Background
To secure against a broad range of external, cross-domain and insider cyber threats
that can tamper with or reveal sensitive information, there is a requirement for a solution
to address and support the secure, unidirectional transmission of data between a clients
ultra secure network and corporate network. This requirement is being driven by many
Co-Location providers, End Users (particularly the Banking sector) and Hyperscalers, who
demand the highest levels of security between the secure and corporate networks.
Client Drivers
A solution that enforces a unidirectional flow of data, ensuring that information can only travel in one direction (outbound), with the ability to export real time data from the BMS/PMS platforms. The BMS/PMS devices and servers must remain within an isolated and segregated OT network. It is imperative that the BMS/PMS is air-gapped and has no network interfaces to the outside world. The device will allow for communication between two distinct air gapped networks, providing a physical and logical barrier. There is also a requirement to provide a method of validating data flow and integrity, offering real time alerting should there be a break in data flow.
Solution Offering
MPL has developed and deployed a ‘ready to run’ ultra secure data tunnel combining both hardware and software elements.
The hardware comprising of a data diode, and two N-GEN gateways (send and receive) to ensure physical unidirectional data transfer.
The MPL N-GEN Estate Software is embedded on the two gateways to manage data handling and integrity. The N-GEN platform allows live data, real time alarms and heartbeat UDP packets to flow. As part of the solution, MPL also delivered the MQTT Broker.
Client Benefits
The USI_Data Tunnel provides all the key data metrics to support client SLA agreements. Furthermore, the solution:
Enhances security by physically preventing any data flowing back into the source network
Reduces attack surface and the potential for data breaches or malware propagation
Assists with regulatory compliance
Real time alerting utilising OT Network ‘heartbeat’
Gateways handle, translate and validate data including the handling of UDP packets
Hosted MQTT Broker acts as a ‘go between’ allowing devices to publish and subscribe to telemetry and non-telemetry data in real time
N-GEN provides local data visualisation, auditing, governance, and reporting
Data discrepancies between send and receive reports are easily identified using a DIFF tool to compare CSVs
N-GEN Estate global visualisation assisted by hosted MQTT Broker
Periodic Pen Testing and when the client implements any fundamental software changes
Simplified factory acceptance testing – including supply, test, apply licences, commission and the provision of all documents and certificates
Resource available to assist the clients ICT contractors to configure the VLANs, Firewall, MAC address registration and network testing.
Send and Receiver Screen Shots
Sender
Receiver
Receiver - Telemetry Data
Receiver - MQTT
For further information, please contact us at marketing@mpltechnologygroup.com
Comments