A factory OT network is a delicate environment – when you’re adding a new piece of equipment or making any kind of change, how do you make sure there are no interruptions?
One of the most important advantages of our network protection solutions, EdgeIPS and EdgeFire, is their support for more than 50 different ICS protocols. Supporting these protocols smoothly while preserving low latency is ideal for preserving your work site’s productivity and security. There are two kinds of protocols: public and private.
Public protocols are very widely-used and supported, which is the foundation of their advantages:
- Information on how to work with or understand the code contents of public protocols is freely available to the public.
- If you have a problem, there’s a large community also using the protocol that will offer support.
Some common public protocols are Modbus, DNP3, and Ethernet/IP.
If I’m a hacker making an attack, I can easily search public documents and information about public protocols to get a vulnerability specific to that protocol. EdgeIPS and EdgeFire can monitor and protect against these kinds of attacks, removing that advantage for hackers.
Large corporations often like to create private (or proprietary) protocols for their own machines to use. Examples of private protocols include Mitsubishi Electric, Siemens, and OMRON. After creating their own protocols they will work to strengthen them and maximize the advantages of private protocols:
- Private protocols are more difficult for outsiders to understand because there are no open documents to be studied. To understand a private protocol, hackers will have to spend a lot of time reverse engineering or analyzing network traffic.
- If devices running a company’s proprietary protocol can only communicate with other devices from that company, their devices must always work together as sets.
Unfortunately, modern cyberattacks such as TRISIS have shown us that attackers have already begun to learn these private ICS protocols. Once a network using private protocols is hit by a cyber attack, help will only come from the protocol’s producer, while more common and widely-used public protocols receive support from an entire community of users and developers that are interested in creating a solution.
While there are many protocols with which an ICS might work, many of which are private, each protocol is still run over TCP-IP. In order for a device to work with protocols, it must be able to understand their structure and recognize commands, which is quite difficult and labor intensive. This is why EdgeIPS and EdgeFire come equipped to recognize and support so many different kinds of protocols – this allows us to safeguard your network regardless of what kind of equipment you’re running.