With SecurityBridge we offer a product for the industrial security sector. SecurityBridge protects the configurable safe small controllers PNOZmulti 2 and the automation system PSS 4000 from manipulation due to unauthorised access. That way you don't even give espionage and manipulation a chance, but guarantee the safety of your staff and the availability of your machine!
On the safe side with SecurityBridge!
Protection extended to industrial automation networks
With its new firmware, the SecurityBridge firewall now offers comprehensive protection for industrial automation networks. Not only does it protect the configurable safe small controllers PNOZmulti and the automation system PSS 4000, it also now enables control over data communication between any other subscribers outside of the Pilz range. The SecurityBridge was developed in line with the secure development process in accordance with the standard IEC 62443-4-1 and also respects the principle of "Zones and Conduits".
“Packet recording” has been added to the extensive diagnostic functions. This can be used to record data communication between subscribers from the secured controller network and the unsecured network. Recording can be restricted to specific communication relationships to enable you to analyse data more efficiently. That saves you valuable time during diagnostics!
Protect virtual access to your machine as well!
Physical access to machinery is clearly defined in the Machinery Safety Directive. For example, a safeguard on a gate ensures that a person cannot move within the danger zone until the machine is in a safe state. The SecurityBridge firewall makes sure that on-site operation is not disturbed by access via the network and that only authorised persons have access to the plant via the network. As a firewall it monitors communication with the controller and controls the data flow. You can also use SecurityBridge to store user rights; these define which staff members may access which data.
For example, if a safety gate is open, SecurityBridge prevents access to the plant via the network. So SecurityBridge combines the benefits of a firewall with extensive knowledge of the product to be protected. As a result, your plant’s IT system is thoroughly protected.
SecurityBridge wins GIT Security Award 2019
The application firewall SecurityBridge was awarded 3rd place in the GIT SECURITY Award. The award was presented on 27 November 2018 at SPS IPC Drives in Nuremberg.
The GIT SECURITY AWARD is awarded nationally and internationally. Three innovative products with the most votes were selected from a total of six categories. SecurityBridge was competing in "Category A – IT-Security and Safety for Automation, Cyber Security”. It convinced our customers, partners, market players and readers of the magazines GIT SICHERHEIT, GIT SECURITY and messtec drives Automation and won through against 14 more finalists.
This is how to use SecurityBridge
SecurityBridge can be connected upstream of the PNOZmulti base unit or PLC controller PSSuniversal PLC. It acts as a VPN server, through which it is possible to establish a virtual private network (VPN) to one or more client PCs (configuration PC). The connection between PC and device is therefore protected. Only users with the relevant permission can make changes to a project’s configuration. This prevents unauthorised access to the secured network. In this way, data transmission between the Client PC and SecurityBridge is safe from eavesdropping and manipulation.
SecurityBridge also controls the process data traffic and monitors the integrity of the safety system. Changes in the check sum indicate that there are changes in the PNOZmulti and PSS 4000 projects.
Benefits at a glance:
- Protects against data manipulation through authentication and permission management
- Increases the availability of the plant because only the necessary data (authorised configuration and process data) is transferred
- Forwards process data with a low latency
- Detects unauthorised changes to the project by monitoring the check sum (CRC)
- Prevents unauthorised access because downstream devices are in a secured network
- Configuration changes to a project can only be performed by users who have the relevant permission
- Web-based user interface for easy configuration, diagnostics and maintenance
- Connection to the central authentication system via RADIUS
- Continuous updates, independently of the control system
- Integral digital inputs and outputs to activate the VPN tunnel, for example
- VPN server for building a VPN tunnel for safe transfer of data
- USB interface for saving and restoring the configuration on a USB memory.
- LED display for error messages and diagnostics