REALIZE THE FULL POTENTIAL OF YOUR FORTINET FIREWALL WITH RICH ASSET INFORMATION FROM ISID
Industrial cyber security is one of the core features of transitioning OT infrastructures to Industry 4.0 levels.
The following dynamics are having a dramatic affect to protect the growing attack surface and enable the business to remain highly competitive:
These trends and the ensuing challenges they introduce require contextualizing the cyber-securing of industrial (IACS) network, in terms of OT asset type and function and the different interconnected business processes that make up the industrial operation.
Leveraging Fortinet’s open API’s between Fortinet’s Fortigate Next Generation Firewall and Radiflow’s iSID Industrial Threat Detection System delivers simplicity and operational optimization ensuring security threat vectors are detected and remediated, ensuring industrial processes occur as prescribed.
HIGHLIGHTS OF THE JOINT SOLUTION
BETTER-INFORMED RULES & POLICIES
Firewall policy rules, which define the firewall behavior when faced with a set of conditions (e.g. “block all external communications to an IP address”) are the foundation of any industrial cyber-security system.
However, without a clear picture of the network—which asset is located at each IP address (e.g. PLC, RTU, HMI), which business process the asset belongs to and the criticality level of the business process (for example, a PLC belonging to a high-pressure turbine would have a higher criticality score than the same device controlling the manufacturing floor lighting)—it would be very hard to set rules that reflect the actual nature of the industrial facility’s operations.
The joint solution between the Fortigate NGFW (Next Generation Firewall) and Radiflow’s iSID not only equips the Fortigate firewall with a clear model of all assets, asset types, protocols and ports on the network, it also provides the criticality of each asset. This enables configuring rules for otherwise undetected assets, as well as rules that much better comply with the security needs of the industrial operator.
FortiGate’s policies dashboard, used for setting asset communication policies
QUICK & SIMPLE SETUP
Linking between iSID and FortiGate and configuring firewall rules for different asset types is quick and easy – simply enter the identifiers of the FortiGate firewall (Name, IP address, Port and API token, source interface and destination interface), hit enter, and you’re done. Then, for each available asset type (HMI, PLC, Server, Router, Historian, OPC Server and Engineering Station) the user is able to select a behavior: None, Block and Allow.
Once iSID connects to Fortigate and its underlying OT network, it detects all of the assets on the network via passive monitoring, along with their status (Active or Inactive), type, name, and IP and MAC addresses.
Depending on the organization’s OT environment, iSID is able to conclude the business process each asset belongs to and assigns a severity (criticality level for that asset; these definitions can be changed manually)
The list of iSID’s newly detected assets automatically syncs with FortiGate, where the firewall rules can be further tweaked to determine the firewall rules for incoming and outgoing traffic, for each asset.
