mGuard Cybersecurity Now with OPC Inspector and Conditional Firewall


At Hannover Messe 2014, Innominate will present the upcoming version mGuard 8.1 of its security appliance firmware with unique new functions for industrial cybersecurity. Its new module mGuard OPC Inspector masters the complex connection tracking of OPC dialogues across their changing ports and connection directions, thus enabling an effective control and filtering of OPC based on the stateful inspection firewall principle. For OPC communication via mGuard routers, even NAT methods such as masquerading or 1:1 NAT mapping can be used thanks to a special deep packet inspection technique – a true world first and little sensation for experienced OPC users.



With the new Conditional Firewall functionality, pre-defined situational firewall rule sets can literally be activated at the push of a button. By various simple triggering events, asset operators can thus switch between firewall rule sets for different operating conditions, e.g., when different connections shall be allowed or denied during production, maintenance, or remote servicing situations.



Given the threat to industrial systems by ever more targeted attacks with malware, there is also increased user interest in the mGuard Integrity Monitoring functionality. This option provides for the surveillance of industrial PCs against potential infections and manipulations and has been further improved in its usability. Besides physical mGuard appliances, all of the functions mentioned are also available in another showcased new software product, mGuard eVA, the embedded Virtual Appliance for Windows PCs.



Background Information

The classic OPC protocol has been criticized long time for the IT security deficits and notorious firewall unfriendliness it inherited from Microsoft’s DCOM model. Also, while OPC communication via routers is allowed, the masquerading or rewriting of addresses by network address translation (NAT) often desired for the integration of machinery and equipment into upper level networks has not been feasible without the help of additional OPC tunnels so far.



With OPC Unified Architecture (OPC-UA), a newer generation of OPC based on updated foundations is available which avoids the above deficits. However, the penetration of the market and installed base with this new technology is progressing slowly. Particularly in existing brown field plants, OPC classic will continue to be deployed for many years to come. Without add-on products, conventional firewalls will remain ineffective for OPC, resulting in poor network security of these applications.



Press Contact



Innominate Security Technologies AG

Christina Mueller

Rudower Chaussee 13

12489 Berlin

Germany

e: cmueller@innominate.com | tel: +49 30 921028-050 | fax: +49 30 921028-020

www.innominate.com | www.twitter.com/mGuardcom


All Topics