Perimeter security and network segmentationWe provide services and technologies to help you protect, fortify and segment networks
SCADA network analysis
We perform analysis of SCADA networks by carrying out three phases (preparation, execution, analysis). This in turn is executed by means of the following six stages:
- Signing of the commitment.
- Compilation of information.
- Planning, design and adaptation of the analysis form.
- Collecting information.
- Analysis of information.
- Presentation of results.
The five aspects we analyse are:
- Physical security.
- Network electronic configuration.
- Visibility and access between networks.
- Network fault tolerance and availability.
You are sure to ask what differentiates the firewall your IT department implements in your “back-office” and the firewall we recommend you use in OT environments. Here is the answer:
- Industrial firewalls have been designed specifically with environmental settings and industrial network operation in mind.
- Their installation and deployment is not intrusive or invasive.
- Their configuration and rule management modules are easy to use.
- They incorporate specific features to enable you to increase OT network security
- They can be installed between SCADA and PLC systems to carry out DPI (Deep Packet Inspection). That is,they enable traffic to be segmented by specifying typically industrial protocols (Modbus TCP/IP, Ethernet IP, OPC, etc).
The main differences between traditional and industrial firewalls are summarised in this figure.
The data diode is a hardware device (there is no firmware as in the case of firewalls) that separates/protects two networks by ensuring unidirectionality of information flow.
It ensures that the information from one network reaches another network (but not vice versa). If your environment is really critical and you want to equip your infrastructures with an almost unbreakable level of security, the solution you need to apply is the data diode.
Diodes replace the traditional DMZ and usually have certifications such as Common Criteria EAL 7+ (Netherlands Scheme), Common Criteria EAL 4+ (Norwegian Scheme), NATO (Secret), NATO Green Scheme Evaluated, NL-NCSA (Secret), BSI (Secret) and NERC-CIP Compliance Vendor.
They are based on the use of proxies either side of the diode with specific appliances for critical infrastructures and OT environments such as Modbus replicator, OPC replicator, OSIsoft PI replicator and general appliances such as file transfer, software updates, e-mail, database replication, network printing or network monitoring.