Loadable Security Modules

Control networks vary widely in size and architecture - every one is unique and custom to the plant in which it was installed. But traditional security products have fixed functions and don't adapt well to unique requirements.

 

The Tofino Industrial Security Solution was designed from the ground up to be adaptable to your needs, based on a software-defined flexible architecture. Rather than hard-coding a fixed set of security features, the Tofino Industrial Security Solution packages each individual security function in a firmware module called a Loadable Security Module (LSM).

 

LSMs may be installed in any combination on your Tofino Security Appliances to provide a flexible, custom solution for your security needs. And new LSMs are being released on a regular basis, so the Tofino Industrial Security Solution will grow and evolve over time to provide the best-in-class cyber security you need.

LSMs

Firewall

Traffic Control Cop for industrial networks

Traffic Control Cop for industrial networks
A control engineer defines rules that specify which devices are allowed to communicate, and which protocols they may use.
Any traffic that does not match the rules will be blocked and reported as a security alert.

Secure Asset Management (SAM)

SAM tracks and protects your network devices

Tracks and protects network devices
Passive Asset Discovery detects network devices without any probing.  Assisted Rule Generation guides the user through definition of firewall rules to manage network traffic.

Modbus TCP Enforcer

Content inspector for Modbus

Content Inspector for Modbus
A control engineer defines rules that specify which Modbus function codes and register/coil addresses may be accessed. Any traffic that does not match the rules will be blocked and reported as a security alert.

OPC Enforcer

Content inspector for OPC Classic

Content Inspector for OPC Classic

Inspects, tracks and secures every connection that is created by an OPC application. It dynamically opens only the TCP ports that are required for each connection, and only between the specific OPC client and server that created the connection. It’s simple to use – no configuration changes are required on the OPC clients and servers.

Event Logger

Reliably logs security events and alarms

Helps identify network threats, better secure plants, and comply with standards such as ANSI/ISA-99 and NERC CIP. Provides triple protection against data loss in SCADA and process environments.