Guardian provides a powerful suite of tools for learning everything important about network traffic at your facilities. Our system can recognize unexpected changes in these patterns and alert your administrators and users to many forms of potential problems, from mistakes during upgrades, to failing sensors and actuators, all the way through to security incidents and cyber-attacks.
Speed of detection and response can be critical whatever the causes of potential problems. To enable the fastest possible responses, we have created a direct connection to several commercially available security systems.
From the first moment Guardian detects malicious behavior, it can alert your operators with guidance on what security system changes to make, or for the fastest automatic response, Guardian can directly configure your networks using vendor APIs to isolate the misbehaving devices.
Safety first
Your company and facility administrators will already have configured a secure foundation, using firewalls, router and potentially other systems. InprOTech Guardian will never attempt to configure these systems without your permission. We are architected and designed to offer you the choice of either a simple notification, guidance for firewall rules and policies, or automated API interactions with firewalls as you deem most appropriate for your facility.
Integrated response
InprOTech has great monitoring, alerting and threat detection systems. We have specialized and invested heavily in creating intelligent sensing and reaction systems, but we also respect the efforts and investments of other experienced technology firms.
To take action most appropriately, we leverage the technology of specialist firewall manufacturers.
We are developing baseline integrations with firewalls from Stormshield.
Future integrations are planned for Cisco, Palo Alto Networks, Sophos, pfSense, Fortinet and others.
How it works
We have implemented a set of configurable response policies to integrate reputation checking with device and network blocking policies.
The administrator can enable or disable the reputation checking for IPs in Guardian from the front end. This process can refer to our integrated machine learning, 3rd party reputation checking services and explicit lists of IPs to allow or deny access.
Simple CSV or JSON files can provide IPs or IP ranges to allow or deny.
These checks feed into the blocking policy from the following:
- AUTOMATIC: Suspicious IPs or devices will be blocked automatically without any user intervention.
- ON DEMAND: Whenever Guardian identifies any IP or device as suspicious it will show an alert in the UI. The alert will include a simple button control which the user can press to block the suspicious entity.
- INFORMATIVE: Whenever Guardian identifies any IP or device as suspicious it will show an alert in the UI. The alert will include a text block describing how to block the suspicious entity, but no automated action will occur.
Advantages of Guardian Firewall Integration
Our AUTOMATIC policy acts within milliseconds of detecting an intrusion. This minimizes the “time exposed to danger”, reducing the risk of harm in any attack or malfunction.
Ease of installation. If you integrate our system with your firewall, nothing else needs to be done. There’s no additional network reconfiguration.
Ease of acceptance. With any change to security infrastructure, it’s important to be confident before full adoption. Operating with the INFORMATIVE policy should give your operators all the information they need before choosing our AUTOMATIC policy or requesting modifications from our engineering team.
Flexible Response. The different response policies allow administrators to choose a level of intervention that suits their needs and confidence. The response can be AUTOMATIC, ON DEMAND, or INFORMATIVE.
Compatibility. Our team is developing an integration with Stormshield, along with its potential future integration with the main Firewall manufacturers like Cisco, Sophos, pfSense, Fortinet, Palo Alto Networks and, makes Guardian a highly versatile and adaptable system. This compatibility ensures that Guardian can seamlessly integrate into various security infrastructures, providing an additional layer of protection without replacing existing systems.
Security and Access Control. Guardian will never attempt to configure systems without an administrator’s permission. However, it offers options for notification, guidance for firewall rules and policies, or automatic interactions via API. The administrator will make these choices as deemed most appropriate for their installation.
Conclusions
InprOTech Guardian Firewall Integration is an advanced and flexible solution for threat detection and response in industrial networks. Its ability to integrate with existing security systems, rapid response, and configuration options makes Guardian Firewall integration an essential tool for protecting critical infrastructures.
By choosing Guardian, companies can be confident that they are investing in a technology that detects and responds to threats efficiently, respecting and complementing their current security investments.