INTRODUCING
The ICS-Defender NAT/RA LICENSE
Your Entry Level Security License
It’s three products in one!
The ICS-Defender NAT/RA License provides you with a manufacturing router with a stateful firewall, a Remote Access Secure SSL VPN server and Network Address Translation server. With the NAT/RA License you can:
- Limit NAT access to your PLC to only those users you have authorized.
- Control who can use the Remote Access server and what devices they are authorized to access.
- Allow access to your programmable controllers to ONLY a select set of on-site personnel.
- Authorize users from either a local list or your Active Directory (AD) or Radius Server.
Plus, you’ll enjoy the historical and real-time graphs, logging, alerting and built-in network troubleshooting.
PRICING/DATASHEET
NAT/RA and MINI Platform

LITE/DPI and MINI Platform
FOR EVEN MORE SECURITY, ADD DEEP PACKET INSPECTION
THE ICS-DEFENDER LITE/DPI LICENSE
The ICS-Defender LITE/DPI License includes all the features of the NAT/RA plus an additional layer of protection for your Allen-Bradley PLCs. With the Deep Packet Inspection engine, you can authorize only specific CIP commands. With Defender DPI, you can secure your PLC from a remote user (attacker) from:
- Viewing confidential PLC tags.
- Writing a single tag or all tags in the data table.
- Modifying the PLC operating mode (Prog/Run).
- Executing any CIP command that you haven’t explicitly authorized.
The LITE/DPI Defender is the only device that can prevent an attacker, even if they manage to impersonate a legitimate user, from accessing your PLC. The attacker will only be able to execute the routine, authorized operations normally performed by that user.
PRICING/DATASHEET…AND FOR THE POWER USER SECURING CRITICAL INFRASTRUCTURE
THE ICS-DEFENDER PRO LICENSE
The ICS-Defender PRO License, with all the features of the LITE/DPI Defender and a large assortment of additional features, is what every security professional needs to secure critical Allen-Bradley PLC based infrastructure. With Defender PRO you can:
- Ensure operation of your critical process using the seamless failover built into your Defender PRO.
- Double your bandwidth by adding a second path from your control network to your IT network through the Defender and have the Defender automatically load share the two connections.
- Not only limit what your vendors can access, but schedule when your vendors can access your PLCs and other network devices.
The Defender PRO is the best choice for flexible, reliable and redundant security.
PRICING/DATASHEET
PRO and MINI Platform
Which ICS-Defender License is Right for You? | NAT/RA | LITE/DPI | PRO |
Network Address Translation, including: 1:1, 1:many NAT, Port Forwarding and outbound NAT | ![]() | ![]() | ![]() |
Captive portal where users can be authenticated from a local database or from your active directory | ![]() | ![]() | ![]() |
Remote Access using a VPN server | ![]() | ![]() | ![]() |
Stateful firewall to implement security policy for the control network | ![]() | ![]() | ![]() |
Graphical user interface – no CLI required | ![]() | ![]() | ![]() |
The Deep Packet Inspection engine supporting EtherNet/IP and Modbus TCP | ![]() | ![]() | |
Network Asset Detection | ![]() | ![]() | |
Support for the Rockwell FactoryTalk® AssetCentre | ![]() | ![]() | |
Extended firewall support to include multiple WAN support and scheduled rules to restrict traffic to specific days and hours | ![]() | ||
Configuration of the Defender as a primary or secondary in high availability applications | ![]() | ||
APC UPS Control | ![]() |