FA-M3 Partners

Introducing partner products offering a variety of solutions for customers along with the FA-M3.

You can also use the I/O open mechanism to develop customized original modules.

Partner products

Partner products offer a variety of solutions for customers along with the FA-M3.
It consists of products of all genres, whether software or hardware.

You can also develop original modules (see the Original Module Development page).

 

Security equipment

Next-generation industrial IPS : EdgeIPSTM by TrendMicro Incorporated

EdgeIPS is a transparent IPS for industries that installs in-line before critical assets such as HMIs and PLCs to prevent vulnerabilities and unauthorized access without changing the NW architecture of existing installations, thereby helping to stabilize production lines.

 

Next-generation industrial IPS for large-scale networks: EdgeIPSTM Pro by TrendMicro Incorporated

EdgeIPS Pro is an industrial IPS for large-scale networks that supports stable operation of production lines by preventing vulnerabilities and unauthorized access. By installing in-line under core switches, critical assets such as distributed networks or multiple HMI and PLC units can be secured without changing the NW architecture of existing installations.

 

Next-generation industrial firewall: EdgeFireTM by TrendMicro Incorporated

EdgeFire is a next-generation industrial firewall that helps stabilize new production lines and reduce security risks when connecting vulnerable groups of equipment to new networks by separating networks by production line and countering vulnerabilities.

 

Centralized Security Management Console: OT Defense ConsoleTM by TrendMicro Incorporated

OT Defense Console is an integrated management and monitoring tool for information such as: the number of connected industrial control devices protected by EdgeIPS, EdgeIPS Pro, and EdgeFire; the device and manufacturer names; IP addresses; OS versions; and usage protocols for the devices.

 

Disclaimer
The company does not warrant the accuracy, completeness, fairness, appropriateness, accessibility, or availability of the partner's product information listed on this website. For updates, please consult with the partners listed.

Details

Next-generation industrial IPS: EdgeIPSTM (TrendMicro Incorporated)

EdgeIPS is a transparent IPS for industries that installs in-line before critical assets such as HMIs and PLCs to prevent vulnerabilities and unauthorized access without changing the NW architecture of existing installations, thereby helping to stabilize production lines.

To the product page 
(To the Trend Micro website)

 

*OT Defense Console (a separate product for centralized management) is required for managing EdgeIPS and remote distribution of IPS filters (signatures), etc.

EdgeIPS_Trend Micro
logo_Trend Micro

 

Features

Protecting and visualizing critical assets

  • Protect critical assets with FW, IPS, protocol filters, DoS prevention, and more
  • Priority support for industrial protocols used in the Japanese market
  • Provides high-precision industrial IPS filters utilizing ZDI knowledge
  • Visualize asset information and used protocol information

Easy operation

  • Transparent IPS enables deployment without changing the NW architecture of existing installations
  • Compact size, easy to install in control boards
  • Fast recovery with Zero-Configuration (planned)
  • Per-unit management with CLI/Web Console
  • Centralized management and monitoring with OT Defense Console (ODC)
  • Operations and management in a closed environment (planned)
  • Visualize network configuration (planned)

Highly reliabile hardware

  • Fanless design
  • Supports redundant input power
  • Operating temperature range: -40 to +75 ℃
  • 5-year hardware warranty
  • Certified for various technical conformities (planned)
  • Self-death monitoring and automatic recovery (planned)
  • Hardware bypass

 

Main functions

Item EdgeIPS
Policy Enforcement(Firewall) Control communications by IP address and port number.
DoS Prevention Detect and block DoS attacks such as TCP SYN Flood and ICMP Flood.
IPS

Detect and block vulnerability attacks such as on OS and industrial applications. Leverage vulnerability information gathered by the Zero Day Initiative (ZDI)—a vulnerability discovery community of more than 3,000 researchers from about 80 countries around the world—to quickly provide high-precision IPS filters.

Protocol Filter

Detect and block unauthorized access and manipulation by controlling communications based on commands in industrial protocols.

Visualize assets

By inspecting packets passing through EdgeIPS, you can visualize information on existing assets under control and protocols used, making it easy to ascertain the status of assets.

Switch between Detection and Block mode

You can switch the various security functions flexibly between operating modes to simplify verification during initial deployment.

CLI/Web Console

Perform configuration via command line or web console.

Zero-Configuration(planned)

Save configuration in advance to USB storage for quick recovery when replacing faulty hardware.

Centralized management

By using OT Defense Console (ODC, sold separately), you can control and monitor managed EdgeIPS in an integrated manner to further improve interoperability.

* Since OT Defense Console is required when activating EdgeIPS, you must purchase it when you deploy EdgeIPS.

 

Deployment

Edge IPS

Transparent for enhanced security without changing the network settings of existing equipment

  1. Prevent vulnerability attacks, infection and spread of worms (such as Wanna Cry), and unauthorized access on the internals and externals of production line A.
  2. Protect HMIs running legacy OS from vulnerability attacks and worm infections, and prevent horizontal infections in production line A.
  3. Prevent trouble caused by tampering and operational errors by allowing program write commands to PLCs only from EWS.
  4. Prevent vulnerability attacks and worm intrusion from terminals brought in by maintenance vendors.

 

 

 

 

 

Next-generation industrial IPS for large-scale networks: EdgeIPSTM Pro (TrendMicro Incorporated)

EdgeIPS Pro is an industrial IPS for large-scale networks that supports stable operation of production lines by preventing vulnerabilities and unauthorized access. By installing in-line controlled by core switches, critical assets such as distributed networks or multiple HMI and PLC units can be secured without changing the NW architecture of existing installations.

To the product page 
(To the Trend Micro website)

logo_Trend Micro
logo_Trend Micro

 

Features

Protecting and visualizing critical assets

  • Protect critical assets with FW, IPS, protocol filters, DoS prevention, and more
  • Provides high-precision industrial IPS filters utilizing ZDI knowledge
  • Visualize asset information and used protocol information

Easy operation

  • Centralized management and monitoring with OT Defense Console (ODC)
  • Manage individually on the web console
  • Transparent IPS enables deployment without changing the NW architecture of existing installations
  • Fast recovery with Zero-Configuration (planned)

High performance/high scalability/high availability

  • Throughput 1048: 10 Gbps/2096: 20 Gbps
  • Expandable IO modules (12 pairs) (1048: 2 Slots/2096: 4 Slots)
  • Supports redundant input power
  • Self-death monitoring and automatic recovery (planned)
  • Hardware bypass (1048: 24 Pairs/2096: 48 pairs)
  • Redundant architecture

 

Main functions

Item EdgeIPS Pro
Policy Enforcement (Firewall) Control communications by IP address and port number.
DoS Prevention Detect and block DoS attacks such as TCP SYN Flood and ICMP Flood.
IPS

Detect and block vulnerability attacks such as on OS and industrial applications. Leverage vulnerability information gathered by the Zero Day Initiative (ZDI)—a vulnerability discovery community of more than 3,000 researchers from about 80 countries around the world—to quickly provide high-precision IPS filters.

Protocol Filter

Detect and block unauthorized access and manipulation by controlling communications based on commands in industrial protocols.

Visualize assets

By inspecting packets passing through EdgeIPS Pro, you can visualize information on existing assets under control and protocols used, making it easy to ascertain the status of assets.

Switch HW bypass Enable (fail-open) or disable (fail-close) HW bypass for each port pair.
Switch between Detection and Block mode

You can switch between operating modes of security functions to simplify verification during initial deployment.

Web Console

Perform configuration via command line or web console.

Centralized management

By using OT Defense Console (ODC, sold separately), you can control and monitor managed EdgeIPS Pro in an integrated manner to further improve interoperability.

*Since OT Defense Console is required when activating EdgeIPS Pro, you must purchase it when you deploy EdgeIPS Pro.

 

Deployment

EdgeIPSPro Deployment

Transparent for enhanced security without changing the network settings of existing equipment

Example:

  1. Between core switch and edge device
    • Prevent lateral infections between devices in the production line
  2. Between core switch and edge device
    • Prevent lateral infections between production lines
      * Lateral infection under the control of the edge switch cannot be prevented

 

 

 

 

 

 

Next-generation industrial firewall: EdgeFireTM (TrendMicro Incorporated)

EdgeFire is an industrial security appliance that separates networks and counters vulnerability attacks on individual production lines by stabilizing new production lines and reducing security risks when connecting vulnerable groups of equipment to new networks.

To the product page 
(To the Trend Micro website)

 

* OT Defense Console for centralized management (sold separately) is required to manage EdgeFireTM and remotely distribute IPS filters (signatures).
*EdgeFireTM power supply and power cable must be provided separately. The power cable terminals require ferrule processing.

 

EdgeFire
logo_Trend Micro

 

Features

Building safer NW segments

  • FW, NAT, protocol filters, VLAN, VPN(planned), and more
  • Provides high-precision industrial IPS filters utilizing ZDI knowledge
  • Visualize information on assets and protocols used

Easy operation

  • Front wiring
  • Manage individually on the web console
  • Centralized management and monitoring with OT Defense Console (ODC)
  • Fast recovery with Zero-Configuration (planned)
  • Operations and management in a closed environment (planned)
  • Visualize network configuration (planned)

Highly reliabile hardware

  • Fanless design
  • Supports redundant input power
  • Operating temperature range: -40 to +75 ℃
  • 5-year hardware warranty
  • HA Configuration (planned)

 

Main function

Item EdgeFire
Policy Enforcement (Firewall) Control communications by IP address and port number.
NAT Static/Dynamic NAT, address changes with static NAPT.
VLAN Network isolation with Port VLAN and Tag VLAN.
DoS Prevention Detect and block DoS attacks such as TCP SYN Flood and ICMP Flood.
IPS

Detect and block vulnerability attacks such as on OS and industrial applications. Leverage vulnerability information gathered by the Zero Day Initiative (ZDI)—a vulnerability discovery community of more than 3,000 researchers from about 80 countries around the world—to quickly provide high-precision IPS filters.

Protocol Filter

Detect and block unauthorized access and manipulation by controlling communications based on commands in industrial protocols.

Visualize assets

By inspecting packets passing through EdgeFire, you can visualize information on existing assets under control and protocols used, making it easy to ascertain the status of assets.

Switch between Detection and Block mode

You can switch the various security functions flexibly between operating modes to simplify verification during initial deployment.

CLI/Web Console

Perform configuration via command line or web console.

Zero-Configuration(Planned)

Save configuration in advance to USB storage for quick recovery when replacing faulty hardware

Centralized management

By using OT Defense Console (ODC, sold separately), you can control and monitor managed EdgeFire in an integrated manner to further improve interoperability.

* Since OT Defense Console is required when activating EdgeFire, you must purchase it when you deploy EdgeFire.

 

Deployment

EdgeFire Deployment

Limit access (network isolation via FW/NAT, etc.)

  • Making the historian in production line A accessible only from certain servers in the DMZ reduces the risk from unauthorized communications between other equipment in production line A and external NW, as well as the risk from worm infections and other attacks targeting other services in the historian.

Prevent vulnerability attacks from within the accessible range
(Prevent vulnerability attacks and worm infections with IPS)

  • If a specific server in the DMZ that allowed communication with Historian in production line A is attacked, even if the vulnerability attack targets Historian through that server, IPS blocks the attack.
  • Even if EWS infects production line A with a worm such as DOWNAD via a USB memory or WannaCry via a portable terminal, it prevents the worm from spreading beyond the network of production line A.

Prevent illegal operation from within the accessibile range
(Prevent illegal operation with protocol filters)

  • In an environment where the VLAN is disconnected from LAN1 (to which the historian, HMI, and EWS are connected) and LAN2 (to which control equipment such as a PLC is connected) in production line A, and only communication between the HMI and PLC is permitted, it is only possible to read parameters from the HMI to the PLC. Other operations are prohibited (such as parameter settings and program overwriting), thus preventing illegal operations.
  • Parameter settings (write) and reading (read) from the MES are possible when the PLC in production line A is connected to the MES (Manufacturing Execution System) present in the upstream NW, but program rewrite (config) is prohibited to prevent unauthorized operations.

 

* Since there are restrictions on east-west IPS and protocol filters, use EdgeIPS when aiming to prevent horizontal infection.

 

 

 

 

Centralized security management console: OT Defence ConsoleTM (TrendMicro Incorporated)

OT Defense Console is an integrated management and monitoring tool for information such as: the number of connected industrial control devices protected by EdgeIPS, EdgeIPS Pro, and EdgeFire; the device and manufacturer names; IP addresses; OS versions; and usage protocols for the devices.

To the product page 
(To the Trend Micro website)

 

TxOneODC_Trend Micro
logo_Trend Micro

 

Features

Centralized management makes operations more efficient

  • Install at each plant for centralized management of EdgeIPS, EdgeFire, and other devices
  • Manage and apply multiple policies via group settings
  • Distribute IPS filters (signature files) to each device

Visualize security events and more

  • Aggregate detected and blocked security events
  • Visualize asset information collected by managed devices
  • View total traffic by IT/OT protocol and application traffic for each asset in real time

External server connection via syslog transmission

  • Automatically send syslog to installed syslog servers

 

Main functions

Item

OT Defence Console

Dashboard Displays security events detected by all devices registered with ODC, traffic information by IT/OT, and other information to help you understand the situation in the factory.
Visualize networks Displays the equipment information detected by all devices registered with ODC. Displays the status of network traffic, including information such as model names for each facility, application protocols, and control protocols, and contributes to understanding assets in the factory.
Manage groups Devices registered with ODC can be configured in groups, with different security settings for each installation location and factory.
Manage signatures and firmware Download signature files and firmware from an update server on the Internet to the ODC, and manually upload to the ODC. Control delivery of signature files to devices in groups.
Manage logs

Aggregate logs sent from devices. Identify the scope of impact when a security event occurs.

Manage accounts

You can configure multiple function-specific permissions for users who need access to the ODC.

 

 

 

 

 

Op zoek naar meer informatie over onze mensen, technologie en oplossingen?

Contact

Top