NetFoundry OT security platform protects critical infrastructure

NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations.

The announcement meets three customer demands:

• Software-only, interoperable, vendor-neutral, OT microsegmentation
• Secure connectivity to IT and OEMs, without exposing the OT network while mitigating against data exfiltration
• Reduced costs of firewalls, SIEM, SOAR, analytics, data lakes and storage

“NetFoundry secures critical infrastructure on three continents, so we listen to our customers when they tell us their top need is simple security with reduced cost and complexity for their multi-vendor OT environments,” said Galeal Zino, CEO of NetFoundry.

“Solutions that stop at the firewall or are vendor-specific create complexity and don’t meet OT’s new cybersecurity and microsegmentation needs. Our unique, deny-all-inbound data approach enables IT and OT to make all firewalls and servers unreachable from the underlay networks. That’s a security and operational advantage in removing complex access-control management. It also slashes the costs of security and storage resources by reducing superfluous data logs caused by port scanning and unauthenticated events.”

NetFoundry partner FreeWave Technologies, announced in January that it had leveraged technology from NetFoundry and Keyfactor for its Industrial Internet of Things (IIoT) and wireless connectivity solutions to secure remote and embedded industrial edge operations.

Steve Wulchin, CEO of FreeWave, said: “VPN and the other security technologies we relied on the past can no longer cut it in today’s hyperconnected world. NetFoundry’s technology enables us to apply the strictest deny-by-default security principles to every user, device and application in our customers’ networks. We welcome the addition of the on-prem option for customers who need to operate without depending on external connectivity, while still being able to securely use external edges and clouds when appropriate. Partnering with NetFoundry enables us to meet emerging requirements for secure-by-design products in connected environments, such as the EU Cyber Resilience Act (CRA).”

Rik Turner, senior principal analyst, Omdia said: “While zero trust technology has gained popularity to enable secure remote access (SRA) in enterprise IT, it is even more crucial in OT environments, where even access from somewhere on the organization’s premises must be secured. In such a scenario, SRA is actually a subset of a broader secure access requirement.

“It is logical for NetFoundry to unveil an on-prem option for its platform, given that many OT customers, particularly those in the field of critical national infrastructure, cannot and/or will not countenance any cloud-based security capability for their environment.”

The NetFoundry OT security platform means the OT firewall access control list (ACL) consolidates to one inbound rule: deny-all inbound with no exceptions, even when talking with IT or OEM systems. The platform provides software-only microsegmentation for critical infrastructure, energy and manufacturing, and is natively interoperable with existing routers, firewalls, edge compute and programmable logic controllers (PLCs). SecOps gains telemetry and analytics to support threat response and regulatory compliance tracking, and IT management benefits from lower costs.

OT and IT can use NetFoundry software on any server, including existing firewalls, edge cells and PLCs. NetFoundry’s SDKs enable OEMs to build the software into industrial control system software, manufacturing machines, modems, routers, firewalls, PLCs, edge cells and reverse proxies. Solutions leveraging NetFoundry software include Microsoft, Arrow, Cap Gemini, FreeWave, EdgeX Foundry and Supermicro.