Overview
Intent-based network segmentation is the foundation of convenient and reliable ICS network security, eliminating cyber-attack surfaces and reducing the impact of any security incident. Proper network segmentation comes with two countermeasures: internal segmentation and micro-segmentation. Micro-segmentation is the most effective approach, but faces many challenges to deployment and management when applied to a large-scale network environment.
EdgeIPS Pro is a purpose-built appliance, set up for friendly, rackmounted deployment and equipped with in-depth OT protocol filtering to enable administrators to easily manage micro-segmentation for a complex environment. Created using the solid ICS security building block EdgeIPS, it’s built from the ground up to isolate and protect multisegment networks. This security solution is designed specifically to fit transparently into the IT-OT convergency network environment.
EdgeIPS Pro creates visibility and rock-solid cyber defense for legacy systems and unpatched devices, in addition to the Gen3 hardware bypass that makes up the backbone of your production line, ensuring uninterrupted operation.
High-port-density IPS array for OT core network defense
EdgeIPS Pro has a 1U rack mount model 1048 with 48 ports, a 2U rack mount model 2096 with 96 ports for large-scale production, and a DIN rail and server rack mount model 216 with 8 ports for SMB or mid-scale production. Monitoring and prevention modes provide the best transparent in-line protection and seamless security visibility.
IT-friendly deployment and management
EdgeIPS Pro is a cybersecurity appliance designed for large-scale production lines. Built with feedback from industry leaders, it natively supports operational technology (OT) multi-segmentation. Factories and worksites adopting EdgeIPS Pro enjoy the benefits of centralized management, operational continuity, shop floor protection, and flexible deployment.
Mitigates risk and protects your network
Take advantage of an advanced internal segmentation IPS for implementing network segmentation in a large-scale OT network environment – no changes to the existing network architecture required. EdgeIPS Pro prevents outbreaks, neutralizes intra-zone infection, and reduces cybersecurity risk.
High performance
Assets on production lines need to communicate with no delays. The high-performance design of the EdgeIPS Pro restricts lateral movement and prevents cyberattacks while minimizing latency. EdgeIPS Pro 1048 performs at 10 Gbps with threat prevention enabled.
Ensure operational continuity
EdgeIPS Pro comes equipped for operational continuity with Gen 3 hardware bypass and redundant power, ensuring fail-safe performance.
Protect vulnerable systems
Signature-based virtual patching is a core technology of the Edge series. It secures vulnerable assets that are past end-of-service (EoS) or otherwise unpatchable, putting them in a “shield bubble” that protects their vulnerabilities from exploitation.
Features
Multi-Segmenting with Integrated Security
EdgeIPS Pro is designed for use in levels 1-3, both in front of mission-critical assets and at the network edge. Transparent, as well as prepared to sense your network traffic and production assets, EdgeIPS Pro fits right into your network without disrupting operations.
OT-Aware Operational Intelligence
Our core technology for EdgeIPS Pro, TXOne One-Pass DPI for Industry (TXODI™), gives you the ability to create and edit Allowlists, allowing for interoperability between key nodes and deep analysis of L2-L7 network traffic.
High Port Density and Flexible Deployment
EdgeIPS Pro flexibly switches between ‘Monitor’ and ‘Prevention’ modes, and supports up to 24 or 48 segments to preserve your productivity while maximizing security.
Improve Shadow OT Visibility By Integrating Your IT and OT Networks
EdgeIPS Pro comes equipped to make your IT and OT networks as integrated and coordinated with each other as possible, and to grant visibility of your shadow OT environment.
Signature-Based Virtual Patching and Antivirus
Virtual patching shelters endpoint and network vulnerabilities while signature-based antivirus provides an extra layer of protection under EdgeIPS Pro. Research-supported, up-todate signatures protect against the latest threats and the frequency of flexible updates is fully under administrator control.
Top Threat Intelligence and Analytics
EdgeIPS Pro provides advanced protection against unknown threats with its up-to-date threat information. With the cuttingedge research of the Zero Day Initiative (ZDI) vulnerability reward program, EdgeIPS Pro offers your systems exclusive protection from undisclosed and zero-day threats.
Supports a Wide Range of Industrial Protocols
EdgeIPS Pro supports OT protocols including Modbus, Ethernet/IP, CIP, EDA, and more, allowing OT and IT security system administrators to collaborate. This allows for seamless operation with existing network architecture.
Easily Centralized Management with Convenient, Consolidated Overview
Pattern updates and firmware management can all be centralized on a large scale. For facilities with EdgeIPS Pro, the OT Defense Console (ODC) supports administration and management to reduce cost and add large-scale efficiency.
Specifications
|
EdgeIPS Pro 1048 |
EdgeIPS Pro 2096 |
Threat Prevention Throughput* |
10Gbps (IMIX) / 20Gbps ( UDP 1518 bytes) |
20Gbps (IMIX) / 40Gbps ( UDP 1518 bytes) |
Latency* |
<500 micro seconds |
<500 micro seconds |
Concurrent Connection (TCP) |
2 Million |
4 Million |
Intrusion Prevention / Antivirus |
Yes / Yes |
Yes / Yes |
Supported ICS Protocol |
Modbus / EtherNet IP/ CIP/FINS/ S7Comm/S7Comm+/SECS/GEM,with more being added regularly |
Policy Enforcement Rules |
50,000 Rules |
100,000 Rules |
ICS Protocol Filter Profiles |
256 Profiles |
256 Profiles |
Form Factor |
1U rack mount |
2U rack mount |
Weight (Stand-Alone Device) |
15.8kg (34.854 lb) |
23.67kg (52.182 lb) |
Dimensions (W x D x H) |
438mm x 750mm X 44mm
(17.24 X 29.53 X 1.73 in) |
438mm x 750mm X 88mm
(17.24 X 29.53 X 3.46 in) |
Network Interface Type |
10/100/1000 BASE-TX (RJ-45) x 48 ports |
10/100/1000 BASE-TX (RJ-45) x 96 ports |
Hardware Failover |
24 Segments Gen3 Hardware bypass |
48 Segments Gen3 Hardware Bypass |
USB Interface / Serial Console |
1x USB Interface (Type-A) / 1x USB Interface (Type-C) for serial console |
MGMT Interface / Mirror Interface |
1 x 10GE/1GE RJ-45(MGMT) / 1 x 10GE/1GE RJ-45(Mirror) |
HA Port |
1 x 10/100/1GE RJ-45 for HA Port |
1 x 10/100/1GE RJ-45 for HA Port |
Input Voltage |
90~264 VAC FULL RANGE |
90~264 VAC FULL RANGE |
Power Supplies |
Redundant hot swap 800W power supplies (1+1 AC) |
Operating Temperature |
0 - 40°C (-40 - 167°F) |
0 - 40°C (-40 - 167°F) |
Ambient Relative Humidity |
5 to 95% (non-condensing) |
5 to 95% (non-condensing) |
Storage Temperature |
-40 to 85 ˚C (-40 to 185 °F ) |
-40 to 85 ˚C (-40 to 185 °F ) |
Vibration |
2 Gems @ UEC 60068-2-64, random wave, 5-500HZ, 1hr per axis (without any USB devices attached) |
2 Gems @ UEC 60068-2-64, random wave, 5-500HZ, 1hr per axis (without any USB devices attached) |
Mean Time Between Failure (MTBF) |
50,000 hours based on 25˚C |
50,000 hours based on 25˚C |
Safety Certification |
CE ,UL, EN60950-1, IEC60950-1,UL60950-1 |
CE ,UL, EN60950-1, IEC60950-1,UL60950-1 |
Electromagnetic Compatibility |
VCCI, FCC |
VCCI, FCC |
Rack Rail Support |
Rack Mounting Ears, Sliding Rails |
Rack Mounting Ears, Sliding Rails |
Green Product |
Rohs, CRoHS, WEEE |
Rohs, CRoHS, WEEE |
Central Management System |
Supported OT Defense Console, ODC |
Supported OT Defense Console, ODC |
* Note: Performance is measured in a Laboratory, performance values may vary according to test condition and system configuration