SCADA & Critical Infrastructure

As traditional industrial systems and Operational Technology (OT) become more connected, cyber threats unique to this sector represent a significant danger for your organization. Cyberterrorism can harm not only your production, but also your image and reputation. Choosing a cutting-edge security solution designed with OT in mind can shield you against cyber threats and provide you with peace of mind.

Protecting your production line from A to Z

As the age-old saying goes, time is money. Any vulnerability in your network represents potential downtime – an unacceptable outcome for your bottom line. New attacks regularly show the weakness of unprotected systems and the value of a comprehensive, up-to-date security solution. However, operational constraints reduce opportunities for updating industrial systems.

Stormshield is the only security vendor that offers you a comprehensive solution to effectively respond to both IT and OT threats. By integrating Stormshield security solutions, you benefit from multi-layer protection for your production systems without any negative impact on your operations.

Stormshield Network Security’s intrusion prevention system combines protocol analysis and a comprehensive signature database to proactively defend against attacks and provide real zero-day protection. With built-in industrial protocol analysis tools, this technology guarantees an impenetrable first line of defense for your production environment.

The SNi40 was specifically designed for industrial environments. This industrial firewall is ruggedized to withstand harsh environments and offers impact-free integration and real-time appliance mapping. It also boasts a software based management console, acting as your one-stop shop for managing network equipment – whether they be IT or OT appliances. It enables you to deploy this level of protection as closely as possible to your machines. That way, you incorporate a single software product into your systems so that you have one administrative center, whether for management software or industrial systems. The SNi40 is also the only product on the market to have received First Level Security Certification (CSPN) from ANSSI, to comply with the French regulatory requirements (LPM - military programming law) on the qualification of detection and protection equipment for Information Systems of Vital Importance (SIIV).

Workstations: a weak spot in the security chain no more

In a Microsoft Windows environment, workstations represent a potential weak spot in your operations systems. A suitable solution must cope with highly sophisticated cyberattacks as well as human negligence, a major cause of cybersecurity incidents.

Stormshield Endpoint Security offers the perfect solution to this issue by combining two means of protection that are both stand-out features on the market today:

  • A behavioral analysis engine that is built into the operating system and analyzes all commands in order to detect unusual behavior that may exploit vulnerabilities in applications. Given that it requires no signature database, it is particularly effective in meeting industrial environments’ constraints relating to updates and in providing a high level of protection against the most sophisticated attacks.
  • A powerful peripheral control engine ensures that people use their workstations properly. This workstation management includes, in particular, control of the use of external storage devices such as USB drives and verification that workstations are in good shape (up-to-date with Windows patches, computers are clean, etc.). For this reason, our solution is essential for fighting against data theft and malware that might be present on unauthorized endpoint devices.

Secure remote workstations and access

Sometimes an industrial system must be opened up for remote maintenance operations. Unfortunately, this creates a weakness in your system that cybercriminals will certainly exploit. Stormshield combines two technologies to provide the only comprehensive solution that both ensures remote access protection and secures the remote workstation:

  • Stormshield Network Security: the IPSec VPN and SSL VPN features, coupled with connection encryption and strong user authentication, allow you to integrate mobility into your industrial infrastructure while guaranteeing highly secure access.
  • Stormshield Endpoint Security: an ideal proactive solution for unconnected environments that does not use a signature database and thus does not require updates. It also offers contextual security management for workstations, raising the level of security when a workstation is connected to the industrial VPN.

Ensure network availability

The consequences of network congestion, loss of connectivity, or a denial-of-service attack (DDoS) range from productivity loss to serious environmental damage. To ensure service continuity even in the event of a malfunction, Stormshield Network Security offers a high availability (or fault-tolerance) feature. Our solutions were specifically designed to be deployed within industrial networks and include a bypass functionality that guarantees connectivity even when equipment is shut down.

The Stormshield Network Security suite also includes Quality of Service solutions that prevent network congestion and provide connectivity that is 100% reliable. Controlling bandwidth and prioritizing traffic will also protect you from denial-of-service attacks (DDoS). Lastly, Stormshield solutions are designed for fast and easy integration, minimizing the production environment’s unavailability during setup.

Taking inventory of industrial equipment

Effectively managing risks within the industrial network requires exhaustive knowledge of your assets. However, in a constantly evolving environment, decentralized workstation management can quickly become a challenge.

When connected with your machines, Stormshield Network Vulnerability Manager makes it easier to regularly manage your system’s inventory: identify all protocols used within your industrial network and all the equipment in your operational infrastructure. With our comprehensive visual supervision tool, you have a real-time list of all the devices that are active on your network.