An organization has multiple locations and requires dedicated ethernet to each of these locations. This traditionally has been solved in two ways:
- A dedicated MPLS circuit from a major carrier. These are the most secure and have dedicated bandwidth to each site. Typically, this requires costly last-mile construction and the traffic, infrastructure and premise devices are updated, managed and monitored by the end user. Typically, encryption is required, it will have to be implemented by a third party or managed by the End User. This is a VERY costly solution as dedicated fiber must be ran the last-mile to the site with construction costs ($10K+), and usually amortized across a minimum of three years. This makes implementation time consuming and can make moving offices very costly.
- A dedicated internet circuit (Cellular or Hard Line) hooked to a VPN Endpoint (Cisco, PaloAlto, etc.) again, this device is managed by the End User for both monitoring and patching. More critical is that the encrypted data traverses the public internet and is susceptible to any zero-day vulnerabilities and will always have a public attack surface.
SecurePCN utilizes a private cellular network powered by AT&T enterprise to deliver the benefits and security of a dedicated MPLS, the price point of a VPN, and the flexibility of cellular with a fully monitored and managed firewall providing 256-bit End-to-End encryption over the private network. The End User’s data will never traverse the public internet and is handed off to their datacenter in three ways:
- Cellular Handoff - We will install a dedicated appliance in their datacenter to hand off the data via cellular and provide out-of-band end point monitoring.
- Dedicated MPLS -Instead of paying for a dedicated circuit to every site, you only pay for one circuit between the End User’s datacenter and SecurePCN SOC. Once again, the data is encrypted End-to-End and the bandwidth is dedicated and equipped with out-of-band end point monitoring.
- IPSEC VPN Tunnel - SecurePCN will utilize the End User’s current internet connection to handoff the data between datacenters. This has all the drawbacks of the classic option two, except SecurePCN will manage and monitor both endpoints and patch. This will still greatly reduce the attack surface; however, the other two options are preferred whenever possible.
SecurePCN Managed Firewall is a managed service product on our custom platform running a fully open source firewall based on the FreeBSD operating system and fully supported commercially by Netgate (www.netgate.com). Open Source also allows vulnerabilities to be detected by anyone worldwide and submit them to Netgate for remediation. SecurePCN monitors all deployed devices 24x7x365 in our dedicated Security Operations Center. All logs of firewall rules and the overall health of the appliance are streamed real-time into our monitoring platform. As part of kick-off, we build rules to allow only the devices and their perspective ports to the edge appliance to filter out any unnecessary traffic. This benefits the customer the following ways:
- Unnecessary "chatter" is filtered out to prevent potentially costly cellular data overages.
- Prevents any device from operating outside the normal configuration.
- Eliminates the possibility of "shadow IT" devices being added to the network without authorization.
Converged IT / OT Today
- Bandwidth - We manage bandwidth uniquely which allows us to eliminate monthly overages tied to cellular usage.
- Out-of-band Monitoring (OoB) - Monitor edge devices and connected panels to provide optimized performance of the infrastructure and all communication channels.
- Out of Band Alerts (OoB) - Alert directly to your service ticket program and make sure your edge devices and all connected panels are optimally and securely communicating.
- Reports - On-demand data from both the edge device and connected panels to efficiently manage your business, monitor threats and understand trends.
- Restaurant / Retail Point of Sale (POS) - Protect your customer's data, your reputation and your brand. Credit card transactions never touch the internet. POS devices are not routable, eliminating most attack vectors. Lower costs compared to other secure methods.
- Corporate Parking Garages / Fencelines - Connect edge devices (card readers, sensors, alarm panels, intercom) to your security head-end while simultaneously reducing security risks and not burdening your IT dept.
- Perimeter Surveillance - Provide ruggedized exterior communications equipment to ensure that your security sensors alert consistently and without the need for expensive physical infrastructure.
- Forensic Video - Send critical video from remote cameras or NVRs back to your security operations center for review and incident management.
- SCADA and Operational Controls - Monitor SCADA and other TCP / IP bridges at the edge. Provide traffic monitoring and firewall functionality at the bridge location and provide an extra level of TCP / IP security in manufacturing environments.