Pulse Secure expands Firewall Auto-provisioning and Behavioral Analytics for IIoT Security
Pulse Secure, the provider of Secure Access solutions to both enterprises and service providers, announced the release of Pulse Policy Secure (PPS) 9.0R3 to extend its Zero Trust Security model to IIoT devices and smart factories. The new version enables factories to streamline machinery repairs and diminish costly production downtime through IT-managed secure access. It also secures networks by expanding its behavioural analytics to IoT devices, detecting anomalies and preventing their compromise.
PPS 9.0R3 is an integral part of Pulse Secure’s combined VPN and NAC solution that provides corporate networks with Zero Trust Security through visibility, “comply to connect” policy enforcement and security orchestration with popular network and security infrastructure.
IoT and Industrial Internet of Things IIoT security
PPS 9.0 profiles the network to discover, classify and apply policy to IIoT devices, and includes a built-in IoT device identification library. The solution also integrates with Next-Generation Firewall (NGFW) solutions to provide identity and device security state data, as well as to fortify micro-segmentation to isolate and manage IoT devices on enterprises networks.
Pulse Secure now provides Secure Access to IIoT devices to resolve device problems as well as other issues that plague the manufacturing IT environment. Secure Access for IIoT is a three-part solution:
- IIoT device visibility. Pulse auto-discovers PLC devices in the network and automatically classifies those devices based on the manufacturer, e.g., GE, Schneider Electric, etc.
- Auto-provisioning. Any time a new device comes on the network, it is dynamically configured and provisioned according to established policies.
- Secure access. Through Pulse Policy Secure, contractors can connect remotely or locally either through Layer 2 or Layer 3 authentication. They are automatically assigned the appropriate role and access rights based on policy provisions, allowing them to address issues in real-time.
“Manufacturing customers are using IoT to retool their factory floors, creating smart production lines that report their health and operational efficiency. One benefit of this approach is that customers can proactively perform preventative or predictive maintenance on machines to avoid costly production outages,” - Prakash Mana, Pulse Secure’s vice president of product management.
Remote access for service technicians
The Pulse Secure release helps customers to secure the smart factory floor and to streamline maintenance activities by giving service technicians remote access to the equipment they maintain. Regardless if they are on the factory floor or in their remote office, the Zero Trust Security limits technician access to the equipment they maintain and requires that they use secured end-user devices to perform their work.
Pulse Policy Secure (PPS) is an integral part of Pulse Secure’s combined VPN and NAC solution. This solution provides corporate networks with Zero Trust Security through visibility, ‘comply to connect’ policy enforcement and security orchestration with popular network and security infrastructure. New Behavioural Analytics features also safeguard against attacks by detecting anomalous activity
Provisioning Industrial IoT devices to NGFWs
PPS 9.0 extends the Zero Trust Security model to IIoT devices used in smart factories and buildings, with blended IT and OT environments. It automatically discovers and profiles IIoT systems, such as factory floor SCADAs, PLCs and HMIs, or office building HVAC systems, providing dynamic visibility and securing them by enforcing policies for local and remote access by authorised users and contractors. PPS 9.0 also automatically provisions IIoT devices to next-generation firewalls (NGFWs) to facilitate remote access without provisioning overhead.
“A top priority for manufacturing customers is complete visibility and security of IIoT devices on smart factory floor environments. Because failing systems may lead to loss of revenue or human life, customers must emphasise rapid remediation of machines to avoid system outages,” said Tony Massimini, Frost & Sullivan Senior Industry Analyst, Information & Network Security.
"...82 percent of companies reported unplanned downtime in the past three years, which can cost a company as much as $260,000 an hour."
Preventing attacks by detecting anomalous activities: Behavioural Analytics
The new PPS also provides sophisticated behavioural analytics that alert security teams of anomalous IoT device behaviour and automatically requires added factors of authentication. PPS 9.0 builds baseline behaviour profiles for managed and unmanaged IoT devices utilising information correlated from multiple sources such as NetFlow, user and device data.
With these profiles, the platform detects anomalous activity, malware infections and domain generation attacks, allowing security teams to be more responsive to threats and take pre-emptive measures before attacks succeed.
The new PPS 9.0 IoT support also provides practical relief for the frequent and costly issue of factory floor equipment outages. Aberdeen recently reported that 82 percent of companies reported unplanned downtime in the past three years, which can cost a company as much as $260,000 an hour.
The resulting downtime breaks production and lowers profit, because factory floor repairs often take days when security requirements mandate that service technicians physically visit the factory to diagnose and repair the problem. The latest PPS release works seamlessly with Pulse Connect Secure to solve the problem in an innovative way.
The combined NAC and VPN approach enables IT teams to grant remote secure access—authenticated and encrypted—to support contractors for expedited repair and return to service of factory IIoT systems for greater uptime and productivity. IT teams ensure security with remote zero-trust access via auto-provisioned Next-Generation Firewalls, and by enforcing security policies that authenticate contractors based on their technician role, endpoint device status and authorisation to work on the targeted IIoT device.
The latest features of Pulse Policy Secure 9.0 are available on physical or virtual Pulse Secure Appliances (PSA). Existing customers with PSA appliances under PPS subscription or software maintenance can readily upgrade at no charge. PPS on a virtual appliance with a three-year subscription starts at $31,000 MSRP for 500 concurrent connections. Pulse Connect Secure customers can cost-effectively extend their VPN investment to include network visibility, access control and mobile security with the Pulse Access Suite.