Stormshield announces the launch of its new SNi50 industrial firewall, designed to extend its existing range and address a wider range of mission-critical use cases. The SNi50’s design gives it very high reliability, to meet the stringent demands of operational system availability.
This new model marks a major development in operational cybersecurity. Designed to meet the needs of industries with extensive production lines and operational systems, it features streamlined connectivity and a superior protection index, enabling it to be integrated into the most demanding environments that require a high level of segmentation. The emphasis has also been placed on business continuity because – in addition to enhanced safety – the product boasts exceptional reliability, with an MTBF (Mean Time Between Failures) of 108 years.
Developed entirely in France, the firmware for all Stormshield firewalls has been certified by Europe’s leading cybersecurity agencies, including ANSSI (France), with its Qualification Standard, and CCN (Spain).
Connectivity, high availability and ruggedness for OT environments
The SNi50 has been designed to meet the stringent availability requirements of operational systems (OT). With a high density of copper and fibre interfaces, it is perfectly suited to large-scale critical infrastructure in the transport or healthcare sectors, and provides security for complex sites with multiple production lines in the industrial or energy sectors.
To protect these extended networks effectively, the SNi50 industrial equipment offers a hybrid setup mode with no impact on existing systems, a unified security policy for IT/OT convergence, and in-depth protocol inspection (DPI). It also boasts cutting-edge performance, with firewall throughput of 20 Gbps, IMIX IPS throughput of 4 Gbps and IMIX VPN IPsec throughput of 2.7 Gbps.
Designed to reduce the risk of downtime, it incorporates maximum redundancy mechanisms, with two pairs of interfaces equipped with a bypass function, automatic failover and an emergency power supply, giving it a very high level of reliability.
This means that in the event of unexpected incidents such as a breakdown, the availability of the production line is maintained even in the most complex configurations (multi-site installations, extensive operational networks). Operating over a wide temperature range from -40°C to +70°C, and certified to IP40, IEC 60068-2, IEC 61850-3, IEEE1613, etc., it can be installed natively on DIN rails to adapt perfectly to fluctuations in operating conditions.
Main use cases for the SNi50
The first use case focuses on the fundamental principle of segmenting the industrial or operational network. It is based on setting up security zones and controlling access to them; this specifically includes isolating sensitive assets. This concept of segmentation and access control is part of the best practice for securing networks found in the NIS2 directive and the IEC 62443 standard. The SNi50 combines different deployment modes to ensure that the operational system is partitioned. By combining routing and transparent bridge functions, Stormshield provides security teams with one of the most flexible solutions on the market in terms of deployment. The firewall integrates seamlessly into the existing OT network architecture.
The second use case is for protecting commands sent to machines within the operational system. Its intrusion prevention engine uses Deep Packet Inspection to verify protocol compliance, preventing malicious behaviour. Deep Packet Inspection – which also checks the values sent to the machines – enables the SNi50 to ensure that the commands sent do not disrupt operational processes. This contribution to maintaining continuity of service is reinforced by the safety mode and the two pairs of bypass interfaces. This ensures that the protection solution does not reduce the overall level of availability of the operational system.
The third use case concerns the implementation of secure access for remote maintenance operators, while at the same time meeting the expectations of OT system security managers. Open access makes it easier to carry out maintenance operations, but also exposes the network to cyberattacks. By using secure access via a VPN client, the SNi50 also reduces exposure of the operational network to identified remote operators. By combining secure remote access and in-depth analysis of network packets, the SNi50 is able to enhance remote maintenance security. Checks on protocol conformity and data in transit provide protection against identity theft by remote operators.
This new SNi50 industrial firewall confirms Stormshield’s ability to anticipate the most demanding needs of OT environments while ensuring sovereignty, performance, and availability. With its combination of granular segmentation, deep traffic inspection and secure remote access, this new firewall enables the transport, energy, healthcare and industrial sectors to maintain guaranteed business continuity while controlling their cyber risks.
