Embedded Firewall

Feb. 27, 2013
The Floodgate Defender firewall is designed to provide security for any device connected to the Internet.

Most discussions of firewalls as part of a defense-in-depth security strategy focus on deploying the firewall to control access to the industrial network. But taking the defense-in-depth concept to the next level suggests that outfitting any device connected to the Internet with its own firewall would provide an added layer of protection.

Icon Labs, a provider of embedded networking and security technology, now offers a product that can provide device-level firewall protection. The Floodgate Defender firewall appliance is placed between the Internet and the device and can be configured with the communication policies particular to the device it is protecting.  According to Icon Labs, Floodgate Defender enforces the device communication policies, blocking attacks before a connection can be established with the target device. 

“Floodgate Defender provides: rules-based filtering to define what packets are allowed and blocks packets at the lowest layers in the IP stack; stateful packet inspection to block packets on the state of connection as well as unapproved packets that originate from the network; and threshold-based filtering to block packet floods,” says Alan Grau, president of Icon Labs. He adds that Floodgate Defender also supports whitelisting and blacklisting by IP address, port or protocol.

Though Floodgate Defender can be retrofitted to existing devices that are or can be connected to the Internet, Icon Labs expects the device to garner a great deal of interest from OEMs who can use the device to embed security within their products.

Grau says that although retroactive security devices have been around for years, most have been designed for specific applications or around SCADA-specific protocols and are not intended for general-purpose use.  But with the growing level of attacks on embedded devices, the need for this level of protection is becoming increasingly necessary. In our discussion, he cited a 2010 Columbia University Intrusion Detection Systems Lab study that shows a 102 percent annual growth in attacks on embedded devices. The study also shows that embedded devices are 15 times more vulnerable to attacks than enterprise systems because embedded systems typically don't have defense-in-depth applied, as do most enterprise systems.

“The device firewall concept is simple,” Grau says, “ you just control what the device talks to. Of course, authentication can handle a lot of this, but that can be hacked. By controlling who and what the device can talk to, you can prevent the vast majority of attacks before they get started.”

Floodgate Defender MSRP pricing starts at $995. Discounts are available for volume orders.

Read more about Floodgate Defender and predictions for greater industrial cyber security involvement by major safety groups.

Sponsored Recommendations

Understanding and Using E-Stops

E-stops, or emergency stop switches, are used to ensure machine as well as personnel safety. They are used to provide a consistent and predictable failsafe response on a wide ...

Demystifying motor disconnect switches: What are they and how are they used?

From conveyor belts to drum mixers, motors are used in virtually every industrial application to drive machinery. Equipment downtime is the main motivation behind monitoring and...

Full Line of DIN Rail Terminal Blocks Video

Altech offers an extensive line of DIN Rail Terminal Blocks including all major Connection Technologies available in the industry to meet requirements for a vast variety of applications...

The Value of Integrating DIN Rail Cylindrical Fuse Holders Into Your Designs

What short circuit currents do I have to consider when purchasing a DIN rail cylindrical fuse holder? That data is available from the manufacturer. For example, Altech cylindrical...