Thursday, 11 February 2016

Embedded protection for IoT Modbus devices.

The Floodgate Modbus Protocol Filtering product has been launched by Icon Labs.  This extension to Icon Labs’ Floodgate Security Framework adds critical protection capabilities for Industrial IoT and RTOS-based devices. 

The Floodgate Modbus Protocol filter provides the critical missing layer of security for Modbus/TCP devices.  Integrated into the device, Floodgate Modbus Protocol filtering utilizes deep packet inspection to enforce virtual network segmentation and to control packets processed based upon source network address, function code, and packet data contents.

“The Modbus/TCP protocol currently lacks any real security, making these devices sitting ducks for even moderately skilled hackers,” said Alan Grau, President of Icon Labs. “Several attempts to add security to Modbus/TCP have been proposed, but none provide a cost-effective solution for legacy devices while maintaining interoperability with the protocol standard.  Modbus packet filtering addresses this problem by enforcing policies and inserting a layer of control without changing the underlying protocol.”

Floodgate Modbus Protocol filtering is an extension of the Floodgate Firewall, an endpoint firewall solution designed for embedded and RTOS-based systems. The solution integrates with the native TCP/IP stack on the device and provides control over the packets processed by the device.  The Modbus Protocol filtering extension provides control over the Modbus packets processed by the device based upon Modbus function code, originating IP address, or Modbus packet content.  Integration with the Floodgate Agent enables detection and reporting of malicious traffic. 

“Achieving security while maintaining interoperability with legacy solutions is critical to the adoption of the Industrial IoT,” stated Warren Kurisu, Director of Product Management – Runtime Solutions, Embedded Systems Division, Mentor Graphics. “Adding a layer of protection for Modbus/TCP devices closes a critical security loophole for Industrial Automation Systems.”

Icon Labs’ Floodgate Security Framework is a comprehensive security solution for embedded devices providing security management, secure boot, intrusion detection, secure firmware updates, and an embedded firewall. These capabilities provide the building blocks for achieving EDSA certification, ISA/IEC 62443 compliance, and/or compliance with the NIST cybersecurity framework.


Icon Labs’ products provide embedded security for IoT and Machine to Machine (M2M) solutions such as aerospace, military and space probes, industrial and medical control devices, and consumer electronics products. The Floodgate Security Framework provide a “defense in depth” solution to protect control units and endpoint devices from cyber threats, aid in compliance with regulatory mandates and guidelines, and gather and report command, event and device status information for audit requirements.

No comments:

Post a Comment