EC: Allen-Bradley Stratix 5950 Security Appliance

Network Integration — Ethernet hardware: The Allen-Bradley Stratix 5950 security appliance uses Adaptive Security Appliance firewall and FirePOWER technology to identify, log or block potentially malicious traffic and enhance plant-floor security. This is a Control Engineering 2017 Engineers’ Choice Awards Winner.

October 13, 2016

Most IT firewalls today cannot monitor threats on industrial protocols, which limits the ability to minimize security risks on the plant floor. The Allen-Bradley Stratix 5950 security appliance from Rockwell Automation uses new security technologies to help protect plant-floor systems.

The device uses Adaptive Security Appliance (ASA) firewall and FirePOWER technology to create a security boundary between cell/area zones or help protect a single machine, line or skid. This supports compliance with IEC 62443. The device also uses deep-packet-inspection (DPI) technology, which enables inspection of the Common Industrial Protocol (CIP) and other industrial protocols for the first time.

Combining ASA firewall, FirePOWER and DPI technology gives IT professionals the granular visibility and control they need to protect industrial networks. Users can now configure and enforce policies that help restrict potentially malicious firmware updates and program downloads. This helps ensure the integrity of plant-floor operations.

The Stratix 5950 security appliance also has a monitor-only mode in which the device is purely used for intrusion detection. Operations personnel can use this capability to monitor and log traffic flow. Any undesirable activity that is detected can help guide policy-making decisions, such as blocking websites with malicious content.

An optional subscription license is available with the Stratix 5950 security appliance. Similar to a PC-based anti-virus service, subscribers will receive ongoing threat and application-signature updates to help protect against the latest known security threats.

The Stratix 5950 security appliance includes four 1-gigabit Ethernet ports, and is available with copper-only or copper-and-fiber SFP slot options. The industrially hardened device is IP30 rated and can withstand electrical shocks, surges and noise. It can operate in temperatures ranging from -40 to 60 C.

Rockwell Automation,