See It, Stop It, and Monitor It—From the Top Floor to the Shop Floor
Whether your security strategy is driven by complex compliance standards such as NERC CIP, NIST and NEI, your organization seeks to follow industry best practices such as the Center for Internet Security’s CIS Controls, or even if you’re just beginning exploring how to implement cybersecurity strategies for your OT environment, Tripwire offers a suite of trusted security solutions for your industrial control systems (ICS).
Tripwire provides deep visibility through a comprehensive suite of fully integrated products to detect cyber threats and breaches, prevent future incidents by discovering and prioritizing risks, and continuously monitor to help keep your security program on track.
A trusted leader for establishing a strong cybersecurity foundation, Tripwire offers 25 years of experience in leading global cybersecurity solutions. Call us today at 1.800.TRIPWIRE
The Three Principles of ICS Security
- Visibility: You need to know what’s on your network to secure it. Tripwire solutions deliver superior visibility and asset and vulnerability detection, reading 135 industrial protocols and mapping protocol communication patterns.
- Prevention: Tripwire solutions enforce security controls to harden your ICS against anomalous behavior and keep you compliant with standards such as NERC CIP and IEC 62443.
- Monitoring: Tripwire solutions are non-disruptive while reading configuration and log changes, and provide actionable alerts in real time so you always know what’s happening on your network.
Tripwire® Enterprise is an industry leading security configuration management (SCM) suite that provides a fully integrated solution for configuration policy, file integrity, and remediation management. With compliance policies that support the framework of more than 42 entities, the suite lets IT and OT cybersecurity, compliance and IT/OT operations teams rapidly achieve a foundational level of security throughout their IT and OT infrastructures by reducing the attack surface, increasing system integrity and delivering continuous compliance.
To help provide holistic visibility to which assets are running within your ICS, Tripwire Enterprise integrates with Rockwell Automation FactoryTalk AssetCentre, MDT Autosave, and KEPServerEX, as well as industrial protocol support with Modbus TCP and Ethernet/IP CIP. This is also inclusive of leveraging other agentless data collection mechanisms with SNMP and web user interfaces.
In addition, Tripwire Enterprise and Nozomi Networks Guardian are fully integrated. This provides industrial teams with the ability to load their OT assets into Tripwire Enterprise and subject them to the same security scrutiny as traditional IT assets. The integration expands the breadth of security achievable to users by increasing the number of policy requirements that can be met in the OT space. For example, the suite has an unequaled number of configuration policies for regulatory and industry guidelines such as IEC 62443, NIST 800-53, ISO 27001, and many others.
Download the Tripwire Enterprise Datasheet Download the Nozomi Networks Integration Datasheet
Tripwire Industrial Visibility
Tripwire Industrial Visibility gathers asset inventory and threat data to improve the safety and availability of your OT environment. It does so by analyzing network traffic and conducting protocol deconstruction to inventory assets, creating network topology, and more. It’s fluent in over 135 of the native industrial protocols commonly found in ICS—the highest number covered by any solution in the industry—making sense of the floods of data produced by your entire range of IIoT-connected industrial devices.
Tripwire Industrial Visibility analyzes network communication by listening through mirror or SPAN port of your industrial switches, interpreting and dissecting protocols via deep packet inspection (DPI) without disrupting normal operations. Legacy OT networks can be sensitive to latency and bandwidth change—which is why Tripwire Industrial Visibility uses agentless monitoring to help keep your network undisturbed. Additionally, and where appropriate, it also has selective active monitoring capabilities to further ascertain and assess device information.
Tripwire Industrial Visibility provides ICS operators with holistic visibility into the devices and activity on their network. It can detect controller configuration and mode changes, comes with event logging capabilities for trending/dashboards, and performs threat modeling to help you keep your most sensitive assets out of intruders’ reach. This solution protects the core integrity and cyber resilience of your OT environment, using sophisticated monitoring and detection to keep you operating at peak availability and uptime.
Download the Tripwire Industrial Visibility Datasheet
Tripwire State Analyzer
Tripwire State Analyzer is an essential tool in any OT environment. Across your network of devices, assets, and equipment, changes are being made against acceptable configurations every second. Tripwire State Analyzer automatically monitors those changes, reporting the “who” responsible for the change along with the “why.” Reports listing these changes are then made available for your review in an easy to use interface.
Tripwire State Analyzer also lends its power to address several NERC CIP requirements, and automatically generates compliance reports for them. For CIP-007 R1, the solution monitors the state of ports and services. For CIP-007 R2, the solution monitors the state of software versions and patches. For CIP-007 R5.2 and CIP-004, it verifies that only approved accounts exist on systems. Additionally, compliance reports are automatically generated, saving your team time during the auditing process.
Download the Tripwire State Analyzer Datasheet
While your assets in the lower levels of the Purdue model (cell/area zones) may not be suitable for active scanning techniques, devices like HMIs and engineering workstations in the manufacturing zone and DMZ will benefit from an in-depth vulnerability scan from a vulnerability management tool like Tripwire IP360™. Tripwire IP360’s unique scanning methodology produces the most granular and accurate vulnerability score prioritization in the market. The use of multiple scoring systems allows for audience specific reporting, and it offers an open API for custom integrations.
The quality of the data collected is at the heart of any vulnerability management tool. Tripwire IP360 finds more vulnerabilities with greater accuracy, period. And it will show you exactly how it detected every condition. Automated discovery, profiling and scanning save security teams time and resources. The actionable analytics and reporting available in Tripwire IP360 are backed by a dedicated world class Vulnerability and Exploit Research Team (Tripwire VERT).
Download the Tripwire IP360 Datasheet
Tripwire LogCenter® collects, analyzes and correlates log data from devices, servers and applications. Why does this matter in an ICS context? ICS create a staggering amount of data, and Tripwire LogCenter helps you cut through the noise and focus only on what matters by preprocessing data before filtering it into your security information and event management system (SIEM). This data can be extremely helpful when creating a proactive maintenance strategy—for example it can send an alert if a patch cord is about to fail. Tripwire LogCenter’s passive asset discovery capability allows you to discover previously unidentified assets through analysis of their log data. After discovery, the assets can then be added to your environments for further monitoring.
You can think of Tripwire LogCenter as a cyber historian for the industrial network, as it can capture and analyze log diagnostic and cybersecurity information that helps you stay operational. Log management is a best practice that is referenced by many ICS cybersecurity frameworks and regulations (including IEC62443, NERC CIP and NIST SP 800-82).
While Tripwire Industrial Visibility is a highly effective tool for making your OT environment safer and compliant with security requirements, the tool itself cannot produce its intended impacts if the proper personnel are not in place to operate it. Recruiting, training, and retaining cybersecurity personnel with extensive OT experience poses a serious challenge to nearly every organization. There are simply not enough OT cybersecurity professionals available, resulting in a large number of vulnerabilities going unaddressed by understaffed and inexperienced OT security teams.
No longer does your team have to suffer the disparity between OT security needs and OT security talent. Tripwire ExpertOpsSM Industrial is a managed service version of Tripwire Industrial Visibility in which a subscription provides individualized consulting from OT cybersecurity experts as well as hands on tool management. This managed service allows you to bridge the personnel shortage and provides an alternative to the arduous process of adopting a new security tool and training staff to use it.
Download the Tripwire ExpertOps Industrial services Brief
ICS Professional Services from Tripwire
Many industrial organizations lack the robust security team necessary to implement and maintain rigid ICS security controls. Tripwire offers a range of professional services customized for industrial environments.
Industrial Security Assessments
Conducting a network vulnerability assessment on your industrial organization has changed from a beneficial activity into a necessary one. Tripwire’s skilled team of engineers identifies weaknesses and prioritizes them. We collect data from automated vulnerability scanners, proprietary tools and manual assessment efforts to create a normalized list of identified exposures.
Download the Industrial Cybersecurity Attacks & Assessments services brief
Penetration tests—pen tests—are a type of ethical hacking used to regularly evaluate the security of a network. Our team of highly skilled cybersecurity experts utilizes a combination of tactical and strategic approaches to discover and exploit vulnerabilities in your IT systems through penetration testing and assessing your security program.
Download the Penetration Testing Assessments Service Brief
Tripwire resident engineers serve as an expert level, dedicated onsite resource to manage your Tripwire solution. Our resident engineers are focused on ensuring that you get the most value out of your Tripwire investment as it relates to your business, security and compliance objectives.
Download the Tripwire Professional Services Overview
ProSoft Connect ISC
ProSoft Connect offers customers a simple and secure way to troubleshoot and monitor their equipment remotely. With the use of EasyBridge technology, ProSoft Connect offers a direct line of communication between automation programming tools and automation devices. Customers can monitor their equipment from anywhere in the world—and even on their smartphones—with no need for IP routing or any other communication settings.
The platform utilizes two types of remote connections:
- Secure Remote Access (SRA) – Allows an automation technician or service provider to connect to a specific machine to troubleshoot or perform maintenance
- Persistent Data Network (PDN) – Establishes a permanent connection between dispersed locations for a SCADA-type network
The platform also enables file transfers from OT environments to IT environments without creating a connection between the networks. These capabilities combine to offer customers reduced downtime, an improved incident response rate, more accurate maintenance predictions, and increased access to outside expertise. In short, ProSoft Connect generates major improvements in productivity and profitability. Additionally, the platform offers these benefits in a secure fashion, using a multilayer approach to security that relies on Single Sign-On, Virtual Lockout Tagout, an IP Allow/Deny list, and encrypted tunnels.
Hirschmann EAGLE40 Next-Generation Industrial Firewalls
EAGLE40 next-generation firewalls deliver a comprehensive cybersecurity solution that ensures maximum protection for production among today’s stringent industrial and process automation systems. Evolving alongside data transfer demands, they include multiple port options with increased bandwidth and encryption capabilities, making the EAGLE40 an ideal firewall solution within machine building and general manufacturing settings, as well as for use across security networks. And by supporting both OSPF dynamic routing and VRRP router redundancy, the EAGLE40 is an economically sound approach to maximize uptime, regardless of network throughput. With its ruggedized hardware, convection cooled metal housing and an extensive operating temperature range, it supports the movement towards IT/OT convergence and enables a defense in depth network architecture. The EAGLE40 is a customizable, around the clock solution that meets an infrastructure’s unique cybersecurity demands.
EAGLE40 with embedded Tripwire Industrial Visibility
Tripwire Industrial Visibility extends the same controls IT security teams utilize for minimizing risk in IT environments to OT environments. It solves operational challenges through continuous threat monitoring and advanced logging intelligence, and provides asset visibility and threat management for industrial networks. EAGLE40 firewalls with embedded Tripwire Industrial Visibility software offer a comprehensive industrial cybersecurity solution. With no need to set up a SPAN or mirror port on your switch, the solution simplifies networks by reducing the number of devices (along with their expense) without compromising network security.
Tofino Xenon Industrial Security Appliance
In a class by itself, Tofino Xenon is versatile, rugged and is an ideal solution for protecting the operation of industrial control systems. It is much more than an industrial firewall. Not only can it perform deep packet inspection (DPI) on industrial protocols to ensure, for example, that Modbus traffic is writing and reading to the right set of registers, it can also do protocol anomaly detection without the need for signature updates to stop zero day attacks. From initial installation to ongoing operation, the one purpose is to keep the industrial process running. Network architecture changes are not required, as the Tofino Xenon operates at the data link layer (Layer 2 of the OSI network model) and is therefore transparent on the network as it does not have an IP address. Control engineers can define rules that specify which devices are allowed to communicate and which protocols they may use.
Tripwire offers the only product that can detect a Tofino Xenon—together they provide unparalleled monitoring and detection of anomalous behavior for any industrial automation environment such as manufacturing plants, oil & gas, water/water waste, etc
Request a Demo
Ready to learn more? Let us take you through a demo of these industrial security solutions. We’ll show you powerful features and answer any of your questions.