Securely Connect, Network, Access, and Visualize Your Data



Similar documents
SCADA Cloud Computing

Industrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity

White Paper. Next Generation Historians. Improve historical data access and analysis while reducing costs. What s Inside:

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

REMOTE ASSISTANCE SOLUTIONS Private Server

Secure Communication Made Easy

Building Secure Networks for the Industrial World

BlackRidge Technology Transport Access Control: Overview

OPC & Security Agenda

13 Ways Through A Firewall

OPCNet Broker TM for Industrial Network Security and Connectivity

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

WHITE PAPER. Securing Process Control Networks

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

On the use of Honeypots for Detecting Cyber Attacks on Industrial Control Networks

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

INTEGRATING SUBSTATION IT AND OT DEVICE ACCESS AND MANAGEMENT

SECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS

Network Security Administrator

Security Technology: Firewalls and VPNs

GE Measurement & Control. Top 10 Cyber Vulnerabilities for Control Systems

A guide to CLARiSUITE TM network solutions

Evolving from SCADA to IoT

Designing a security policy to protect your automation solution

Off-the-shelf Packaged Software Systems And Custom Software Analysis By Gamal Balady MASS Group, Inc.

Industrial Security Solutions

13 Ways Through A Firewall What you don t know will hurt you

A New Approach to IoT Security

ARTICLE Cloud Computing more than a hype?

White Paper Cloud-Based SCADA Systems: The Benefits & Risks Is Moving Your SCADA System to the Cloud Right For Your Company?

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents

Waterfall for NERC-CIP Compliance

Scalable Secure Remote Access Solutions

Virtual Privacy vs. Real Security

MaaS360 Mobile Enterprise Gateway

SCADAvantage Network Topology System software products

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

UNIDIRECTIONAL SECURITY GATEWAYS. Utilizing Unidirectional Security Gateways to Achieve Cyber Security for Industrial Environments

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

MaaS360 Mobile Enterprise Gateway

Security Considerations for DirectAccess Deployments. Whitepaper

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

WISE-4000 Series. WISE IoT Wireless I/O Modules

Unified Threat Management, Managed Security, and the Cloud Services Model

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Private Cloud Solutions Virtual Onsite Data Center

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Achieving Real-Time Business Solutions Using Graph Database Technology and High Performance Networks

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

Cloud Computing for SCADA

IP-VPN Architecture and Implementation O. Satty Joshua 13 December Abstract

Stateful Inspection Technology

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Technical White Paper

Industrial Firewalls Endpoint Security

Steelcape Product Overview and Functional Description

Secure Networks for Process Control

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

The Value of Bringing Analytics to the Edge

Raising the Bar on Scalability

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Internet of things (IOT) applications covering industrial domain. Dev Bhattacharya

Voice Over IP and Firewalls

Embedded Virtualization & Cyber Security for Industrial Automation HyperSecured PC-based Control and Operation

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

UCIT INFORMATION SECURITY STANDARDS

Cloak and Secure Your Critical Infrastructure, ICS and SCADA Systems

msuite5 & mdesign Installation Prerequisites

From SCADA and ICS to the Internet of Things. Andy Swift Infrastructure Team Lead CNS Group

SSL VPN vs. IPSec VPN

Cisco Virtualization Experience Infrastructure: Secure the Virtual Desktop

Network Security Infrastructure Testing

Executive Summary. The purpose of this document is to provide an overview of the Niagara AX product model.

The State of Application Delivery in 2015

Overcoming Security Challenges to Virtualize Internet-facing Applications

Cloud, Simple Practical Applications On industrial automation, process control and distributed real-time systems

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

Data Sheet. V-Net Link 700 C Series Link Load Balancer. V-NetLink:Link Load Balancing Solution from VIAEDGE

DMZ Network Visibility with Wireshark June 15, 2010

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Relay2 Enterprise Cloud Controller Datasheet

CF & IoT Protocol Support

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

8 Steps for Network Security Protection

Integrating Web Messaging into the Enterprise Middleware Layer

8 Steps For Network Security Protection

Cisco Application Networking for IBM WebSphere

Frequently Asked Questions

The Best Solution for Energy Monitoring and Efficiency

SECURITY ISOLATION GATEWAY ENABLES TRULY CONTROLLABLE IOT ENVIRONMENT

Vladimir Yordanov Director of Technology F5 Networks, Asia Pacific Developments in Web Application and Cloud Security

Transcription:

Securely Connect, Network, Access, and Visualize Your Data 1

Who is Skkynet? Skkynet is the Parent company of; - Cogent Real-Time Systems Established in 1994 Focus on Industrial Automation software Cogent DataHub, WebView - Nic Corporation (Osaka, Japan) Established to focus on the embedded market Develop for M2M, M2C software for embedded devices 2/16/2015 2

Skkynet Secure Cloud Service TM Secure end-to-end platform to connect virtually any industrial or embedded data source, visualize the data, and monitor or control your process or system from almost anywhere. - No programming necessary - Secured by Design No open inbound firewall ports = No internet attack surface No VPNs required Allows for full bi-directional communications and supervisory control 2/16/2015 3

Evolution of Industrial Networks - VPN Plant 1 Plant 2 Plant 3 VPN Plant 4 VPN s assume a trusted device VPN provides a virtualized and private (isolated) network space. The secure tunnels are a mechanism to achieve an appropriately protected path into that space, but the space per-se is not secured. It is a feature that the established VPN space is fully transparent to all protocol and traffic above the link layer. 2/16/2015 4

Evolution of Industrial Networks - VPN Plant 1 Plant 2 Plant 3 VPN Plant 4 Once a user has access to a VPN, they have access to all connected devices on that VPN. Attack surfaces are multiplied by the number of connected devices Security rests with physical possession of a device Some trusted in the hands of employees or under security Some remote where no employee is controlling the device, such as data acquisition device 2/16/2015 5

The Challenges of Industrial Networks (IOIT) Internet of Industrial Things - No central management things and networks are owned and operated by people or companies who are not acquainted - There is a Strong security requirement Jan 2014 Hackers gain 'full control' of critical SCADA systems Over 60,000 exposed control systems found online Jan 2014 - Your Fridge is Full of SPAM: Proof of An IoT-driven Attack Over 750,000 messages came from IOT May 2014 - DHS Confirms U.S. Public Utility s Control System Was Hacked Two separate incidents July 2014 - Dragonfly hackers target 1000 Western energy firms, industrial control systems Dec 2014 - Computer intrusion inflicts massive damage on German steel factory - Unreliable, relatively slow network (Internet) - No agreement on hardware communication protocols - Traditional server/client (master/slave) communication not appropriate (e.g., OPC) - Data aggregation and protocol conversion is key

Extending Industrial Networks Better Solution is Required Isolates all the connecting devices and plants - Never expose an attack surface on either the connecting device or the plant Standards based Preserve existing capital expenditures Moves real-time data at high volumes and high speeds across any network - Simple to configure and use - Deployable on commodity hardware and consumer devices Non-disruptive to existing plants or systems 2/16/2015 7

With Skkynet s Secure Cloud Server Plant 1 Plant 2 Plant 3 Secure Cloud Service TM Plant 4 SCS assumes all devises are untrusted Devices are never granted permission to join the enterprise network, only data passes Firewalls remain closed = NO attack surface If ONE device is compromised, other network devices remain secure 2/16/2015 8

Reversing the Master Slave Relationship Remote Systems Industrial Systems Web Clients Embedded Systems Office Systems MES Initial connection to the cloud server is outbound from the device or the Cogent DataHub Once established, a request is made from the device/system for a websocket connection 2/16/2015 9

Reversing the Master Slave Relationship Remote Systems Industrial Systems Web Clients Embedded Systems Office Systems MES Inbound connection - If the device or system is configured to allow an inbound connection, A websocket connection is established through the same connection path. - Data flows freely through closed firewall ports! - No VPN is required - Both data and connection path are encrypted and secure End to end from the device to the SCADA system - Device/system is never granted access to the SCADA network, only data passes; isolating each connection or remote system from cyber attack 2/16/2015 10

Working with a Mobile Gateway Industrial System Modbus TCP I/O 4/20mA HMI OPC ODBC TCP DDE MES 2/16/2015 CONFIDENTIAL 11

Solution Architecture W ind Tower Application SCADA Node Siemens SCADA Modbus TCP Secure Cloud Service TM Cogent DataHub Tunneller /Modbus No Open Inbound Firewall ports All traffic runs through closed firewalls - securely All data is encrypted SCADA Nodes are securely isolated as connections are not granted network access; only data flows. Allows Analytics to be separated from the remote systems, yet allows for Bi-directional communications and automatic set-point controls Non-disruptive to existing system; No hardware to install No changes to the existing firewall or security settings No VPN to configure Full Featured HMI with user security provisioning Scalable from 1 to 1,000 s of nodes WebSockets over TCP using SSL/TLS WebSockets over TCP using SSL/TLS Analytics Optimization Cogent DataHub Tunneller WebSockets over TCP using SSL/TLS

Technical Differentiation think differently Data Rates and Latency - Real-time data is pushed to the cloud, then pushed to the users. - Publish/Subscribe data delivery - In memory real-time database. Reversing Client/Server Relationship to Keep Firewalls Closed - This allows the in-plant system and remote devices to stream data to the cloud service without exposing itself to the Internet. Data-Centric Infrastructure - Data stays in its simplest form. - The raw data flows from the source, through the cloud, to the user, and gets converted to other formats (such as HTML, XML, SQL, etc.) at the last instant. Redundancy - Independent, hot-standby, redundant cloud systems. LAN-to-LAN via the Cloud - The system maintains a complete copy of the data set on the source LAN, and sends it across to the user LAN, continuously updating it in real time for live replication of the data on both LANs. 13

Opportunities are limitless Highly secure anywhere SCADA access and networking - Any number of facilities can be consolidated Fast time to market - Minimal customer IT involvement - No Programming required SCS is a plug-and-play end-to-end solution - Protects customers existing infrastructure Investment No need to invest in any new PLC s, OPC servers or SCADA systems Plugs into the network to extend real-time access and networking to the cloud No investment in security, VPNs or proxy servers Sticky - No competing services in the market = low cost of entry, high cost of exit Once registered on the service, only option is an in-house solution or custom solution Typical in-house system would be $5,000-$8,000 per location, SCS saves a min of $3,000 per location. - Pricing model matches well with air-time pricing Pricing model is based on data traffic over the service, similar to data plans, but much lower. Customize your services - Easily bundled into a package for customer marketing Mobile gateway + SCS+ carrier data plan - Create add-on services Big data storage, data analytics, consulting services 2/16/2015 CONFIDENTIAL 14

Conclusion Skkynet delivers real-time data services in any form to any machine, virtually anywhere - Secure - Real-time performance - Patented real-time data transport and display technology - Any data source including legacy systems We are in a new connected world We re used to having our computers networked, we re not used to having everything networked Security can no longer be an add-on, it needs to be secured by design 2/16/2015 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information