Fortinet Security Solutions for Industrial Control Systems

The convergence of operational technology (OT) and information technology (IT) impacts the security of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems. As the air gap is removed, these systems are exposed to an expanding threat landscape and are targets for hackers involved in terrorism, cyber warfare, and espionage. Extending well beyond the traditional factory plant floor, attacks on critical infrastructures such as power plants, factories, water treatment systems, oil rigs, and traffic control systems can result in threats to national security, financial loss, risk to brand reputation, and even loss of life. 

For more than a decade, Fortinet has protected OT environments in critical infrastructure sectors such as energy, defense, manufacturing, food, and transportation. By designing security into complex infrastructure via the Fortinet Security Fabric, organizations have an efficient, non-disruptive way to ensure that the OT environment is protected and compliant. 

 

Fortinet's ICS/SCADA solution

Fortinet’s solution integrates OT security solutions with best-of-breed threat protection for corporate IT environments that extend from the data center, to the cloud, to the network perimeter. It also provides visibility, control, and automated at speed analytics detection within the OT environment while provisioning built-in support for industry standards. Additionally, it minimizes complexity and reduces the operating expense (OpEx) of OT security management, when compared to point security solutions in siloed IT and OT environments. 

The Industrial Zone is the area where the production takes place. This zone includes the digital control elements like PLCs and RPUs that convert IP communication to serial commands. It also includes additional networks such as the camera surveillance network and networks to support IoT devices. Fortinet products in this zone include: FortiSwitch, FortiAP, FortiPresence, and FortiCamera. Select Wireless Network to learn more about FortiAPs in the Industrial Zone.

Wireless Network: As OT environments provide connectivity to a range of devices with wireless networks, protection for this edge is essential. FortiAPs, managed and secured by FortiGate appliances, deliver complete protection of wireless networks, and are rugged to survive the harsh environments in the Industrial Zone. FortiPresence provides insight into the physical movement of people within OT sites both in real time and across time periods by leveraging the existing onsite Fortinet access points to detect each person’s smartphone WiFi signal. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment. Get complete visual coverage inside and out with FortiCamera. With options for indoor and outdoor, vandal-proof, weatherproof, low-light night vision, fixed and motorized zoom lenses, and two-way audio, FortiCamera fits every OT environment.
scada-industry-zone Wireless Network FortiCamera FortiCamera FortiPresence FortiPresence

Site Operations enables the centralized control and monitoring of all the systems that run the processes in a facility. This is where OT systems share data with IT systems. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. Select Wireless Network to learn more about FortiAPs in the Industrial Zone.

Wireless Network: As OT environments provide connectivity to a range of devices with wireless networks, protection for this edge is essential. FortiAPs, managed and secured by FortiGate appliances, deliver complete protection of wireless networks, and are rugged to survive the harsh environments in the Industrial Zone.
scada-ot-zone Wireless Network

Between the enterprise and site operations zones exists the Industrial Demilitarized Zone (IDMZ). The IDMZ allows the organization to securely connect networks with different security requirements. Security protection includes authentication and business segmentation to provide the visibility, control and situational awareness to manage against known and unknown threats. Verify who and what is on the network, and provide role-based access control for users, devices, applications, and protocols. Address unknown threats with sandboxing and deception detection. Implement logical business segmentation using gates and switches. Address known threats to the network. Become situationally aware of what happens in OT and IT environments. Select the Fortinet products to learn more.

FortiNAC provides the visibility to see everything connected to the network, as well as the ability to control those devices and users, including dynamic, automated responses. FortiAuthenticator strengthens security by ensuring only the right person at the right time can access sensitive networks and data. FortiSandbox offers a powerful combination of advanced detection, automated mitigation, actionable insight, and flexible deployment to stop targeted attacks and subsequent data loss. FortiDeceptor provides accurate detection that correlates an attacker’s activity details and lateral movement that feeds up to a broader threat campaign. Threat intelligence gathered from the attacker can be applied automatically to inline security controls to stop attacks before any real damage is done. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet switches ideal for SD-Branch and applications ranging from desktop to data center. Easily manage Fortinet solutions with FortiManager. It supports network operations providing centralized management, best practices compliance, and workflow automation providing better protection against breaches. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiAnalyzer provides analytics-powered reporting for better detection against breaches and known threats. FortiSIEM provides visibility, correlation, automated response, and remediation in a single, scalable solution to improve responses and stop breaches before they occur.
diagram-scada-dmz-zone FortiNAC FortiAuthenticator FortiSandbox FortiDeceptor FortiGate1 FortiSwitch FortiManager FortiGate2 FortiAnalyzer FortiSIEM

The enterprise zone typically sits at the corporate level and spans multiple facilities, locations, or plants where the business systems  work to perform tasks such as scheduling, logistics, and supply chain management. Data is gathered from the individual locations and accumulated to support business decision making. Select the Fortinet products to learn more.

FortiMail secure email gateway delivers consistently top-rated protection from common and advanced threats while integrating robust data protection capabilities to avoid data loss. FortiWeb protects business-critical web applications from attacks that target known and unknown vulnerabilities. FortiADC optimizes the availability, user experience, and application security of enterprise applications. It provides application availability using Layer 4/Layer 7 load balancing, data center resiliency, application optimization, and a web application firewall to protect web applications. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiGate next-generation firewall appliances are frequently deployed here for top-rated protection and segmentation, providing visibility and control. FortiSwitch offers a broad portfolio of secure, simple, and scalable Ethernet switches ideal for SD-Branch and applications ranging from desktop to data center.
diagram-scada-enterprise-zone FortiMail FortiWeb FortiADC FortiGate1 FortiGate2 FortiSwitch

The Internet/WAN Zone delivers access to cloud-based services for compute and analytics to support ERP and MRP systems for an operational environment. It is also where remote employees and third-parties access the network.  For strong authentication, two-factor authentication and VPN tunnels are used to verify identity and keep data private. Select the Fortinet products to learn more.  

FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense, and VPN tunnels help verify identity and secure data. Discover, monitor, and assess endpoint risks to ensure compliance and mitigate risks. FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense, and VPN tunnels help verify identity and secure data. Discover, monitor, and assess endpoint risks to ensure compliance and mitigate risks. FortiToken enables businesses of all sizes to manage two-factor authentication implementations from anywhere there is an internet connection. FortiToken enables businesses of all sizes to manage two-factor authentication implementations from anywhere there is an internet connection. Fortinet on Amazon Web Services (AWS) delivers the same powerful security controls as for Fortinet industry-leading hardware devices. Fortinet provides Microsoft Azure and Office 365 users with broad protection, native integration, and automated management for consistent enforcement and visibility across multi-cloud infrastructures. Fortinet for Google Cloud Platform (GCP) provides the ability to confidently and safely deploy applications in multiple clouds and data centers.
diagram-scada-internet FortiClient FortClient2 FortiToken1 FortiToken2 AWS Azure Google Cloud

Visibility

Gain awareness of any device, anywhere on the network, determine the degree of trust and continuously monitor behavior to maintain a level of trust. Define the attack surface and ensure active device and traffic profiling. Traffic visibility ensures actionable intelligence, and teams can be selective on allowed traffic, ports, protocols, applications and services. Enforcement points within the environment ensure north-south and east-west protection.

Watch Now

Control

Depend on each system and subsystem doing its job—and only it’s job. Multifactor authentication ensures the right people have the assigned permissions and access and is backed by enforcement zones. Network segmentation and micro segmentation provide a layered and leveled approach with zones of control. Quarantine and sandboxing prevent threats before they can act.

Watch Now

Behavioral Analytics

Continuous analysis of behaviors help teams learn what, where, when, who, how by gathering intelligence about known and unknown threats. A central security tool helps with logging, reporting and analytics, and evaluates activity collected across the system. It also provides security information and event management, and security orchestration automation and response capabilities. Insights are gained via user and device behavior analysis and threat assessments ensure continuous protection.

Watch Now

Related Resources

Operational Cybersecurity for Digitized Manufacturing: Emerging Approachs for the Converged  Physical-Virtual Environment

Operational Cybersecurity for Digitized Manufacturing: Emerging Approachs for the Converged Physical-Virtual Environment

Read Now
 Operational Technology and the Digital Transformation

Operational Technology and the Digital Transformation

Watch On-Demand
The Unique Challenges of Securing Industrial Control Systems

The Unique Challenges of Securing Industrial Control Systems

Read Now