Moxa acknowledged that Operational Technology (OT) networks have become targets for cybercriminals due to the legacy hardware lacking updated security or is unpatched. Moxa’s solution to this threat is its new EDF-G1002-BP Series of 2-port Gigabit LAN firewalls. These firewalls “protect mission-critical in infrastructures such as Intelligent Transportation Systems (ITS), water treatment centers, distributed control systems, and PLC/SCADA in factory automation, helping operators improve network security and uptime”.
The “core mission” of Moxa’s new firewalls is to streamline the protection of legacy OT devices. They support Bump-in-the-Wire installation which makes it easy to connect without causing disruptions or the need to reconfigure IP subnets. While the firewalls operate in transparent mode they safeguard critical assets and allow for secure east-west communication within the local area network (LAN).
“The EDF-G1002-BP Series dynamically prevents malicious activity on OT networks by applying advanced Intrusion Prevention (IPS) and Intrusion Detection Systems (IDS). IPS/IDS analyzes network traffic in the background and enables behavior monitoring and awareness of cyber activities.”
Technicians can select the ISP to operate in two different modes “Monitor” mode for complete visibility of cyberthreat activities or “Protect” mode if there is a threat to block and contain “malicious operations”.
On top of this, the firewalls support Deep Packet Inspection (DPI), giving awareness of industrial protocol data and providing granular command of control system traffic to critical controllers. The firewalls are connected to the Moxa MXsecurity centralized security management system, allowing administrators to manage and monitor the intrusion prevention systems from one area.
The EDF-G1002-BP Series needs only 30 seconds to boot up and secure boot is supported for verifying system integrity. They also are made for harsh environments and able to withstand temperatures from -40° to 75° C (-40° to 167° F). The metal housing for the device can be either DIN-rail or wall mounted and is resistant to shock, freefall, and vibration. The device’s design makes it suitable for industrial use as well as makes it meet the EN 50121-4 standard for railway signaling and telecommunications equipment.