Security with Passion
www.endian.comE
ndian
4
i
S
witchboard
Security with Passion
www.endian.comTable of contents
A 360° Solution to Secure Industrial Connectivity
5
The Challange 5
The Solution 5
Our Industrial Product Portfolio 5
The Challange Secure Connection of SCADA Systems
6
The Solution Endian 4i and VPN Switchboard
7
VPN
Switchboard
Key
Features
8
Action Links 8
Interoperable 8
Development Access (API) 8
USB Provisioning 9
Reference Customers 9
Subnet Mapping 9
4i
Edge
Industrial
Firewalls
10
Feature Highlights 10
Endian 4i Edge 500: The Ultimate Industrial Solution 10
Endian 4i Edge 300: DIN Rail Industrial Solution 11
Endian 4i Edge 200: Desktop Industrial Solution 11
Success Story: Instrumentation Laboratory (IL)
13
4
Mobile Access: Our latest soft-ware release now supports native
remote access from any iOS or Android mobile device.
Machine to Machine (M2M):
Connect all of your industrial networks together or even connect
them into your IT network.
Computer to Device: Provision remote access to all of your key personnel (users,
Security with Passion
www.endian.comA 360° Solution to Secure Industrial Connectivity
The Challange
Industrial networks are rapidly changing into open and interconnected systems over the Internet. Technicians and engineers need to be able to remotely monitor and intervene on a wide variety of SCADA equipment. However, by connecting systems to the Internet means potentially exposing critical assets to a wide variety of malicious threats.
The Solution
The solution is a system capable of safeguarding control equipment, alerting key personnel and restricting access to autho-rized personnel only, while blocking and reporting intrusion attempts. This product has to secure and encrypt machine-to-machine communication and filter harmful traffic. The management of such a complete solution has to be really simple, as SCADA networks become increasingly distributed over large territories.
Why Endian
Endian 4i series, desktop or DIN rail version, provides insutrial networks with a complete set of security features, including firewalling, routing, Virtual Private Network (VPN) and Intrusion Prevention System (IPS). We assure top performance in terms of power, stability and usability for a wide variety of temperature ranges. Secure remote access is available from iOS and Android devices as well, with no need to install third party applications. The VPN Switchboard makes it possible to manage all Endian devices (as well as user/group access permissions) from a single management portal.
Our Industrial Product Portfolio
Endian 4i Edge Series Devices
: SCADA Access & Security
4i edge series
Firewall 3
Routing 3
Bandwith management 3
IPS 3
Endian VPN Switchboard
: Centralized VPN Solution
VPN Switchboard
Web interface for remote access 3
Rule & Role-based permissions 3
VPN connection 3
Provide access from mobile devices 3
Can be hosted in the cloud 3
Access to any endpoint in production network 3
Prevent and signal unauthorized access 3
Encrypt communication 3
Provide no IPs collision 3
6
2
Using point to point VPN products
The Challange
Secure Connection of SCADA Systems
You need to connect your users to your remote SCADA devices on various control networks located all over the world. Each user or group of users needs specialized and/or restricted access to certain equipment that fall within their job responsiblitiy but you do not wish to allow them to access or manage any other equipment. You also have a responsiblity to ensure that only one remote user can be connected to any given device to prevent duplicate access which can cause serious business disruption.
Using today’s technology solving all these issues means either:
1 manually opening device access to the Internet which presents serious security risks or 2 using point VPN products that each have to be managed individually which causes a heavy administrative burden for your non-technical staff.User 1 User 2 Internet Open Port 80 Firewall Location B (SCADA) Centralized Management Secure, Controlled Access
Location B (SCADA) Internet VPN Device VPN Device Location A (SCADA) Centralized Management Simple Administrative Overhead
Security with Passion
www.endian.comThe Solution
Endian 4i and VPN Switchboard
Key Features
Benefits to IT / Control Businesses
Central User Management
Determine which users or groups of users can access each network and define what permissions they have when connected
• Give access to many users with different roles • Quick denial of access (employee termination) • Prevent remote access to critical devices • Detailed user audit trail (compliance)
• Provide users one-click access to endpoints behind Endian (HMI, PLC, etc)
Quick Device Configuration
With distributed networks, it’s difficult to deploy many edge devices. The VPN Switchboard’s USB provisioning tool makes configuration as simple as plug-n-play.
• Multiple locations that span a large territory • Project deployment is time-sensitive
• Network is expanding now or will in the future
• Personnel at remote locations have limited networking skills • Need to quickly issue a back-up due to failure
Resolve Network Conflicts
Routing problems result when multiple net-works are assigned the same subnet -- the new Endian VPN Switchboard can automa-tically resolve this issue!
• Prevents massive network remapping project • Reduce business IT involvement
• Eliminate the requirement to deploy additional hardware at remote locations
• Allow central management of VPN connections
Switchboard Dallas Detroit New York IT Admins SCADA Monitoring & Support Vendor Access
Simply and securely connect your various users or groups (of users) to individual devices or device groups without any client side configuration. The client just installs the software and connects to the VPN switchboard and all their device access is available.
Group your users and/or devices by job roles or device access levels to only allow the access required (and nothing more).
8
Interoperable
In the event where existing endpoint devices are in place, you can use the VPN Switch-board to manage any device that utilizes Open VPN (SSL) technology. This helps to reduce the cost of replacing edge devices and minimizes the impact of potential down-time of the network.
Switchboard IT Support SCADA Support Vendor Support VPN VPN VPN Intranet
Development
Access (API)
Thanks to API interface it is possible to inte-grate all the VPN Switchboard functionali-ties on existent platforms (such as partners support portal).
Action Links
With Endian 4i series it is possibile to set up actions and group of actions for any de-vice: via pre-configured hyperlinks one can launch applications to access the endpoints (PLCs, HMIs, Web Servers, etc.) behind the firewall.
Switchboard
Internet Internet Internet
VPN VPN VPN Choose an action... Remote Desktop Launch App2 Switchboard HMI 1 HMI 1 HMI 1 Internet Internet VPN VPN Remote User 4i Client
Security with Passion
www.endian.comSubnet Mapping
IP overlapping is no longer a problem: Endian VPN Switchboard automatically remaps redundant subnets so that a cen-tral VPN management solution can be implemented. Switchboard Internet Internet Internet VPN VPN VPN
Subnet A Subnet A Subnet A
Reference Customers
Switchboard USB Internet Internet VPN VPNHMI Servers Remote User 4i Client
USB Provisioning
The provisioning is implemented through a simple USB key that spreads the chosen configuration settings to the Endian 4i ap-pliances
10
4i Edge 505 is the strongest ruggedized appliance of the new series. Its powerful hardware is conceived to work in critical conditions and under extreme temperatures. The solution guarantees an even more stable and scalable VPN connection between head quarter and branch offices/ pro-duction sites.
Endian 4i Edge 515
The most robust industrial solution
Performance
Firewall Throughput: 120 Mbps VPN Throughput: 30 Mbps IPS Throughput 20 MbpsHighlights:
• -20 to +70°C Temperature • Simple, Secure VPN Access • 3G Module (optional) • Dual Power Input 24V DCRecommended for:
• Machine Building • Manufacturing • Infrastructure • Healthcare • CommunicationsFirewall VPN (SSL & IPsec) IPS 3G/4G Modem Support
Feature Highlights
4i Edge Industrial Firewalls
DIN Rail/Wall Mount
Native support Wide Temperature: -20°C -- 70°C Mobile 3G Module 140 mm 59 mm 167 mm
Security with Passion
www.endian.comIt is the ideal appliance to secure industrial networks and protect data exchange between branch offices. Serial over IP and Digital Input/ Output included.
Highlights:
• 0 to +60°C Temperature • Simple, Secure VPN Access • 3G Module (optional) • Dual Power Input 24V DC
Recommended for:
• Machine Building • Manufacturing • Infrastructure
Endian 4i Edge 313
The DIN Rail industrial solution
The 4i Edge 200 appliance is built to provide the most po-werful desktop industrial solution on the market. This product works great as a branch office VPN solution or as an end-point secure router in temperature controlled environments.
Highlights:
• Simple, Secure VPN Access • 3G/4G USB Modem Support • 5 Gigabit Ethernet Ports • Low Power (< 5W)
Recommended for:
• Infrastructure • Healthcare • CommunicationsEndian 4i Edge 200
Desktop Industrial Solution
Centralized Management
Disaster Recovery Easy Drop In Reporting
167 mm 59 mm 140 mm 140 mm Edge 200 175 mm 37 mm 175 mm
Security with Passion
www.endian.comSuccess Story: Instrumentation Laboratory (IL)
The company:
Instrumentation Laboratory (IL) is a Spanish company belon-ging to the Werfen Group.
The Whole group has branches almost in every country of the world, more than 4000 employees and grosses over than 1 billion dollars.
IL’s core business is the production and distribution of machi-nery for clinical analysis (critical care, hemostasis, clinical chemistry and auto immunology).
The requirement:
Real-time monitoring of devices located in the users facilities, remote support and care.
The solution:
• Simple, stable and bidirectional VPN, to allow central management access (for daily logs exchange) • Customer support portal – central system connection via API
• Extremely granular management of access permissions (single user or groups) • Automatic remapping to resolve IP overlapping
• 3G or WiFi connection to in-field devices
Endian – a complete security solution:
Every end user is provided with an Endian 4i 200 appliance; the ideal VPN solution for branch offices and secure endpoint router for controlled temperature environments. The SSL VPN client is easy to configure and supports all the main platforms (Microsoft Windows, Mac OS X & Linux). Programmable Logic Controllers (PLC) are remotely monitored through it. This enables tools measurement, mulfunctioning scanning and troubleshooting. Mobile access is enabled via iOS and Android devices, with no need to install third party software.
The central management component, Endian VPN Switchboard, has been installed on an Endian Virtual Firewall. Through its web interface, IL is able to to manage technicians, partners‘ and end users‘ remote access to machinery, providing them with different and granular permissions.
The Switchboard also integrates with IL‘s customer support portal, a central management system connected via API, allowing direct access and intervention to engineers and technicians. Alternatively, the link can be made through 4iConnect, the VPN Switchboard client.
Using the VPN Switchboard USB Provisioning tool, each Endian appliance is easily configured for quick deployment. This allows IL to efficiently set-up virtually thousands of Endian devices for central/remote management access to their diagnostic equipment around the world, while connecting the gateway to the central system with the chosen configuration settings.
14
Our Value Proposition
The number of connected devices both corporate and private is increasing every day. If not properly managed, these devices can become exposed to malicious Internet attacks, resulting in a potential breach in your system.
To prevent this, your environment needs protection. What you do need is a simple solution that does not add complexity to the way in which users access the network.
Endian 4i was designed to be the most secure and easiest to use industrial VPN solution for businesses of any size, allowing your company to connect and protect it‘s critical assets.
Security with Passion
www.endian.comAbout Endian
Endian Timeline
• 2003: Endian formation
• 2004: Endian team begins working on the UTM solution
• 2005: First professional and commu-nity Endian release launched. Endian sells its first appliance in Italy.
• 2006: Endian integrates HotSpot functionality
• 2007: Endian hits over 100,000 downloads of the community version
• 2008: Endian US formation. Endian signs exclusive distributor in Australia. Endian experiences 260% growth and ships over 1,000 units in a single year.
• 2009: Endian Deutschland formation and release of v2.3. Endian now distributed in over 50 countries.
• 2010: Over 5,000 units sold. v2.4 released.
• 2011: New Endian Mini (first to use ARM technology) is released. Endian begins business development in Turkey.
• 2012: Endian releases the 4i (For Indus-trial) appliances and reaches 1.2 million downloads of the community version.
• 2013: Endian releases v3.0
Endian was founded in 2003 in Appiano, Italy by a team of experienced net-work specialist and Linux enthusiasts. Endian’s goal and mission were immedi-ately clear: to create sophisticated Unified Threat Management (UTM) solutions
using the power of open source technology.
Just two years later, Endian reaches a significant milestone; the first version of Endian is ready to be distributed. The same year the community version was released and greeted with immediate success. The number of downloads to date is staggering, more than 1.2 million since its initial release.
Meanwhile, the Endian team continues studying and integrating new features into the product portfolio. The HotSpot becomes the company’s unique and
di-stinguishing feature. As a result, Endian is able to help hotels (and other busi-nesses looking to offer wireless guest access) better serve their clients all over the world!
Endian’s UTM solutions start emerging in the European and extra EU security markets. By year 4, the company steadily establishes itself in Germany, USA,
Turkey and Japan and deployed in over 50 countries.
After consolidating its position in the UTM landscape, the next challenge for Endian presented itself; secure SCADA systems. The Machine to Machine (M2M) market experiences a critical moment as the number of attacks rise significantly. In response, in 2012 Endian Launches the 4i Edge product line, enabling the company to serve the immediate needs of the industrial and control markets. 2013 opens with an exciting announcement; Endian and open source
repor-ting company ntop, agree in principle to a partnership. Shortly after, the VPN
Switchboard is released which revolutionizes how large networks manage their VPN users and devices.
Endian enters its 10th year with a new logo and website redesign, a symbol of their commitment to face and overcome these new security challenges without adding complexity to how users interact with their networks. Endian continues to prove that
© 2013 Endian SRL. Subject to change without notice. Endian and Endian UTM are trademarks of Endian SRL. All other trademarks and registered trademarks are the property of their respective owners.
Endian International Tel: +39 0471 631 763 E-mail: [email protected] Endian Italia Tel: +39 0471 631 763 E-mail: [email protected] Endian Deutschland Tel: +49 (0) 8106 30750 - 13 E-mail: [email protected] Endian US Tel:+1 832 775 8795 E-mail: [email protected] Endian Japan Tel:+81 3 680 651 86 E-mail: [email protected] Endian Turkey Mobile +90 (0) 539 336 59 42 E-mail: [email protected]
