ICS & SCADA Security

Following a close coupling of IT and industrial control system environments, security risks now cascade from internet and corporate IT network into Industrial Control Systems (ICS) and SCADA networks. Cyberoam protects connected critical infrastructure against a bevy of cyber and network attacks with integrated threat protection, situational awareness and security controls for ICS including SCADA.

Poor or no authentication in ICS/SCADA protocols, rarely patched control systems, dearth of SCADA-aware firewalls and ICS oriented threat protection remain among the key challenges in securing connected critical infrastructure and Operational Technology in industries like Oil and Gas, Energy Utilities, Automated Manufacturing, Chemicals & Pharma and Water Treatment / Waste Management. Cyber attacks like hacking and malware attacks exploit these security vulnerabilities to cause catastrophic damage.

Cyberoam addresses these security gaps by offering a holistic approach that understands ICS / SCADA network communication, secures against various threat incidents, provides desired situational awareness and enables adequate control over user and network activities while ensuring business continuity through uninterrupted availability of key ICS processes.

Key Highlights

User authentication for ICS/SCADA systems – Cyberoam’s Layer 8 technology enables user-identity based controls, allowing only authorized users to access ICS/SCADA systems, thereby bridging inherent security gap in ICS

Visibility and granular control over ICS / SCADA commands and protocols such as Modbus, DNP3, IEC etc – Cyberoam Firewalls with app-aware (layer-7) capabilities understand ICS & SCADA protocols like Modbus, DNP3, Bacnet and more and can also selectively filter commands and functions like Modbus read, write, diagnostic.

Protection for ICS / SCADA environments against malware infiltration and propagation – Cyberoam provides defense-in-depth enterprise network security to prevent implantation of malware in network when online with features like Gateway Anti-Virus and Anti-Spam, Web filtering and Application filtering.

Prevent exploitation of vulnerabilities in ICS components – With a SCADA-aware Intrusion Prevention System (IPS) having a pre-defined category for ICS / SCADA specific signatures, Cyberoam offers adequate security against threats and hacking attacks that exploit inherent ICS vulnerabilities. Moreover, Cyberoam’s Web Application Firewall (WAF) safeguards against likely web attacks on Internet-facing ICS/SCADA apps like HMI.

Enabling secure remote access to ICS / SCADA systems – Cyberoam provides secure remote access with SSL / IPSec VPN to entities like operators & plant engineers to perform monitoring & diagnostics tasks remotely over the web, ensuring the communication remains encrypted & protected against incidents like eavesdropping by hackers.

On-appliance logging and reporting for enhanced situational awareness into ICS / SCADA & corporate networks – Cyberoam provides real-time visibility into user activities, IPS alerts, ICS commands, VPN activities and more with detailed reports and logs on its network security appliances.

Centralized Security Management and Reporting – To help security administrators tasked with managing security of ICS / SCADA networks as well as corporate IT networks, Cyberoam provides Cyberoam Central Console (CCC) that enables centralized security management for distributed Cyberoam security deployments. Cyberoam’s iView appliance on other hand offers centralized visibility and helps in forensic analysis, incident management and compliance purposes.

Continuity of key business processes and operations – Cyberoam appliances support High Availability deployment modes like active-active, active-passive for network resilience in case of a device failure.