+ All Categories
Home > Documents > Simple and Unbreakable Segmentation for SCADA and ... · Simple and Unbreakable Segmentation for...

Simple and Unbreakable Segmentation for SCADA and ... · Simple and Unbreakable Segmentation for...

Date post: 24-Jul-2018
Category:
Upload: vukien
View: 232 times
Download: 0 times
Share this document with a friend
4
www.temperednetworks.com | © 2018 Tempered Networks. All rights reserved. Tempered Networks believes you should not have to compromise security for simplicity. Our Identy-Defined Networking soluon enables you to easily connect, segment and manage your ICS environment. Simple and Unbreakable Segmentaon for SCADA and Industrial Control Systems (ICS) Use Case Reduced overall network aack surface Lower CapEx and OpEx Faster network and resource provisioning me
Transcript

www.temperednetworks.com | © 2018 Tempered Networks. All rights reserved.

Tempered Networks believes you should not have to compromise security for simplicity. Our Identity-Defined Networking solution enables you to easily connect, segment and manage your ICS environment.

Simple and Unbreakable Segmentation for SCADA and Industrial Control Systems (ICS)

Use Case

Reduced overall network attack surface

Lower CapEx and OpEx Faster network and resource provisioning time

www.temperednetworks.com | © 2018 Tempered Networks. All rights reserved.

2

The Growing ThreatToday’s SCADA and Industrial Control Systems (ICS) represent critical operational assets across many organizations and a large cross section of industries and markets, such as utilities, manufacturing, government, distribution, retail, and transportation. Security experts at the U.S. Department of Homeland Security (DHS) have confirmed that principal activities behind many foreign hacks have been targeted at discovering models of ICS, SCADA systems, and other key hardware/software components of critical infrastructure.

Traditional IT Security Technologies Are Too Complex to Deploy & MaintainComplicating the issue of network security is the operational need to keep ICS systems running at peak efficiency. Unfortunately, efficient connectivity is often compromised in favor of complex and bulky layers of added security, such as cumbersome firewalls.

But firewalls, including next-gen versions, have many rules and restrictive policies that need regular updates. Another strategy is to employ VPNs (virtual private networks) or VLANs (virtual local area networks) to protect systems, but these are also complex options to deploy, maintain, and troubleshoot, particularly when networked systems and machines are in remote areas. It’s also time-consuming and costly to get skilled operational technologies (OT) staff to various sites to effectively troubleshoot or make changes.

The Way Forward with Identity-Defined NetworkingWith IDN, you no longer have to wait weeks to securely provision networks and resources. You can instantly build your own secure overlays that can run over any existing infrastructure, with little to no modification to the underlying switching and routing infrastructure. It’s now easy to deploy highly resilient, on-demand, peer-to-peer enterprise networks.

IDN delivers a simpler and more secure networking architecture with built-in encryption and no certificates to manage, making IT complexity and point product investments a thing of the past. You can now decrease CapEx and OpEx by as much as 50% by reducing the need for internal firewalls, VPNs, ACLs, and VLANs.

Equipment CostCost deploying 1 firewall / VPN per building

TimeEstimated time to deploy: 5 days / building for 1 Full Time Employee (5 x 500 buildings)

HeadcountAssuming an average of 1 net new Net/Sec

Admin per 35-60 firewalls deployed

Cost ComparisonTraditional IP-based Solutions* vs Tempered Networks

Deployment Scenario

Using Tempered Networks IDN solution, this customer was able to securely connect and segment 500 buildings across their large campus network. With built-in encryption, simple micro-segmentation, and scalable network orchestration, they completed the project on time and significantly under budget, while providing a highly available and more secure overlay network model.

* Traditional IP-based Solutions include Firewalls, VPNs, VLANs, Access Control Lists (ACLs), etc.

www.temperednetworks.com | © 2018 Tempered Networks. All rights reserved.

3

Modernize and Improve the Performance of Aging Control Systems There is a lot of data collected from SCADA and ICS equipment, but much of this data is often not used by older control systems and applications. Additionally, these older systems cannot run endpoint software to protect themselves, making it costly and complex to achieve secure connectivity.

With IDN, plant upgrades become strategic and systematic tasks with a secure networking architecture that increases availability and reduces risk. This makes it easy to connect and segment any legacy equipment (even serial-over-IP) using public Internet, with end-to-end encryption.

Bridging the IT/OT Divide As organizations continue to increase the number of connected devices across converging IT and process networks, the question becomes how to overcome the gap between IT and OT? Who will take responsibility for the connectivity and security of tens of thousands of devices?

Using our simple point-and-click orchestration engine, you can build overlay networks in minutes for specific SCADA and ICS equipment, with little to no modification to the underlying switching and routing infrastructure. It’s now possible to give local control over individual overlays to business units, without the risk of impacting the rest of the network. With the IDN platform, you don’t need 10 years of IT experience to configure and manage network and security policies, allowing your most talented IT staff to focus on innovation, not the networking details.

Compliance Just Got Easier You can now strengthen your cybersecurity posture by leveraging IDN to build an integrated, automated, simple, and secure network architecture that achieves the recommended security outcomes contained in the National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF). With built-in security and a level of connectivity that simply hasn’t been possible until now, IDN delivers strong cybersecurity risk management practices for SCADA and ICS to protect the confidentiality, integrity and availability of data.

With Tempered Networks, you can align with the CSF Core and achieve secure connectivity and segmentation at scale for any device, across any network environment, anywhere in the world.

A Better Way to Connect SCADA and ICS EquipmentWith IDN’s simpler networking architecture, there is no longer a need for organizations to have different security and networking architectures for their physical IT environment, industrial and manufacturing environment, virtual environments, and cloud workloads.

With the IDN fabric, you can connect, encrypt, and segment any device across any physical, virtual, and cloud environments. For the first time, securely networking and managing thousands of endpoints across separate networks is easy and practical.

Tempered Networks enables you to consolidate your network and reduce the number of point products and tools using our unified secure networking architecture.

Requirements Traditional IP-based Solutions Tempered Networks

Unified networking & security architecture No Yes

Micro-segmentation across LAN/WAN No Yes

Peer-to-peer encryption No Yes

High availability & resiliency No Yes

Access by explicitly trusted whitelisted machines No Yes

Instant revocation & quarantine No Yes

Instant micro / macro failover No Yes

Eliminate IP Conflicts No Yes

Technology comparison between traditional IP-based solutions and IDN

www.temperednetworks.com | © 2018 Tempered Networks. All rights reserved.

4

3. IDN RoutingHIPrelay

World’s first identity-based router that authorizes, encrypts and connects peer,

private, and previously unrouteable endpoints

2. IDN EnforcementHIP Services

Software runs on or adjacent to any host / instance, as the network policy and

security enforcement points

1. IDN OrchestrationThe Conductor

Creates, manages, and automates distributed policy to all HIPservice and

HIPrelay endpoints

Three software components are needed to quickly build your own IDN across any network, without modifications to the underlay.

Our HIP Services software runs on a broad array of platforms, including cloud, virtual and physical hardware (HIPswitches), which are ideally suited for commercial and industrial deployments such as field devices, Point of Sale systems, building management systems, Industrial IoT devices, robotics, and much more.

With a large number of ports, fast Ethernet, Serial over IP, single or dual cellular modem configuration as well as Power over Ethernet (PoE out), you can eliminate the cost and complexity of having separate Ethernet switches, VPNs, firewalls, cellular modems/routers, and APNs.

IDN fabric architecture is inherently secure and mobile.

HIPswitch 100g HIPswitch 250g

Contact [email protected] for a no obligation demo.


Recommended