| Network integrity control |
Network integrity control that detects new / unknown devices and monitors communications between known / unknown devices |
| Secure network design |
Provide specifications for secure network design, segmentation, addressing, and communication protocols |
| Incident response support |
Health support management for events during incident response. Additional fields to complete with information about the event |
| Role-based access |
Role-based access aligned with security policies and urgent actions, at the hardware and software level |
| Hardware Security Keys |
U2F key system or physical security keys that add an additional layer of security to access accounts, protecting against targeted attacks that take advantage of cryptography to verify identity and login. It also recognizes logging into a legitimate service. These security keys can be connected to the device via USB-A, USB-C, Lightning, NFC, and Bluetooth. |
| Basic user access control |
User access control based on basic authentication mechanisms (password) |
| User access control with hidden display |
User access control based on mechanisms that visually hide the introduction of keys with asterisks or other mechanisms |
| Centralized management of security policies |
The ability to set different protection settings for different nodes and groups |
| Access control policy |
User and group policy that will define access for each type of information established and assignment of permissions by profiles and groups |
| Certificate use policy |
Policy that identifies Certification Authorities (CA), Registration Authorities (RA), applicants, subscribers and trusted third parties. As well as the characteristics of the certificates, such as their validity, own uses, unauthorized uses, issuance and revocation processes |
| Single Sign On |
Solution that allows users to have access to multiple applications by logging in with only one account to the different systems and resources. |
| Backup Policy |
Policy that defines the type of copies and their periodicity, their labeling, as well as the media on which they must be made and the locations of the backup centers where the backup copies are stored. This policy will also define periodic restoration tests |
| Redundancy system |
Redundancy capacity of energy, communications, storage and services necessary for the operation |
| Backup system |
Backup and restore system to implement backup policy |
| Cybersecurity assessment |
Provide minimally invasive industrial cybersecurity assessment. First step in establishing security requirements within the context of operational needs, this can also provide meaningful information on security levels, even less deployment of protection technologies |
| Equipment protection diagnostics |
Monitor the protection status of a computer, receive information on the status of applications and the ability to manage data log diagnostics. |
| Detection of use of default passwords |
Default password detection when connecting to devices - You can track the use of default passwords to access or connect to certain types of devices |
| SIEM integration |
SIEM integration allows you to configure the settings to export the application logs to third party events, aggregation systems based on protocols such as syslog. |
| Network event correlation analysis |
Analysis according to built-in rules for network event correlation |
| Host-based firewall |
Host-based firewall and network attack blocker |
| Reporting of events and communication to responsible parties |
The ability to provide continuous notifications and alerts on security events to responsible personnel based on threshold definitions for the different types of alerts established. |
| Advanced antimalware |
Advanced antimalware (signature-based, proactive, anti-cryptor) |
| Industrial network event log (forensic analysis) |
Forensic tools: secure monitoring and logging of industrial network events |
| Multi-factor user access control |
User access control based on robust PKI authentication mechanisms (access token or biometrics) |
| Account management |
System to create / modify / delete user accounts / groups and establish permissions, as well as identify users / groups. Configuration of login attempts to lock the account for a set time, lock it after a period of inactivity and terminate the session. Ability to limit the use of concurrent sessions and message notification capability in authentication. |
| Network communications control |
Control of users and devices in access to the network allowing monitoring their actions and gathering detailed information on their communications. Establishing VPNs or other control mechanisms, such as bandwidth limitation |
| Data Protection |
Information encryption capacity at rest and in transit. Destruction of obsolete information. Protection of the backup and data recovery process. Information classification. Prevention of data leaks in an active way and without losing productivity. Inspection of multiple types of files and protocols regardless of whether the information is transmitted encrypted or not. Both visible and invisible mechanisms so that in case of information leakage, the person responsible can be identified. Authorization control for the use of external devices or file transfer repositories in the cloud. |
| Detect attacks on industrial networks (signature-based) |
Signature-based industrial protocol attack detection tools |
| PKI infrastructure |
Public Key Infrastructure (PKI) that will provide digital certificates that allow encryption operations. These will be used for the verification and authentication of the different parties involved in an electronic exchange. |
| Verify PLC integrity |
PLC integrity check |
