Network security appliance
First Claim
1. A method of securing a networked industrial device using a security appliance, the security appliance coupling the network industrial device to a data network, the method comprising the steps of:
- monitoring, in the security appliance, data traffic originating from the industrial device to other devices accessible through the data network, for determining attributes associated with the industrial device;
receiving, at the security appliance, encrypted management connection data originating from a management server connected to the data network, from packets addressed to the device;
sending, to the management server, the determined device attributes, utilizing the address associated with the device as the originating address for the packet;
receiving, at the security appliance, encrypted configuration data from the management, from packets addressed to the device, wherein the configuration data is selected by the management server based upon the supplied device attributes;
managing packets between the industrial device and the network based upon the configured data; and
periodically sending an encrypted heartbeat message to the management server utilizing the address associated with the device as the originating address for the packet.
2 Assignments
0 Petitions
Accused Products
Abstract
A network security appliance that provides security to devices in industrial environments by transparently bridging traffic to the endpoint device. The security appliance securely communicates with a management server for receiving configuration data for operation of security modules in the appliance by encrypted communications. The security appliance utilizes the network address of the industrial device when communicating with a management server and is addressed by the management server using the address of one of the protected devices associated with the appliance. Learned device characteristics are provided by the appliance to the management server which tailors software and security rules to specific network vulnerabilities of the device and control protocol. The security appliance sends periodic heartbeat messages to the management server using the network address of the device. The heartbeat message can also report anomalous events which may required additional software being provided from the management server to the node.
181 Citations
20 Claims
-
1. A method of securing a networked industrial device using a security appliance, the security appliance coupling the network industrial device to a data network, the method comprising the steps of:
-
monitoring, in the security appliance, data traffic originating from the industrial device to other devices accessible through the data network, for determining attributes associated with the industrial device;
receiving, at the security appliance, encrypted management connection data originating from a management server connected to the data network, from packets addressed to the device;
sending, to the management server, the determined device attributes, utilizing the address associated with the device as the originating address for the packet;
receiving, at the security appliance, encrypted configuration data from the management, from packets addressed to the device, wherein the configuration data is selected by the management server based upon the supplied device attributes;
managing packets between the industrial device and the network based upon the configured data; and
periodically sending an encrypted heartbeat message to the management server utilizing the address associated with the device as the originating address for the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A security appliance for protecting one or more industrial devices downstream of the security appliance in a data network, the security appliance comprising:
-
a heartbeat module for generating an encrypted heartbeat message to a management server in the data network, utilizing the address associated with one of the devices as the originating address for the packet;
a communications module for processing packets transmitted from the management server, addressed to one of the devices downstream of the security appliance, the communications module decrypting data embedded in the packets; and
one or more security modules configurable by the management server, the modules providing security management on data transiting the security module between devices on the network and one or more industrial devices downstream of the security appliance based upon security profiles associated with each one or more industrial devices. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A data network comprising:
-
a plurality of networked industrial devices;
a plurality of security appliances, each appliance associated with one or more of the plurality of industrial devices, the security appliance transparently bridging the industrial device to the data network and providing management of data traversing to and from the industrial device based upon identified characteristics of the associated industrial device;
a management server for managing the plurality of security appliances; and
wherein the management server communicates with the plurality of security devices by utilizing an address of one of the associated industrial devices and the plurality of security appliances periodically sends an encrypted heartbeat message to the management server utilizing address information of an associated device as the source of the heartbeat message. - View Dependent Claims (19, 20)
-
Specification