Tofino Event Logger LSM

Reliably logs security events and alarms

  • Increased industrial network reliability
  • Triple protection against data loss
  • Easy data collection for standards compliance

 

 

Reliably monitoring and logging security events and alarms that occur on industrial networks is critical for identifying network threats, better securing plants, and complying with standards such as ISA/IEC 62443 and NERC CIP.

The Tofino Event Logger LSM is an event logging system created specifically for the industrial world. It reliably records and protects security events and alarms information in SCADA and process control environments, and is designed to be effective even when communication links are sporadic.

It is unique because it can record and backup security events and alarms simultaneously to remote IT syslog servers, a USB storage device in the Tofino Security Appliance (SA), and/or to a Tofino CMP (Central Management Platform). Because of this, it provides triple protection against data loss.

In addition, the Tofino Event Logger LSM is deployable with or without connections to a traditional IT syslog server or a Tofino CMP so that it can be used where servers are not available.  It is the ideal solution for control networks that do not have PCs.  It can also be used with Tofino Security Appliances that are IP address-free, resulting in enhanced security and stealth.

Summary

Saves You Money Through:
  • Increased industrial network reliability by recording network events and alarms
  • Easy data collection for standards compliance (e.g. ISA/IEC 62443 and NERC CIP)
  • Reduced implementation, engineering and IT costs due to ease of deployment

Features
  • Provides triple protection against data loss by simultaneously recording security events to syslog servers, a Tofino CMP , and local Tofino SA memory
  • Protects event information even if communication links are interrupted
  • Deployable with or without connections to a Syslog Server or a Tofino CMP
  • Enables a Tofino Security Appliance to hold up to 20,000 security events and alarms in its memory
  • Logs sent to a syslog server can be transported using UDP, TCP, or TLS protocols
  • Interoperates with other Tofino LSMs to provide SCADA-capable firewall protection

Applications
  • Reliable event recording in SCADA environments with sporadic communications
  • Providing secure information from SCADA to traditional IT syslog servers
  • NERC CIP compliance: Monitoring (CIP 005), Ports & Services (CIP 007), and Security Status Monitoring (CIP 007)
  • ISA-99 compliance when implemented as a part of the Tofino Industrial Security Solution

Specifications

Event log generation

Enables a Tofino SA to log security and events alarms simultaneously:

  • To a syslog server
  • Locally in the Tofino SA, for forwarding later when a connection is restored or for offloading to a USB storage device
  • To the Tofino CMP

Event log back up

  • Continues to save logs even if syslog communications are interrupted
  • Enables a Tofino SA to save up to 20,000 security event logs locally

Transport protocols

Logs sent to a syslog server can be transported using UDP, TCP, or TLS

Encryption

Event logs sent to a syslog server can be encrypted (AES-128-CBC) for added security

Standards compliance
  • NERC CIP compliance: Monitoring (CIP 005), Ports & Services (CIP 007), and Security Status Monitoring (CIP 007)
  • ISA-99 compliance: Helps create Zone-level Security™ when implemented as a part of the Tofino Industrial Security Solution

Configuration method

Simple, centralized configuration using the Tofino CMP

Operating modes

All standard Tofino modes supported:

  • Passive: all traffic allowed, full reporting of new devices with SAM LSM
  • Test: all traffic allowed; alerts generated as per user rules
  • Operational: traffic filtered and alerts generated as per user rules

System requirements

Ordering information

Part number: LSM-LOG-100

Name: Tofino Event Logger LSM

  Download Tofino Event Logger LSM Data Sheet