[vc_row][vc_column][vc_wp_text]
[xyz-ips snippet=”metadatatitle”]
[/vc_wp_text][vc_single_image image=”30693″ img_size=”full” css=”.vc_custom_1595863474300{padding-bottom: 20px !important;}”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
As Industry 4.0 is almost yesterday’s phenomena and we are at the gates of Industry 5.0, industrial cyber security is still not enforced and working properly in most of the cases. Back in the old days, most of the Industrial control systems (SCADA/ICS – Supervisory Control and Data Acquisition/Industrial Control Systems) were not connected to the internet nor to the organization’s LAN networks, therefore there was no demand for proper IT security for this segment. Due to the lack of interconnection, the chances of Cyber Attacks were virtually zero.
That was the posture until 5-10 years ago, when the Industrial Systems started to open to the internet and other networks, due to the advances in technology and to the increased need for manageability. This opening greatly enhanced the capabilities of these systems, but also opened a window for miscreants, to hack and abuse these systems and protocols (Like Modbus, where attackers can take over complete SCADA systems).
Of course, hackers and targeted attacks are just one side of the coin and the other side is also working, to create a more secure environment. On the secure side are the Security Framework developers and the device manufacturers.
One of the most recognised framework developers, CISA (The Cybersecurity and Infrastructure Security Agency) states the following requirements regarding the security of industrial networks:
- Industrial and healthcare systems/networks needs to be separated from IT networks with firewalls
- To access Industrial and healthcare systems/networks the organization needs to use secure connection methods (like VPN). The organization also needs to keep the VPN solutions up-to-date to patch its possible vulnerabilities and also needs to secure the endpoints which are connected to the network.
[/vc_column_text][/vc_column][/vc_row][vc_row css=”.vc_custom_1595863933440{padding-top: 20px !important;}”][vc_column width=”1/2″][vc_column_text]
To comply with these guidelines, Palo Alto suggests the PaloAlto PA-220R firewall, what is not just physically optimised for industrial environments, but also with its feature set.
Highlights
- Extended operating range for temperature.
- Certified to IEC 61850-3 and IEEE 1613 environmental and testing standards for vibration, temperature, and immunity to electromagnetic interference.
- Dual DC power (12–48V).
- High availability firewall configuration (active/active and active/passive).
- Fanless design with no moving parts.
- Flexible I/O with support for both copper and optical via SFP ports.
- Flexible mounting options, including DIN rail, rack, and wall mount.
- Simplified remote site deployment via USB-based bootstrapping.
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image image=”30696″ img_size=”full”][/vc_column][/vc_row][vc_row css=”.vc_custom_1595864244171{padding-top: 20px !important;}”][vc_column width=”1/2″ css=”.vc_custom_1595864275787{padding-top: 100px !important;}”][vc_column_text]
The PA-220R is a next-generation, rugged firewall, what enables proper network security in severe, industrial environments, like power plants, manufacturing plants or oil or natural gas refineries.
Due to its rugged design, it’s capable to endure heat, doesn’t contain moving parts and completely dust and interference proof.
[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_gallery interval=”3″ images=”30699,30700,30701,30702,30703″ img_size=”full”][/vc_column][/vc_row][vc_row css=”.vc_custom_1595864392707{padding-top: 20px !important;}”][vc_column width=”1/2″][vc_single_image image=”30707″ img_size=”full” onclick=”link_image”][/vc_column][vc_column width=”1/2″][vc_column_text]
Among ordinary protocols and applications, it supports the OSIsoft PI, Siemens S7, Modbus and DNP3 technologies. Besides segmentation, the device also helps with transparency and control over the network environment.
The Palo Alto proprietary App-ID feature can identify network applications, regardless of network ports, protocols or encryption. To achieve this, the device uses categorization, signatures, protocol decoding and heuristics.
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text css=”.vc_custom_1596093955830{padding-top: 20px !important;padding-bottom: 20px !important;}”]
The PA-220R is capable of blocking both the known IT and ICS based threats, exploits, spyware and malicious executables on all ports, regardless of their technique, and can restrict access and forwarding of files and sensitive data.
Agentless integration with Active Directory, Terminal Services, LDAP, Novell eDirectory and Citris solutions for AAA capabilities and provides easy firewall rule integration with 802.1x devices, proxies and NAC solutions.
[/vc_column_text][/vc_column][/vc_row]