Resource Center Products Try/Buy Support Partners Company
   

                                     


Network Firewalls
Critical Asset Protection

The CIP standard explicitly calls for an access control model that denies by default and only enables required ports and services. This is called a “positive or proactive security model.” This security model states that only those activities which are specifically defined are permitted; everything else is denied. Secure Firewall (Sidewinder) has adopted the positive security model from its inception and has been specifically architected to understand and control applications down to the port and service level.

However, Secure Firewall takes a positive security model one step further. Pioneering the “Trusted Security Model”, Secure Firewall adds TrustedSource global reputation intelligence as part of its defense-in-depth strategy. This provides granular information about threats throughout the world, and can protect against attacks, even from zero-day attempts.  TrustedSource is so effective that it consistently predicts malicious behavior weeks before an actual attack occurs and provides this information to Secure Firewall with no signature file updates or downtime.

SCADA-Specific Protocols Supported
SCADA-Specific Protocols Supported In addition to the over 100,000 IPS/IDS signatures already available, Secure Firewall now supports three SCADA-specific protocols designed to protect critical infrastructure networks. The protocols are Modbus, DNP3.0, and ICCP. By incorporating these three protocols Secure Firewall ensures that control systems are protected against rogue intruders, denial of service attacks, attempts to take over equipment, and unauthorized usage. Download this paper to learn more.

Event Monitoring and Forensics
Secure Firewall Reporter offers sophisticated management tools that can centrally control hundreds of individual Firewall devices. This allows for consistent policy deployment, fault-tolerant configurations, high-availability security, and granular monitoring across the entire security infrastructure.

Additionally, Secure Firewall has the detailed alerting, reports, and forensics to understand that an attack is being attempted, block it, alert the security administrator, and provide backup reports necessary to document the incident. The reporting option allows for central control of all Secure Firewalls in the extended network for one view and one management point.

Geo-Location Protection
Secure Firewall, is the first and only firewall with the ability to deny or allow traffic based on country code. The Secure Firewall Geo-Location feature allows organization to block or to apply additional in-depth application filtering on all traffic from countries that a company does not do business with, or that are known originators of malicious hacking (including US State Department identified terror sponsors). This feature dramatically saves bandwidth and lowers the risks of attacks.

Hardened Operating System
Secure Computing’s Secure Firewall SecureOS® operating system with patented Secure Firewall Type Enforcement® technology gives Secure Firewall a resilient foundation that is unique among firewalls: it has never required an emergency security patch, has never had a CERT advisory warning posted, and it is the first and only firewall to achieve an EAL4+ Common Criteria certificate as an “application layer” firewall.

Strongest Firewall Available
SecureOS and Type Enforcement protect the integrity of the Secure Firewall, and prevent it from being compromised so that it can do what it does best: protect your critical infrastructure networks from attack. The combination of an application-layer gateway, Unified Threat Management, the SecureOS operating system, and Type Enforcement provides a strong defense that beats any traditional firewall or gateway running on a commercial operating system.

By using Secure Firewall’s ultra-strength application layer security it is possible to achieve real security and comply with the following CIP Standards:

  • CIP-001-1 R.1 – Recognize and make operating personnel aware of sabotage events
  • CIP-001-1 R.2 – Communication sabotage events
  • CIP-002-1 R.3 – Identify critical cyber assets
  • CIP-003-1 R.4 – Identify, classify and protect information on critical cyber assets
  • CIP-004-1 R.2 – Train on critical cyber assets
  • CIP-005-1 R.2 - Control access to electronic security perimeter
  • CIP-005-1 R.2.1 - Access that denies by default
  • CIP-005-1 R.2.2 - Only enable ports required for operations
  • CIP-005-1 R.2.3 - Secure dial up access
  • CIP-005-1 R.2.4 - Ensure authenticity of accessing party
  • CIP-007-1 R.4 - Use anti-virus and anti-malware tools
  • CIP-007-1 R.5 - Enforce access based on need to know
  • CIP-007-1 R.6 - Monitor and log all system events
  • CIP-008-1 R.1.3 - Report all incidents to ESISAC
  • CIP-009-1 R.4 – Back and restore as part of a recovery plan

Contact a Secure Computing sales rep

Request a product evaluation

Sign up for a live product demonstration

Download a white paper

See webcast rebroadcasts of "What Hackers Know about Critical Infrastructure that You Don't"

Secure Firewall (Sidewinder)

  • 14  years of government and commercial high assurance deployments
  • Most stringent Common Criteria certification available including first and only US DoD MRPP application layer protection profile
  • First and only reputation-based firewalling
  • Never been hacked
  • Never been compromised
  • Never had a security patch issued
  • Built upon the principle of least privilege
  • Automatically relies on a Positive and Trusted Security Model
  • Uses Geo-Location technology to dramatically reduce risk and save bandwidth
  • Protects itself through patented Type Enforcement technologies to prevent any foreign software from being executed
  • Decrypts and inspects high risk, but necessary, protocols
  • Long support cycles so hardware doesn’t need to be upgraded or replaced
  • Automatically prevents privilege escalation vulnerabilities
  • High speed processing to prevent performance impacts
  • Application proxies that understand the special needs of critical infrastructure networks
  • Extensive forensics and reports to identify and stop security incidents in real time (through Secure Firewall Reporter)

Products and Technologies to Protect Critical Infrastructure

Secure Firewall (Sidewinder)
Protecting the most important networks and applications in the world

Secure SnapGear
Authentication of remote devices for complete network security

Secure SafeWord®
Authentication of remote users to protect critical assets

Secure Mail (IronMail)
Prevent data leakage of information on critical assets

Secure Web (Webwasher)
Prevent Web 2.0 malware from infecting the critical networks

TrustedSource
The world's leading Reputation security system

 
   Copyright © 2010 Secure Computing Corporation. All Rights Reserved. Home | Contact | Privacy Policy | Disclaimer