Answers to common questions
SDN or Software Defined Networking is an open standard that allows the programmatic management of network traffic. It is commonly used in cloud applications and distributed networking by the major players in those industries. Learn more
Deny by default means that no network communication traffic is allowed through switches unless explicitly defined as acceptable by the system.
A Zero Trust Network Architecture (ZTNA) requires that no device on the network can be trusted by default. Most ZTNA solutions require either an agent to be installed in the device or a piece of hardware to be in between the endpoint and the switch. This is either impractical on devices that can be two decades old or impractical due to the cost. Net-Optix identifies the device by its unique identifiers and blocks all unauthorized traffic to that device at the switch.
You can save time in several ways. In the installation of the Veracity OT Network Controller you will typically save approximately 50% over a typical network segmentation project. This savings comes in reducing the number of firewalls required and needing to be configured, as well as the elimination of much of the rewiring of the network. During operation, the reslilience of the network will prevent downtime and the simplified management of the network will improve operational efficieny.
Any operational network can become a Veracity network. The only exception is where the network is being managed as part of the control system, such as in some DCS applications.
Yes, you can. With learn mode, the system can watch existing network traffic to create the rules required to get you up and running very quickly. The Veracity OT Network Controller does require SDN switches and if your current system does not support SDN, we will work with you on the best and most cost-effective implementation plan.
The solution will run on a 2-core computer with 4GB of RAM and a 10GB hard drive. The switches must support OpenFlow.
There are many switches from a variety of manufacturers such as Schweitzer Engineering Labs, Cisco, Allied Telesis, Dynics, Juniper, HP, and others. Contact us for the latest list of supported switches.
The network administrator will participate in the initial architecting of the network and can approve any changes to the ruleset if they choose to do so.
There are several ways to create communication rules. First, you can have the Veracity OT Network Controller learn the current traffic on the network and generate rules for you which you will then approve. Second, you can create rules on a device-to-device basis or group of devices such as all devices in a workcell can communicate via EtherNet/IP. Next, you can create rules that specifically drop unwanted traffic. This is useful if you have a device that is utilizing multicast or is pinging unwantedly and will reduce noise traffic on your network. Finally, You can specify rules based on a Purdue-like model to allow or prevent devices at different levels from communicating with each other.
The Purdue model is a definition of different layers in a typical automation system. The bottom layers typically interface directly with the automation equipment. As you move higher in layers, they perform more control until the topmost layers are business systems overseeing plant operations. With Veracity you can set rules about which layers can communicate. For example, a PLC will most likely always need to communicate with remote IO. However, there is typically no reason that remote IO would need to communication with the MES system.
You will need minimal training, but the power of the Veracity OT Network Controller is that it is written and designed for OT professionals to manage in the way that they see the control system. Typically, less than an hour of training is required to handle routine network changes and management. Our solution partners can provide the training to your team.
Like most security solutions, our OT Network Controller is a software-as-a-service subscription solution. Pricing is based on the size of your network. Please contact us to obtain a quote.