key benefits cyberfence - ultra-3eti. · pdf filecyberfence is the only solution of its kind...
TRANSCRIPT
CAPABILITIES OVERVIEW
Embedded computers and remote devices that run critical operations are
extremely important in managing automation and control systems by collecting
and communicating data directly back into the network. However, these devices
were never designed with security in mind, making them highly susceptible to
cyber-attacks or unintentional interference.
3eTI’s CyberFence solutions protect machine-to-machine (M2M) communications
using advanced, cyber protection for vulnerable edge-devices without disrupting
network operations. CyberFence assures that only you maintain control and visibility
of your critical devices despite increased cyber threats. Unlike competitors, designed
for general enterprise applications, our devices are specifically designed to provide
strong cryptographic defense-in-depth protection for critical infrastructure and tactical
communication systems used by military, government and industrial customers.
CyberFence is the only solution of its kind independently validated and lab tested
by the US government to ensure correct development and implementation. No
other cyber security device rises to this standard, ensuring safe and secure control of
devices and systems.
KEY BENEFITS
• Government certified: Independently validated security by NIST and NIAP
• Accredited: Information assurance (IA) enabled solutions
• Robust: DPI advanced content inspection options
• High-performance: For video, voice and data cyber security protection
• Proven: In use by military and federal organizations
• Experience: Benefit from expertise of NATO cyber security experts
• Customizable: Configurable to address specific security objectives
• Plug & play: Quick and easy implementation and management
• OEM-ready: Embedded OEM options available
CyberFenceM2M Cyber Security for Critical Operations
The Most Advanced Cyber Security for Control & Communications Systems Available
Applications• Embedded SCADA/DCS systems
• Critical automation systems
• Zone and conduit security as per NERC, IEC and ANSI/ISA standards
• PLC/RTU communication security
• Display-only HMI panels
• Secure remote access to PLC data
• Protect legacy devices / computers
• Bolt-on encryption / authentication
• Protect connections to partner networks and wireless networks
• Improve process control network reliability and performance
Critical Infrastructure Protection Embedded Cyber Security for Industrial Control Systems (ICS)
All critical infrastructure — from the power
grid to steel manufacturers, reservoirs and
transportation systems, to hospitals and
airports have unique electrical, environmental
and operational requirements for their
SCADA and process control systems that can
make traditional IT-focused security solutions
unsuitable or insufficient.
The vast majority of cyber security is designed for enterprise computing,
and so industrial systems are often limited to network firewalls and
anti-virus for their PCs. As a result, many critical systems operate with
little protection against the real threat of accidental or malicious cyber-
attacks targeting systems today. Entire plants have been shut down by
an infected USB key or a misconfigured network device.
CyberFence readily accommodates both new and existing legacy
systems without adding complexity. It affords selective and imperceptible
monitoring to fortify one or multiple network endpoints without
interfering with current system performance.
Applications• Protect unmanned
aerial vehicles (UAV)
• Fixed or mobile weapons systems
• Protect sensor system links
• Harden physical surveillance systems
• Secure satellites, fiber & wireless communications
• Secure remote connectivity to units over the Internet
Tactical Communications SecurityM2M Cyber Security for Mission Critical Systems
The modern, connected battlefield enables
enhanced situational awareness and effective
command and control. However, in many domains,
cyber-protection doesn’t extend much beyond
the network core only protecting against some
external attacks.
Diminished control of any machine or interface
limits the operator’s ability to respond effectively
in situations where lives may be at stake. Sustained and comprehensive C2
of any system hinges on a strong cyber-defense strategy that layers security
against internal and external threats for impenetrable endpoint protection.
CyberFence enforces the authenticity, integrity, and authority of C2 data
from the core to the edge, ensuing that data and systems can be trusted to
provide accurate situational awareness and execute commands.
Originally designed to help the defense sector meet federal security
mandates, CyberFence’s crypto modules are FIPS 140-2 validated for
sensitive data communications. Additionally, the system’s approval to
operate (ATO) status with the DoD is complemented by its advanced
information assurance data protection capabilities.
Product Solutions
DarkNode
Protect critical networks where latency and integrity are paramount
• Fully protect network / conduit interfaces
• Monitor and alert to unauthorized activity
• Out of band management option to prevent interference of operational data traffic
• DPI* and firewall rulesets can be uniquely configured to each user and protocol
• Encrypt end-to-end communications of vulnerable industrial / legacy protocols
EtherGuard
Securely connect devices across untrusted networks such as the Internet
• Secure devices making them inaccessible to attackers on an untrusted network
• Integrate multiple layers of security control, including DPI* option to protect critical devices
• Focused to the protection of embedded devices or machines
• Fits anywhere a critical or sensitive device is connected to a wide-area network
EtherWatch
SCADA firewall that protects industrial control networks and embedded devices
• Advanced application-layer firewall and protocol specific DPI*
• Deploy at critical locations to monitor traffic and issue alerts
• Invisible and undetectable by an attacker
• Manage either through the network or through a dedicated management port
UltraCrypt
Efficiently encrypt high capacity networks
• Create a secure link within the existing network
• A high-speed Layer 2 in-line encryptor with high throughput
• MPLS & VLAN encryption
• Easy to configure and manage either in-band or out-of-band over a separate network
• Secure over-the-network rekey
• Network obfuscation
* Deep packet inspection (DPI), can currently support BACnet, Modbus TCP, OPC, EtherNet/IP and DNP3 control protocols and inbound commands, as
well as their origin.
Industrial Facility
Headquarters
Internet
CyberFence Starter KitsThe CyberFence Starter Kit is an all-inclusive, plug-and-play cyber security solution that makes it easy to test drive 3eTI’s innovative endpoint cyber technology for embedded devices. The CyberFence Starter Kit allows you to mix and match a traffic encryption solution that fits your network; select from 3eTI’s EtherGuard or DarkNode devices which provide protections such as port authentication, access-control, and application level packet inspection.
Flexible endpoint protection options for any embedded device
PRODUCT COMPARISON
Solutions Description DPI* Firewall Encrypt MbpsFIPS
140-2 Level 2
Common Criteria
Suite B Cap. 802.1X
Out-Band Mgmt
Dark View Tech.
DarkNode FIPS Layer-2 DID Crypto X X V-LAN ~120 X X X X X
EtherGuard FIPS Layer-3 DID Crypto X X VPN ~120 X X X X X
EtherWatch SCADA Firewall X X ~120 X X X X
UltraCrypt High Speed Encryption V-LAN ~450 X X X X X
*Deep packet inspection (DPI), can currently support Modbus TCP, OPC, EtherNet/IP and DNP3 control protocols and inbound commands,
as well as their origin.
CYBERFENCE SERVICES
Evaluation & Risk Assessment3eTI provides security assessment and vulnerability management services to assess and mitigate system cyber security risks without affecting
operational efficiency and reliability. We help empower organizations to create, manage and employ a risk management framework that
meets the strategic goals and deployment operations of a business. 3eTI is proficient in industry standards from ISO, NIST, IEC/ISA, and US
DoD, and can tailor a solution to meet any regulatory or compliance directives under which a business operates.
Key ManagementWhile many systems offer encryption only, we consider and solve the complex key management issues needed to maintain security over
a system’s lifetime. 3eTI only uses secure validated key generation, distribution, and authentication mechanisms for our cryptographic
services, and the process is entirely owned and controlled by the customer.
System IntegrationAll of our products are interoperable with industry standard SIEM, network management, and situational awareness tools, ensuring
that our solutions fit within any existing security solutions. We bring the capability to monitor, detect, and react to security incidents
previously hidden from view. Cyber security can now extend beyond the PC all the way to the critical machines and devices at the edge.
OEM Integration3eTI’s compact CyberFence OEM Modules offers certified security in an even smaller package — easy to connect into any demanding
OEM application. 3eTI also leverages strategic partnerships to embed 3eTI’s core cyber security technology into their platforms.
CAPABILITIES OVERVIEW
Copyright ©2015 Ultra Electronics, 3eTI. All Rights Reserved. 111915-0039713 Key West Avenue · Rockville, MD 20850 · +1 800 449 3eTI · www.ultra-3eti.com