Detect threats to your factory floor by inspecting every CIP message and restrict those that contain threats. The DPI engine is compatible with Modbus TCP and EtherNet/IP devices.
Protect everything from individual machines to full-scale control systems using remote access. Secure your factory by blocking unauthorized operations and hiding internal addresses from external users.
All the NAT services you’ll ever need without the annoying CLI. The ICS-Defender is an all-in-one Network Address Translator: 1:1 NAT, 1:many NAT, Port Forwarding and outbound NAT.
It’s three products in one!
The ICS-Defender NAT/RA is a manufacturing router with a stateful firewall, a Remote Access Secure SSL VPN server and Network Address Translation server. With the NAT/RA you can:
Plus, you’ll enjoy the historical and real-time graphs, logging, alerting and built-in network troubleshooting.Buy now
The ICS-Defender LITE/DPI includes all the features of the NAT/RA plus an additional layer of protection for your Allen-Bradley PLCs. With the Deep Packet Inspection engine, you can authorize only specific CIP commands. With Defender DPI, you can secure your PLC from a remote user (attacker) from:
The LITE/DPI Defender is the only device that can prevent an attacker, even if they manage to impersonate a legitimate user, from accessing your PLC. The attacker will only be able to execute the routine, authorized operations normally performed by that user.Buy Now
The ICS-Defender PRO, with all the features of the LITE/DPI Defender and a large assortment of additional features, is what every security professional needs to secure critical Allen-Bradley PLC based infrastructure. With Defender PRO you can:
The Defender PRO is the best choice for flexible, reliable and redundant security.Buy now
Which ICS-Defender is Right for You?
|Network Address Translation, including: 1:1, 1:many NAT, Port Forwarding and outbound NAT|
|Captive portal where users can be authenticated from a local database or from your active directory|
|Remote Access using a VPN server|
|Stateful firewall to implement security policy for the control network|
|Graphical user interface – no CLI required|
|The Deep Packet Inspection engine supporting EtherNet/IP and Modbus TCP|
|Network Asset Detection|
|Support for the Rockwell FactoryTalk® AssetCentre|
|Extended firewall support to include multiple WAN support and scheduled rules to restrict traffic to specific days and hours|
|Configuration of the Defender as a primary or secondary in high availability applications|
|APC UPS Control|