Tofino Xenon Industrial Security Appliance

Offering Comprehensive Network Protection for Industrial Control Systems

Industrial control systems (ICS) are more vulnerable than ever to cyberattacks. The best way to protect your data is to segment your industrial environment into distinct security zones. The Tofino Xenon security appliance does just that. Customizable and rugged, it is the ideal solution for protecting your ICS for maximum uptime, safety, and productivity.

Not only can it perform deep packet inspection (DPI) on industrial protocols to ensure, for example, that Modbus traffic is writing and reading to the right set of registers. It can even stop zero day attacks through protocol anomaly detection—and without the need for signature updates.

These are just a few ways this versatile appliance enhances the security of your ICS. It fits perfectly into mechanical and plant engineering and industrial automation environments. In the transportation sector, it can be used in road and rail transport as well as shipping, thanks to its Germanisher Lloyd certification. It’s also approved for substations (IEC 61850-3) and explosive environments (ATEX and ISA 12.12.01 HazLoc) for use in power and electric utilities, including oil and gas, nuclear, hydropower and wind.

From initial installation to ongoing operation, the Tofino Xenon keeps the industrial process running. Its unique “test mode” reduces installation risks so production is uninterrupted. The appliance is tested for use with all major control system products. Network architecture changes are not required, as this appliance operates at the data link layer (layer 2 of the OSI network model).


Key Features

  • Undiscoverable: The Tofino Xenon is the only industrial security appliance on the market that is 100 percent undiscoverable and undetectable once deployed because it does not have an IP address.
  • Rich customization: The Tofino Xenon works in so many industries and environments because it’s highly customizable. Control engineers set their own rules specifying which devices are allowed to communicate and with which protocols. This application layer filtering for SCADA and ICS protocols uses flexible loadable security modules (LSMs).
  • ICS compliant: Tofino helps you meet and exceed NERC CIP requirements and ISA/IEC-62443 Standards. The Tofino Xenon includes the Tofino configuration change detection solution with Tripwire® Enterprise, which satisfies regulatory requirements for change control processes. Tripwire solutions are the only products that can monitor a Tofino Xenon.


Tofino Xenon  Industrial Security Appliance

Component Overview

  • Rugged industrial form factor
  • Operating temp 0°C to 60°C
  • Optional -40°C to +70°C
  • Optional ATEX/Class I Div 2
  • Dual power supply inputs, 12–60VDC
  • Digital Status Input
  • Relay Status Output
  • Copper and/or Fiber Network Interfaces
  • Secure USB for configuration and diagnostics