Drives and Controls Magazine
Home
Menu
Industrial security appliance 'overcomes firewall limitations'
Published:  17 October, 2016

Rockwell Automation has announced an industrial security appliance incorporating new security technologies designed to protect plant-floor systems. It says that the Allen-Bradley Stratix 5950 overcomes limitations of most IT firewalls, which cannot protect against threats to industrial network traffic.

The new device is the first to use a deep-packet-inspection (DPI) technology, developed by Rockwel in collaboration with Cisco, that helps to inspect the Common Industrial Protocol (CIP) and other industrial protocols.

An industrial firewall incorporating DPI technology extends visibility down to the plant floor, enabling logging of traffic patterns, and allowing informed decision-making that follows a set of security policies. Users can log a range of data for any network connection or protocol – such as EtherNet/IP – including where the traffic is coming from, where it is going and the application with which it is associated. While IT managers previously had this visibility, now both plant and IT managers can use the new technology to manage network traffic more securely from the plant floor to the enterprise.

The device also uses Cisco’s Adaptive Security Appliance (ASA) firewall and FirePower technology to create a security boundary between cell/area zones, or to help protect a single machine, line or skid. This supports compliance with IEC 62443.

“Combining ASA firewall, FirePower and DPI technology gives IT professionals the granular visibility and control they need to protect industrial networks,” says global product manager, Divya Venkataraman. “With the Stratix 5950 appliance, users can now configure and enforce policies that help prevent potentially malicious firmware updates and program downloads. This helps enhance the integrity of plant-floor operations.”

Rockwell Automation's industrial security device extends IT security technology to the plant floor

An optional subscription license is available with the appliance, offering subscribers ongoing threat and application-signature updates to help protect their systems against the latest security threats.

The new Din-rail-mounting device includes four 1-gigabit Ethernet ports, and is available with copper-and-fibre or copper-only, small form-factor pluggable (SFP) slot options. The industrially hardened module is IP30-rated and can withstand electrical shocks, surges and noise. It can operate in temperatures from –40°C to +60°C.