Secure network architecture

We provide a series of specific services for implementing secure network architectures

 

 

Once the OT network has been segmented, it is essential to have systems and devices to make it easy to document the full network inventory, manage it centrally, see the incidents associated with the hardware devices and software applications and monitor their use by different users.

These types of systems are essential for carrying out audits and forensic analysis. Furthermore, external access to OT networks (which is often essential for the users themselves and for integrators, contractors and systems engineers) needs to take place securely.

We provide a series of specific services to help implement secure network architectures:

SIEM systems

Monitor and protect your equipment (SCADA, Historian, OPC servers, HMI clients) and OT network devices (routers, firewalls, switches) by centrally managing network incidents and associated events. SIEM systems enable you to:

  • Make inventories of hardware and software.
  • Monitor users.
  • Monitor OT network equipment and devices.
  • Centrally manage network incidents and associated events.
  • Configure white and black lists for network access.
  • Store critical information on the security events that occur.
  • Carry out audits and, if necessary, forensic analysis.
SNMP monitors

Based on the SNMP (Simple Network Management Protocol) protocol, we provide solutions that enable you to draw up inventories and graphically represent full network architecture and topology using a single management and maintenance console (MultiConfig ®).

These types of monitors enable you to:

  • Manage by hierarchy (domains, subdomains, networks, subnetworks, etc.).
  • Automatically recognise a wide range of items of equipment (predefined templates) based on the LLDP (Link Layer Discovery Protocol).
  • Configure and control network equipment (ports, connections, servers, switches, routers, firewalls) status in real time.
  • Manage network events (status improvement or worsening, confirmed event, modified configuration, device added, etc.).
  • Generate log reports accessible over the web.
  • Incorporate log information with other higher systems (SIEM, Historian, etc.) via SNMP OPC.
  • Integrate them into other SCADAs as ActiveX.
Virtual Private Networks (VPN)

A VPN (Virtual Private Network) enables secure private (virtual) use of a public network (ensuring the integrity of the information, its encrypting and confidentiality).

Our solution is based on IPsec (Internet Protocol Security) and permits two modes of use: transport mode (in which the two items of equipment that create the VPN are specified, e.g. a firewall and a PC) and tunnel mode (in which two firewalls create the VPN to which authorised users have access).

What can I use a secured VPN for?

To:

  • Connect two LANs.
  • Connect several LANs.
  • Connect a PC (external) to a LAN.

Protect your industrial environment