Industrial Control Systems (ICS) used in critical infrastructure and manufacturing industries are targets of sophisticated cyberattacks. The Check Point 1200R rugged appliance line delivers proven, integrated security for deployment in harsh environments as part of a complete end-to-end ICS security solution.
Wide range of appliances for IT and OT networks
The 1200R Rugged Appliance complements our extensive appliance family to support a diverse range of deployment environments and meet specialized requirements in ICS security. The 1200R complies with industrial specifications such as IEEE 1613 and IEC 61850-3 for heat, vibration and immunity to electromagnetic interference (EMI). In addition, the 1200R is certified for maritime operation per IEC-60945 and IACS E10 and complies with DNV 2.4. The 1200R Appliances can also be used in commercial deployments.
Inspect Encrypted Connections
There is a shift towards more use of HTTPS, SSL and TLS encryption to increase Internet security. At the same time files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data.
Next-Generation Firewall
Check Point Application Control has broad support for specialized Industrial Control System and SCADA protocols with granularity for over 800 SCADA specific commands. This enables protocol-specific visibility and controls with directional awareness.
For instance, administrators are able to create a policy to prevent monitoring and reporting systems from performing write operations to control systems. Furthermore, our protocol decoder enables granular control at the command level, such as read/write/get for specific units, function codes and address ranges.
Protocol Support Includes:
BACNet
CIP
DNP3
IEC-60870-5-104
IEC 60870-6 (ICCP)
IEC 61850
MMS
Modbus
OPC
Profinet
S7 (Siemens)
Support for additional protocols is available on request.
Integrated threat detection and prevention
Detect and prevent targeted attacks against ICS/SCADA components in Operational Technology (OT) environments with specific protections for these highly vulnerable, unpatched, legacy embedded systems. Our threat prevention technologies have the best catch rate in the industry and can be deployed in detect-mode to minimize the disruption of operational processes.
Best-in-class management
Administrators can define security policy for the entire network — including internal security, main sites, and remote sites — from a single, centrally located Check Point Security Management server. With SmartProvisioning™, a profile-based management approach designed for large- scale deployments, administrators can define a single security and device profile and apply it simultaneously to thousands of appliances — dramatically reducing deployment time and administrative overhead.
With compliance built-in, you can meet and exceed emerging regulatory and other ICS cyber security requirements cyber security requirements such as NERC-CIP. We constantly monitor the compliance status of the organization with hundreds of best practices, enabling network security managers to quickly assess the strength of the current policy settings and where improvements are needed.