Cybersecurity out of the box
Industrial DMZ Infrastructure
Industrial DMZ Infrastructure is a ready-to-run concept for IT/OT network segmentation with integrated security features - implemented on a hyper-convergent IT platform. Thanks to the combined know-how of Siemens experts in the fields of automation, digitalization and cybersecurity, the solution is optimized for use in production and meets the highest requirements in terms of availability and security. Our holistic approach includes consulting, configuration, and appropriate support services over the entire life cycle.
Preventing unauthorized access according to IEC 62443
Due to a DMZ (demilitarized zone) with front and back firewalls, the OT systems are shielded from the corporate IT. This network segmentation allows access to systems that require data from the Internet and at the same time protects the system network from unauthorized access from outside. This corresponds to the recommendation of IEC 62443, the leading international standard for security in automation environments.
The redundant state-of-the-art next generation firewalls not only function as port filters, but also analyze the data on the application level. The services forthcoming in the DMZ, e.g., remote access, file exchange, and active directory, are made available as virtual machines on a separate high-performance virtualization host. Furthermore, the DMZ itself is based on the zero-trust concept, therefore the communication between the virtual machines within the DMZ is effectively prevented and only takes place via the firewalls.
Defense in Depth on a hyper-convergent IT platform
To protect against cyber-attacks, Siemens relies on the holistic Defense in Depth concept, based on the recommendations of IEC 62443. At the heart of the concept is a deeply tiered defense with three levels: Plant security, network security and system integrity. This multiple layer model makes it difficult for attackers to intrude into your system and cause damage.
Features and services for network security and system integrity are already integrated in our Industrial DMZ Infrastructure, serving two of the three layers of the Defense in Depth concept. Thus, you receive cybersecurity out of the box.
The solution is implemented on the proven hyper-convergent IT platform Industrial Automation DataCenter, enabling high-performance computing. Find out more: Industrial Automation DataCenter.
The following features and services for network security are already implemented in this solution:
Industrial Security Consulting
Support with guidelines and secure network design (cell segmentation, perimeter protection, firewall rules)
Continuous protection of the network through next generation firewalls
Secure network access using jump hosts
The following features and services for system integrity are already implemented in this solution:
SIMATIC Virtualization as a Service
Virtualization solution with integrated security functions such as hardening and authentication
SIMATIC DCS / SCADA Infrastructure
Data archiving and visualization with backup and disaster recovery
Continuous protection of end devices through whitelisting and antivirus
Industrial Vulnerability Manager
Efficient weak point management to increase availability
Management of critical updates in Microsoft products