INDUSTRIAL NETWORK SECURITY

摘要

A private overlay network is introduced into an existing core network infrastructure to control information flow between private secure environments. Such a scheme can be used to connect a factory automation network linking operations devices to a corporate network linking various business units, with enhanced network security. Such a connection can be facilitated by introducing into the existing infrastructure a set of industrial security appliances (ISAs) that work together to create an encrypted tunnel between the two networks. The set of ISAs can be scalable to overlay differently sized core networks, to create the private overlay network. Connections to the private overlay network can be managed by the ISAs in a distributed fashion, implementing a peer-to-peer dynamic mesh policy. The industrial security system disclosed may be particularly advantageous in environments such as public utility systems, medical facilities, and energy delivery systems.

主权项

1. A network security system that provides secure communication paths for one or more operations devices linked to a business network, the system comprising:
a management platform selectively communicatively coupled to the business network; one or more processor-based security appliances selectively coupled between the operations devices and the business network; a virtual private overlay network, selectively communicatively coupling the operations devices to one another and to the security appliances; and a non-transitory processor-readable storage medium containing instructions that cause the security appliance to configure itself so as to monitor and control data traffic and connectivity relationships between the operations device and the business network.