions, all of which run under the same unified management. This provides a holistic view on network security, helps to minimize security risks and brings down the total cost of ownership (TCO) of large enterprise implementations.