Veracity Industrial Network Controller

Introducing Veracity’s SDN-based Industrial Network Controller:

Administrators of industrial networks have long sought a controller that supports all common enterprise and industrial protocols and provides visibility to 100% of the devices on the network.  That controller has arrived in the Veracity Industrial Network Controller. 

The Veracity Controller is an SDN-based system that provides dynamic traffic control via the ability to enable or disable multiple traffic rules at a time. Upon install, all traffic and devices are denied by default and all attempted and seen communications between device pairs are displayed in the UI by protocol.

Veracity’s Controller is designed for operational and engineering efficiency; a logical workflow-based approach to network configuration, orchestration, security and resilience.

Security Level Model

 Veracity’s Network Controller provides the first fully functional visual based security level model builder. The security level allows for a user to quickly build the Purdue Manufacturing Model, ISA-95, ISA-99, or even create a model from scratch. The user can quickly define the functional levels in their model and drag & drop device types from the industry library to their respective functional levels. Finally, the user can easily define rules for each level (e.g. communication between levels).

Authorize Network Devices

 Device management is made simple with Veracity’s INDUSTRIAL SDN™ as 100% of all devices connected to the network are identified. During the learning/identification mode, the system is also characterizing the network devices to classify the functional role and device type (e.g., PLC, RTU, SCADA Server, etc.). Device management provides information to the user to define whether a device should be authorized or not. The user can also decide to quarantine a device (e.g., an unauthorized laptop).

Authorize Networked Devices

 During the learning/identification mode, the system is also characterizing the network devices to classify the functional role and device type (e.g., PLC, RTU, SCADA Server, etc.). Device management provides information to the user to define whether a device should be authorized or not. The user can also decide to quarantine a device (e.g., an unauthorized integrator laptop).

Security Zone Management

 Veracity provides an innovative approach to network segmentation via the creation of security zones. This workflow-based approach allows the user to easily create security zones or logical groups and assign devices to those groups. This can be accomplished in multiple ways from Veracity’s single pane of glass – by asset/network drag and drop or command line interface.

Security Zone Management

 With Veracity, an innovative approach to network segmentation via the creation of security zones is used. This workflow-based approach allows the user to easily create security zones or logical groups and assign devices to those groups. This can be accomplished by asset/network drag and drop or command line interface.

Authorized Communication

 Veracity’s approach to traffic engineering allows complexity at scale while allowing fine-grained control. The user can manage traffic at a high level – e.g. what zone to zone communications are permitted – or via very granular rules such as “a specific PLC is allowed to communicate with a specific HMI over DNP-3.”

Visual Validation

 Where engineers are very comfortable working with spreadsheet-like interfaces for managing complex data, what is lacking is a visual representation.

Visual validation is an important step to identify the rules that are being configured in a simplified and consumable manner. This enables the user to maximize their efficiency and accuracy.

System Policy Management

In addition to simplified traffic engineering via zones and device types, Veracity provides dynamic, API-based control by allowing configuration change sets to be grouped as policies. These policies can be enabled or disabled at any time, vastly simplifying operational workflows. 

The system will support both a default policy of denying that access alongside an operational policy of allowing that access, and switching between them can be done via a remote process driven by a change management workflow or via a few clicks in the user interface.

TRY OUR ONLINE DEMO

TRY OUR ONLINE DEMO