Secure Connectivity for IoT Devices and Industrial Control Systems
The tremendous number and variety of devices coming online with the rise of the Internet of Things (IoT) gives cybercriminals a target-rich environment. Managing and securing the ever-growing number of internet connected remote devices is posing new challenges to organizations of all sizes.
Consider the scale and the potential cost of getting security wrong: Todays Industrial Control Systems (ICS), ATMs, vending machines, HVAC equipment, cold storage and refrigeration systems, water and sewage treatment, public transportation, armored cars, even traffic control and digital signage equipment are all now connected to the internet. By definition, each and every one of them is exposed to increasingly sophisticated cyber threats.
Barracuda offers highly secure, ultra-small and ruggedized devices for advanced network security, encrypted communications, and cost-effective connectivity. Full integration into the Barracuda Firewall Control Center architecture guarantees hassle-free centralized management for tens of thousands of remote devices.
- Secure Digital Transformation for Internet of Things and connected industrial devices
- Economical rollout with Zero Touch Deployment
- Highest level of scalability to connect and protect thousands of devices
- Enforcement for SCADA protocols
- Permanent and on-demand connectivity for IT and OT
- Secure Remote Access to manufacturing assets
Quick and Easy Deployment
Every “thing” needs a firewall for protection. Without a firewall, these connected devices easily become a target for cybercriminals. They can use devices as bots for a DDoS attack, or to infiltrate the network for other reasons. But how do you handle the deployment of thousands of firewalls?
Zero Touch Deployment lets you deploy appliance units directly from the factory to the desired remote location without requiring on-site IT personnel. Simply connect the unit, power it up and it will automatically select a suitable uplink to the internet and retrieve the appropriate configuration from the Firewall Control Center.
Easily Scales to Tens of Thousands of Remote Locations
The Barracuda Solution consists of three components:
The Secure Connector Appliance establishes an encrypted connection between IoT devices and the Machine Access Security Broker, using Barracuda’s proprietary enhanced IPsec protocol ‘TINA’, which is more resilient and provides better performance than most competitive VPN solutions.
The Machine Access Security Broker acts as a connectivity hub for up to 2,500 Secure Connector appliances. It enforces security policies with the full feature set of Barracuda CloudGen Firewalls, including IPS, Denial of Service protection, Application Control, URL Filtering, Virus Scanning, and even Advanced Threat Protection.
Barracuda Firewall Control Center enables centralized management and secure remote connectivity for tens of thousands of IoT devices from a single pane of glass.
Analysis of Industrial Protocols
Machine-to-machine communication uses a variety of familiar protocols, but also many protocols that are little known in mainstream IT. Some of them are partly or fully proprietary and cannot be easily analyzed by regular firewall systems. Barracuda Cloud Generation Firewalls support a wide range of protocols used in SCADA environments including S7, MODBUS, DNP3, and others.
Joint Operations between IT and OT
The digital transformation in today’s manufacturing processes requires permanent and on-demand connectivity with customers, partners, and suppliers on a rapidly increasing scale. The challenge is to find the appropriate mechanism to securely connect OT (operational technology) with IT (information technology) and to manage this process.
The firewall in an industrial machine must be understood both as an integral part of IT’s network of firewalls, and as an integral operating part of OT’s network of machines. Both IT and OT must be flexible about change and lifecycle management to succeed with this model.
Secure Remote Access in Industrial Environments
Most design paradigms do not allow for remote access outside certain narrow environments. The Barracuda Cloud Generation Firewall’s Remote Access feature makes it extremely convenient to grant secure, temporary VPN access to sensitive parts of manufacturing assets for third-party-maintenance providers.
The IT admin can configure granular permissions to let specified Operations staff open a predefined remote VPN connection, and authorize a third party to use it, via phone or tablet. Onsite Operations staff need no IT expertise.