As industrial automation networks forge new paths based on IT technology (Ethernet protocols), production and cost efficiency will skyrocket—but potential security issues may increase, too. Although IT/OT convergence brings IT and OT networks together to streamline data exchange, remote access and connection to external networks, it also intensifies security risk exposure.
Convergence brings another challenge to the forefront as well: The use of more network-connected devices like high-definition cameras and displays requires more bandwidth and data throughput.
A next-generation industrial firewall helps you balance strong security and reliable, streamlined network performance.
What Does “Next Generation” Mean?
Before we get too far, let’s define “next generation” and what it means for firewalls.
Next-generation industrial firewalls build on the capabilities of legacy (traditional) firewalls. Through port, protocol and application inspection and blocking, they examine every connection between the network, the Internet and the firewall to make sure it’s valid and secure. This minimizes uninvited traffic and lets authentic traffic travel across the network.
Next-generation firewalls also add capabilities like application-level inspection, URL blocking and intrusion detection and protection—they’re “application aware.” In other words, they can control and see into applications to pinpoint which are safe. This provides network operators with more transparency and the opportunity to reduce vulnerabilities by inspecting traffic at a more detailed level.
How Next-Generation Industrial Firewalls Can Help You
What benefits will next-generation industrial firewalls bring to your site? Here are a few examples of what they’ll allow you to accomplish:
- Reduce Real-World Threats: Because they monitor communication in production networks, next-generation industrial firewalls stop possible unauthorized intrusion and prevent data infiltration through policy-based visibility and control over applications, users and threats. By taking a defense in depth (DiD) architecture approach, they create several layers of security that make it more difficult to gain unauthorized access to data and systems.
Some of today’s best next-generation industrial firewalls incorporate the latest threat detection and prevention technology with fast encryption and dynamic routing to identify and stop possible attacks earlier. This reduces the number of manual tasks required to keep up with security threats, allows you to better control how employees and devices access the Internet and applications, and improves response time.
- Confidently Adapt IIoT: As the Industrial Internet of Things (IIoT) trend drives greater connectivity between industrial devices and enterprise information systems, next-generation firewalls are a natural step to protect networks no matter what devices or applications are used.
The firewalls are designed to transmit more data for maximum throughput. This is especially important as additional sensors and devices connect to the network to collect and transmit data around production lines, machine servicing and bottlenecks.
- Accommodate Different Staff Skillsets: It’s no secret that IT/OT convergence brings teams with varying skillsets together. This can make it a challenge to find someone capable of configuring an industrial firewall. Next-generation industrial firewalls make configuration simple and reduce the burden on in-house staff, regardless of experience level.
Through a learning mode, the device can be configured to capture information about traffic and create firewall rules automatically based on what occurs. Using this setting, your team can apply rules in test mode to study blocked traffic and consider all options before making final decisions. This also allows operators to easily select which connections should be allowed as part of the firewall configuration.
- Eliminate Durability and Compatibility Concerns: In industrial environments, it’s vital to look for next-generation firewalls created specifically for the market. Manufacturers and utilities have unique demands when it comes to firewall protection—and a standard enterprise security appliance may not fit the bill.
Not only will a next-generation industrial firewall offer the features and benefits your environment needs, but it is also built to withstand harsh environments, extreme temperature fluctuations, impact, etc. Ruggedized hardware ensures years of uninterrupted operability and eliminates the need for constant equipment maintenance and/or replacements.
- Comply with Necessary Regulations: Next-generation industrial firewalls can help you comply with the ever-changing security regulations that align with electricity, oil and gas, and water and wastewater industries, such as NERC CIP, ISA/IEC 62443 and NIST. This minimizes worry about violation—and the fines that come along with it.
Meet EAGLE40 by Hirschmann, a Belden Brand
To optimize cyber protection in industrial automation environments, Belden recently unveiled EAGLE40: a cost-effective, next-generation industrial firewall designed for OT applications to maximize uptime and protect critical infrastructure regardless of network throughput.
Unlike subscription-based approaches, EAGLE40 is a one-time purchase that reduces total cost of ownership and includes ongoing support and software updates to eliminate license and service fees.
It also offers:
- An easy-to-use graphical HTML5 user interface and customizable modules to make device configuration easy for users at any skill or knowledge level
- The ability to segment a control network into security zones
- Support of OSPF dynamic routing and VRRP router redundancy for improved security
- Three Gigabit Ethernet ports with up to 1 Gb/s throughput to transmit more data at any given time
- The ability to withstand a temperature range of -40 to 70 degrees C
- Efficient, convection-cooled metal housing to ensure 24/7 network monitoring
Belden’s history is rooted in designing networks for the OT world. Our experts understand the pain points and challenges you face; they can offer real-world recommendations to secure your data as you work toward IT/OT convergence.
Have questions about next-generation industrial firewalls – or securing IT/OT networks? Send us a note and one of our experts will help you explore your options.
- Webpage: EAGLE40 - Industrial Network Firewall Security
- Webpage: Cybersecurity Solutions
- Video Series: Network Security with HiOS
- Solution Brochure: Cybersecurity in Discrete Automation
- Solution Brochure: Cybersecurity in Process Automation
- Solution Brochure: Cybersecurity in Energy
- Solution Brochure: Cybersecurity in Mass Transit
Thomas Rodenbusch-Mohr is a Product Manager at Belden for Managed DIN-rail Switches. Before joining the Belden Industrial Networking Team in 2018, Thomas worked for ABB in Marketing and Product Management roles with a focus on Building Automation technologies. He holds a Bachelor of Engineering degree in Electrical Engineering from the Cooperative State University Mannheim and a Master of Business Administration (MBA) from FOM University Mannheim.