Securely collect remote ICS data from customer sites
Isolate and encrypt access over any network
No modifications to customer networks
Eliminate ICS Internet exposure
Deploy quickly with little local assistance
Manage without requiring new headcount or expertise
Managed ICS’ run on customer networks
Can’t modify customer networks
Large distribution of very remote sites
Local installers with no IT expertise
Small staff supporting thousands of ICS
No downtime, 7x24 safety operations
Plug-and play installation by installers
100% cloaking of industrial controls
90% reduction of attack surface
Runs over any unmanaged network
Machine to machine encrypted communications
Rapid on-boarding of new sites
Delivering Global Services
A leading manufacturer of industrial gas products, sells and distributes atmospheric, process and specialty gases to customers across many industries; from aerospace to food and beverage and electronics to healthcare systems in over 50 countries.
The global manufacturer installs and maintains production plants on its customers’ facilities running automated chemical processes managed by industrial control systems (ICS) for the production of specialty gases like Argon. To deliver on its service level agreements (SLAs), the manufacturer must continuously monitor remote production, safety and availability of their customers’ plants.
Safety and Security Exposure
The manufacturer has a 7x24 NOC at its headquarters to remotely monitor their equipment running at customer sites and a secondary NOC geographically separated. Some remote plants had no access to a network and no remote monitoring capability leaving them without a reliable way to ensure the safety and security of these critical pieces of infrastructure.
Looking for 7x24 Access and Segmentation
The company needed an access solution that could be deployed across a variety of production environments, could run on networks they didn’t own or control, and integrate with existing monitoring infrastructure without disruption. The manufacturer’s customers have local process control technicians performing general oversight and maintenance of the physical plant, but these local technicians often have no IT, network, or cyber-security training who would have to install the solution.
Support Legacy and Modern ICS Easily
They also wanted a solution that would not require changes to an underlying network and would protect and restrict access to both legacy and new ICS and SCADA systems regardless of their operating systems.
A Combination of Complexity and Cost
The manufacturer considered industrial cellular modems, enterprise and industrial IPSec VPNs, next-gen firewalls, and private network services through large cellular providers. They estimated that these traditional options would be too complex and too costly and not address all of their constraints and requirements. The would not provide the simplicity they needed with end-to-end encrypted access and segmentation that could run on any type of network.
Network Attack Vectors Eliminated
The Gas Manufacturer chose Tempered Networks’ Identity Defined Networking (IDN) solution because of its simplicity, ability to ride over any network, and unique access control enforcement. ICS and SCADA systems are visible and can communicate only with other authenticated and authorized machines; to all other systems they are invisible.
"The central console allows us to instantly add Identity-based access controls to our ICS and SCADA systems. It’s simple and fast to provision regardless of where our equipment is located and whether its running over customer, cellular, or commercial broadband. System communication is locked down to only authorized systems in our NOC."
10 Minute Plug and Play Deployment
The manufacturer quickly deployed by pre-provisioning HIPswitches and shipping them to non-technical customer staff to install. The plug and play design made it a simple two-step process. Once turned on, the HIPswitches automatically register to the Conductor, the ID network management console, and are placed into a hardened and segmented overlay network that cannot be breached. Each site installation and activation takes less than 10 minutes.
Stronger Security, Fast and Simple Failover
IDN enables centralized control over all aspects of support and maintenance, including the revocation of components that become lost, stolen, broken, or otherwise compromised. In addition, the manufacturer’s primary and secondary monitoring centers now have graceful failover between sites from ICS endpoints to specific servers providing granular availability control.
Peace of Mind with Reliable ICS Operations
Today, the manufacturer can easily monitor its production facilities around the world and ensure customer safety, security and availability from one central location. They no longer have to attempt to negotiate different network providers in each region or face complicated and unreliable installs for predictive monitoring access.
Experience the same simplicity, security, and cost-savings