DEEP PACKET INSPECTION

Detect threats to your factory floor by inspecting every CIP message and restrict those that contain threats. The DPI engine is compatible with Modbus TCP and EtherNet/IP devices.

REMOTE ACCESS FIREWALL

Protect everything from individual machines to full-scale control systems using remote access. Secure your factory by blocking unauthorized operations and hiding internal addresses from external users.

NETWORK ADDRESS TRANSLATION

All the NAT services you’ll ever need without the annoying CLI. The ICS-Defender is an all-in-one Network Address Translator: 1:1 NAT, 1:many NAT, Port Forwarding and outbound NAT.

INTRODUCING

The ICS-Defender NAT/RA LICENSE

Your Entry Level Security License

It’s three products in one!

The ICS-Defender NAT/RA License provides you with a manufacturing router with a stateful firewall, a Remote Access Secure SSL VPN server and Network Address Translation server. With the NAT/RA License you can:

  • Limit NAT access to your PLC to only those users you have authorized.
  • Control who can use the Remote Access server and what devices they are authorized to access.
  • Allow access to your programmable controllers to ONLY a select set of on-site personnel.
  • Authorize users from either a local list or your Active Directory (AD) or Radius Server.

Plus, you’ll enjoy the historical and real-time graphs, logging, alerting and built-in network troubleshooting.

PRICING/DATASHEET

NAT/RA and MINI Platform

LITE/DPI and MINI Platform

FOR EVEN MORE SECURITY, ADD DEEP PACKET INSPECTION

THE ICS-DEFENDER LITE/DPI LICENSE

The ICS-Defender LITE/DPI License includes all the features of the NAT/RA plus an additional layer of protection for your Allen-Bradley PLCs. With the Deep Packet Inspection engine, you can authorize only specific CIP commands. With Defender DPI, you can secure your PLC from a remote user (attacker) from:

  • Viewing confidential PLC tags.
  • Writing a single tag or all tags in the data table.
  • Modifying the PLC operating mode (Prog/Run).
  • Executing any CIP command that you haven’t explicitly authorized.

The LITE/DPI Defender is the only device that can prevent an attacker, even if they manage to impersonate a legitimate user, from accessing your PLC. The attacker will only be able to execute the routine, authorized operations normally performed by that user.

PRICING/DATASHEET
…AND FOR THE POWER USER SECURING CRITICAL INFRASTRUCTURE

THE ICS-DEFENDER PRO LICENSE

The ICS-Defender PRO License, with all the features of the LITE/DPI Defender and a large assortment of additional features, is what every security professional needs to secure critical Allen-Bradley PLC based infrastructure. With Defender PRO you can:

  • Ensure operation of your critical process using the seamless failover built into your Defender PRO.
  • Double your bandwidth by adding a second path from your control network to your IT network through the Defender and have the Defender automatically load share the two connections.
  • Not only limit what your vendors can access, but schedule when your vendors can access your PLCs and other network devices.

The Defender PRO is the best choice for flexible, reliable and redundant security.

PRICING/DATASHEET

PRO and MINI Platform

Which ICS-Defender License is Right for You?

NAT/RA

LITE/DPI

PRO

Network Address Translation, including: 1:1, 1:many NAT, Port Forwarding and outbound NAT
Captive portal where users can be authenticated from a local database or from your active directory
Remote Access using a VPN server
Stateful firewall to implement security policy for the control network
Graphical user interface – no CLI required
The Deep Packet Inspection engine supporting EtherNet/IP and Modbus TCP
Network Asset Detection
Support for the Rockwell FactoryTalk® AssetCentre
Extended firewall support to include multiple WAN support and scheduled rules to restrict traffic to specific days and hours
Configuration of the Defender as a primary or secondary in high availability applications
APC UPS Control

Three ICS-Defender Hardware Platforms

nano
-
2x RJ45 NICS
No Moving Parts
Fanless Design
24VDC Power Entry
DIN Rail & Bracket Mounting Options
0° to 50°C (32° to 122°F)

Datasheet

License Support

  • ICS-Defender NAT/RA
  • ICS-Defender LITE/DPI
  • ICS-Defender PRO
MINI
Best Value
4x NICS (4x RJ45 or 2x RJ45 and 2x SFP)
No Moving Parts
Fanless Design
24VDC Power Entry
DIN Rail & Bracket Mounting Options
0° to 50°C (32° to 122°F)

Datasheet

License Support

  • ICS-Defender NAT/RA
  • ICS-Defender LITE/DPI
  • ICS-Defender PRO
XL
-
8x NICS (8x RJ45 or 6x RJ45 and 2x SFP)
No Moving Parts
Fanless Design
24VDC Power Entry
DIN Rail & Bracket Mounting Options
0° to 50°C (32° to 122°F)

Datasheet

License Support

  • ICS-Defender NAT/RA
  • ICS-Defender LITE/DPI
  • ICS-Defender PRO

The ICS-Defender MINI platform is the best all-around value and most popular unit.

Call 800-249-1623 for price and availability on other platforms.