Overview

Floodgate Defender Appliance™ Mark III is a compact firewall appliance providing drop in protection for devices that are networked and unprotected. Installation and configuration is done in minutes, providing instant protection against cyber-attacks from hackers, denial of service attacks, cyber-sabotage attacks, automated hacking bots, and other Internet-based threats. Floodgate Defender Appliance is powered by the Floodgate Software Products to provide protection, management, and situational awareness for a single end point device or to create a secure enclave providing end point protection to multiple devices.

The Floodgate Defender Appliance provides a secure web interface or the ability to integrate with your corporate policy management system, allowing configuration of customized communication policies. The Floodgate Defender Appliance enforces these policies, dropping unwanted packets before they are passed to the target device, blocking attacks before a connection is even established.

Hackers Targeting Unprotected Devices

Internet-based attacks are on the rise and an increasing number of these attacks are targeting devices in different industries. Cyber-criminals, hacking bots, industrial or international espionage agents, and even terrorist groups are now targeting industrial, healthcare, military and utility systems.

Reported attacks against such devices include:

  • Credit card records obtained by hackers accessing corporate HVAC system
  • X-ray images obtained by hacker accessing a digital X-ray system
  • Automotive manufacturing plant shutdown resulting from a cyber-attack. Hackers breached SCADA systems in 3 different cities (based on an FBI report).
  • Pipeline monitoring system that failed due to a DoS attack
  • Train system delays caused by hackers
  • Sewage spill caused by a control system that was hacked by an insider
  • Pacemakers, insulin pumps and other medical devices hacked by researchers
  • Printers that were hacked for corporate espionage

 

                   

 

Protection for Legacy Devices

Many devices are 10 and even 20 years old, pre-dating concerns over Internet-based threats. These devices were manufactured without adequate security and likely have insufficient resources to run security software. 

Updating to newer systems to improve security may be difficult or impossible.  The cost of replacing existing equipment with new, more secure devices is often prohibitive and, in some cases, more secure devices may not even be available.

The Floodgate Defender helps maintain the investment in existing systems by transparently filtering IP traffic.  No modification to the existing device or network is required.  Simply install the Floodgate Defender appliance, configure the filtering rules, and your existing equipment will be protected from cyberattacks.

Device Protection with Floodgate Defender Appliance

Firewall technology is the cornerstone of security for home and corporate networks. Any modern PC includes a firewall. Yet many industrial control devices, medical devices, building HVAC systems and other existing devices have no firewall. Worse still, many of these devices have been in service for years and include no security features at all. Replacing or upgrading these systems is impractical and expensive.

There are valid reasons to network many of these devices to obtain data and control activities of the device.  Security exposures are created without cybersecurity protection integrated into the device. Cyberattacks are increasing in frequency and sophistication from a variety of sources including data thieves, corporate espionage, national interests, and terrorists.

Floodgate adds security to existing systems without modifying the network, control systems, or legacy devices. Simply install the Floodgate Defender Appliance in front of the TCP/IP connection of the device you want to protect, configure the filtering rules, and Floodgate does the rest. With the Floodgate Defender Appliance you can preserve the investment in your current systems without sacrificing security.

Drop in Protection

Floodgate Defender can be used to protect any device attached to the Internet or any other TCP/IP network.  It is installed between the device and the network and operates transparently; no modifications are required to either the network or to the device being protected. 

Floodgate Defender provides bidirectional firewall capabilities, allowing complete control of communication both to and from the protected device.  A secure web interface allows configuration of customized communication policies.   Floodgate Defender enforces these policies by dropping unwanted packets before they are passed to the target device, effectively blocking attacks before a connection is even established.

 

                   

 

Protection from Cyber-Espionage and Cyber Terrorism

Floodgate Defender provides bidirectional firewall capability, allowing complete control of communication both to and from the target device. Bidirectional firewalling ensures the protected device only communicates with known, trusted IP addresses. Cyber-espionage attacks, data-stealing-malware and any other attacks that attempt to send data from the protected device are blocked. This feature can also be used to quarantine an infected or non-trusted device.

Cyber Terrorists are often highly sophisticated with deep knowledge of the target device, allowing their attacks to disable or bypass traditional security measures. By controlling all communication with the target device, Floodgate Defender can block sophisticated cyber-terrorism attacks.

Protection from Insider Attacks

Insider attacks, whether intentional or inadvertent, accounted for more than 20% of all cyber-attacks, according to a 2011 study. Just because a device is located behind the corporate firewall does not mean it’s safe from attackers.

Floodgate Defender provides an extra layer of defense against insider attacks. Communication policies can be customized for each device, ensuring that non-authorized communication is blocked. Floodgate allows industrial devices to be connected to the corporate network while protecting them from unauthorized users, even from users who have legitimate access to the corporate network. In addition, logging and reporting capabilities can be used to detect and investigate unauthorized access no matter where it originates.

Using the Floodgate Defender Appliance

The Floodgate Defender Appliance can be used to protect any device attached to the Internet or any other TCP/IP network. Floodgate Defender is installed between the device and the Internet and operates transparently; no modifications are required to either the network or to the device being protected. Floodgate Defender will work with any network configuration. Floodgate Defender auto configures based on your network topology.

Blocking Attacks

The Floodgate Defender Appliance uses a set of communication policies to filter packets before passing them to the device for processing. The communication policies define who the device is allowed to communicate with (IP address and MAC address filtering) and what communication is allowed (port and protocol filtering). When a hacker tries to access a protected device, Floodgate Defender recognizes that the source IP address is not a known, trusted IP address and drops the packets. The identified packets are not forwarded to the protected device and the attack is blocked before a connection is even established.

Floodgate Defender also recognizes and blocks common cyber-attacks such as TCP SYN Flood attacks even if they originate from a trusted IP address.

Features

  • Hardened against cyber attacks
  • Secure web configuration interface
  • Log file and email alerts of security events
  • Supports user-defined or default policies
  • Protocols supported: Ethernet: TCP/IP, UDP/IP, & ICMP
  • Filtering modes: whitelist or blacklist
  • Filtering criteria: Ethernet MAC address, Ethernet frame type, IP address, IP protocol, TCP port number, UDP port number
  • DIN rail mounting supported
  • Integration with the Floodgate Security Manager or other SIEM including McAffee ePO

Hardware specifications

  • Size: 4” x 3.75” x 1.25”
  • Weight: 13 oz
  • Operating temperature: 0–70 C
  • Power input: 24 VDC
  • Power usage: 8W full load, 1W standby, 6W low load
  • 2 x 10/100 Ethernet RJ-45 ports

Logging and Alerting

Floodgate Defender generates alerts when alarm conditions are detected. It also maintains a log of all events and policy violations.  These logs can be used for forensic investigation to determine the source of an attack.  Floodgate Defender can send logs and alerts to the Icon Labs’ Floodgate Security Manager system, McAfee ePO or to other Security Information and Event Management (SIEM) systems. 

Integration with Floodgate Security Manager and SIEM

The Floodgate Defender appliance is integrated with the Floodgate Security Manager, enabling centralized management of Floodgate Defender appliances. Using the Floodgate Security Manager provides:

  • Centralized management of security policies
  • Situational Awareness and device status monitoring
  • Event management. All security events detected by the Floodgate Defender are reported to the Security Manager which provides reporting and event notification

Event data can be integrated with other SIEM systems, including McAfee ePO.

NERC-CIP Electronic Security Perimeter

NERC-CIP mandates protection of assets using routable protocols.  Floodgate Defender can help in achieving NERC CIP compliance by creating an Electronic Security Perimeter around assets that are otherwise unprotected, such as an RTU that utilizes a routable protocol to prevent unauthorized access.  The Floodgate Defender meets the Electronic Security Perimeter requirements of NERC CIP by providing:

  • Access Control
  • Electronic logging and alerting
  • Ports and Services protection by blocking all unused ports and protocols
  • Small secure enclaves of one to several devices within the perimeter for additional required protection

 

© 2016 Icon Labs