Secure Gateways featuring DPI firewall, work order-based technician access to assets and system-wide management tool
Strict enforcement of identity and access policies via Authentication Proxy Access for NERC CIP V6 compliance
DPI SCADA FIREWALL
Whitelist-based, distributed IP and Serial DPI SCADA firewall (DNP3, ModBus, IEC-101/104, S7)
SECURE VPN CONNECTIVITY
Communication with central site via IPsec VPN over cellular & fiber with X.509 certificates
Up to 16 x 10/100 and 2 x 100/1000 SFP ports, as well as RS-232 ports with protocol gateway functionality
Cellular 2G/3G/4G/LTE dual-SIM modem for operator redundancy or for remote substations with no LAN connectivity
FIT FOR HARSH ENVIRONMENTS
Designed for operation under harsh temperature and radiation conditions
Radiflow’s secure gateways include the full-featured iSEG RF-3180 for critical operational units, the iSEG RF-3180 for small remote sites that require a secure connection to a limited number of devices, and the iSIM Industrial Service Management Tool for managing arrays of secure gateways.
iSEG RF-3180: Secure Gateway for Remote Sites and Substations
The iSEG RF-3180 secures both M2M (Machine to Machine) and H2M (Human to Machine) traffic by incorporating DPI (Deep-Packet Inspection) capability for analyzing SCADA network traffic.
Once connected to the OT (SCADA/ICS) network, the iSEG RF-3180 immediately begins to gather information from across the network (devices, behaviors, etc.) and suggest editable firewall rules. Upon detecting an anomaly the 3180 will automatically generate alerts, block the abnormal activity and isolate any affected sub-networks.
To facilitate NERC CIP V6 compliance, the iSEG RF-3180 includes an APA (Authentication Proxy Access). It grants authenticated users access to predefined devices and functions, all fully logged. Integration with a physical identity server system also allows other authentication methods, e.g. magnetic card.
Radiflow’s whitelist-based, distributed DPI firewall ensures uninterrupted control over the network. Installed at every port for both Serial and Ethernet traffic, meaning that every access point at the remote site is firewalled. Each SCADA protocol packet is validated by the firewall engine not only for its source and destination, but also for its protocol and packet content. The distributed firewall structure enables the creation of a unique firewall at each access point on the network, which is especially important for securing insider attack.
The iSEG RF-1031 Secure Gateway was designed for small remote sites that require a secure connection to a limited number of devices. It offers security solutions for both M2M (Machine to Machine) and H2M (Human to Machine) traffic by incorporating a DPI (Deep-Packet Inspection) firewall, as well as a user-identity firewall.
Authentication proxy: Compliance with NERC CIP V6 via APA (Authentication Proxy Access) for network access management
IP SCADA firewall: DPI firewall or monitoring all network traffic and managing physical and remote access control systems
Secure VPN connectivity: Communication with central site via IPsec VPN over cellular & fiber with X.509 certificates
Resilient network uplink: Connectivity via LAN or Cellular Modem with dual SIM for HSPA +/ LTE CDMA 450MHz
SCADA protocols gateway: Validation by the firewall for source, destination, protocol and packet content
Fit for harsh environments: Radiflow’s iSEG 1031 was designed for operation under harsh temperature and radiation conditions
iSIM is an intuitive network management tool for Radiflow’s secure ruggedized gateways installed at remote sites and substations. iSIM provides a real-time view of all networked devices and allows combining devices on disparate networks into a single group for simple cross-network maintenance, thus increasing the cost-effectiveness of the operator’s overall cybersecurity operation.
iSIM significantly simplifies OS upgrading by creating device groups and allowing for group batch provisioning (accompanied by a detailed report upon completion.) iSIM periodically backs up device configurations to the server. This backup can be used to restore the configuration of devices that had been misconfigured due to human error, or should a physical replacement of a device be needed.
Radiflow’s devices offer advanced security features such as a distributed firewall and task-based validation of human-to-machine (H2M) sessions. This enables granting access to only specific end-devices without exposing the entire network. All user access and activities are fully logged.
Radiflow’s distributed firewall enables enforcing security profiles across the network according to predetermined policies. iSIM translates the security profiles into firewall rules, which are automatically uploaded to the secure gateways across the network. This ensures that the same profiles are used across the network.
When service maintenance is needed but granting access to the entire network is not acceptable, Radiflow’s APA (Authentication Proxy Agent) allows setting a time window for accessing a specific device via the distributed firewall.
iSIM enables selecting specific Radiflow devices on the network and creating custom firewall rules for each device. This in effect creates, during the allotted time window, a direct tunnel from the technician’s PC to the specific SCADA device (PLC, IED, RTU, etc.) without exposed the entire network. At the end of the access window a detailed log file is generated with all of the technician’s operations.
iSIM provides a map view of the network topology, divided into sub-networks, indicating each edge device (by Radiflow or otherwise) such as PLCs, RTUs etc.
Events reported to iSIM by Radiflow’s networked devices are presents in an aggregate view.
Operational alerts are prioritized and color-coded, and presented graphically as map links. The user is able to filter alerts by severity, protocol and more.
Traffic analysis tools:
Log files with all violations
Log files for the maintenance process
Traffic statistics of links in the network
Performance-over-time graphs for selected links
Cross-network maintenance: Combine multiple iSEG Secure gateways on different networks into maintenance groups for easy batch OS upgrades
Security violation alerting: Filterable, prioritized security alerts from across all managed gateways, with all required exception details
User-access management: Security profiles are converted into firewall rules, which are automatically uploaded to the secure gateways
Automatic database backup: Automatic backup of device settings databases for restoring misconfigured devices or setting up failover gateways
Network performance analysis: performance visibility including traffic statistics and reports for maintenance log files and
Authentication management: Radiflow’s Authentication Proxy Agent allows setting time and device access constraints, for maintenance activities
Esta web utiliza cookies para que podamos ofrecerte la mejor experiencia de usuario posible. La información de las cookies se almacena en tu navegador y realiza funciones tales como reconocerte cuando vuelves a nuestra web o ayudar a nuestro equipo a comprender qué secciones de la web encuentras más interesantes y útiles.
Cookies estrictamente necesarias
Las cookies estrictamente necesarias tiene que activarse siempre para que podamos guardar tus preferencias de ajustes de cookies.
Si desactivas esta cookie no podremos guardar tus preferencias. Esto significa que cada vez que visites esta web tendrás que activar o desactivar las cookies de nuevo.