Cybersecurity out of the box

Industrial DMZ Infrastructure

Industrial DMZ Infrastructure is a ready-to-run concept for IT/OT network segmentation with integrated security features - implemented on a hyper-convergent IT platform. Thanks to the combined know-how of Siemens experts in the fields of automation, digitalization and cybersecurity, the solution is optimized for use in production and meets the highest requirements in terms of availability and security. Our holistic approach includes consulting, configuration, and appropriate support services over the entire life cycle. 

Preventing unauthorized access according to IEC 62443

Due to a DMZ (demilitarized zone) with front and back firewalls, the OT systems are shielded from the corporate IT. This network segmentation allows access to systems that require data from the Internet and at the same time protects the system network from unauthorized access from outside. This corresponds to the recommendation of IEC 62443, the leading international standard for security in automation environments.

The redundant state-of-the-art next generation firewalls not only function as port filters, but also analyze the data on the application level. The services forthcoming in the DMZ, e.g., remote access, file exchange, and active directory, are made available as virtual machines on a separate high-performance virtualization host. Furthermore, the DMZ itself is based on the zero-trust concept, therefore the communication between the virtual machines within the DMZ is effectively prevented and only takes place via the firewalls.

Defense in Depth on a hyper-convergent IT platform

To protect against cyber-attacks, Siemens relies on the holistic Defense in Depth concept, based on the recommendations of IEC 62443. At the heart of the concept is a deeply tiered defense with three levels: Plant security, network security and system integrity. This multiple layer model makes it difficult for attackers to intrude into your system and cause damage.

 

Features and services for network security and system integrity are already integrated in our Industrial DMZ Infrastructure, serving two of the three layers of the Defense in Depth concept. Thus, you receive cybersecurity out of the box.

 

The solution is implemented on the proven hyper-convergent IT platform Industrial Automation DataCenter, enabling high-performance computing. Find out more: Industrial Automation DataCenter.

The following features and services for network security are already implemented in this solution:
 

Industrial Security Consulting
Support with guidelines and secure network design (cell segmentation, perimeter protection, firewall rules)
 

Automation Firewall
Continuous protection of the network through next generation firewalls
 

Remote Services
Secure network access using jump hosts

The following features and services for system integrity are already implemented in this solution:
 

SIMATIC Virtualization as a Service
Virtualization solution with integrated security functions such as hardening and authentication
 

SIMATIC DCS / SCADA Infrastructure
Data archiving and visualization with backup and disaster recovery
 

Endpoint Protection
Continuous protection of end devices through whitelisting and antivirus
 

Industrial Vulnerability Manager
Efficient weak point management to increase availability
 

Patch Management
Management of critical updates in Microsoft products

Benefit from Industrial DMZ Infrastructure

Available to you worldwide

Siemens Industry Online Support

Download & Support

Here you can find further information and offers regarding our service portfolio

Contact our service experts

Whether you need a single service or a comprehensive lifecycle package, our experts will be happy to provide you with advice and support at any time.
Referenzen

Best practice sharing

Around the world, companies in all industries rely on our comprehensive service offering for cybersecurity and IT infrastructures