An IDMZ (Industrial Demilitarized Zone) box is a security solution used in industrial networks to ensure secure and highly available communication between enterprise systems (IT) and operational technology (OT). It plays a crucial role in protecting critical industrial control systems and minimizing safety risks in a production environment, so safety also benefits greatly from this approach.
The IDMZ box enables communication between IT and OT without exposing the control systems to the vulnerabilities of the IT network. It enables the secure use of useful services such as SFTP (Secure File Transfer Protocol) and WSUS (Windows Server Update Services). It also facilitates passive network monitoring, log collection and can be used for secure communication between IT and OT in general.
We know that it can be challenging and sometimes painful for organizations to design and deploy an IDMZ within their existing OT infrastructure. CyberShield takes this burden off your shoulders from the beginning to the end of the project with qualified and certified specialists.
The IDMZ box consists of a customizable menu card-style firewall protection that separates your industrial network from the IT network. It can be equipped with up to four hardened firewalls, with one pair providing limited communication with the IT network in a redundant configuration and the other pair providing secure communication with the OT environment. Network traffic cannot bypass these firewalls, ensuring that there is no unauthorized communication between IT and OT.
The protection provided by the firewall rules, which are configured specifically for the customer’s specific requirements, can be further enhanced with advanced threat detection and DoS protection.
The IDMZ box enables security monitoring with a variety of logging functions such as syslog, email, SMS or SNMP. Integration with other security products such as Microsoft Defender for IoT is also possible. The IDMZ box is fully customizable, it is adapted to the needs of the customer and delivered according to his wishes.
An IDMZ is not just for critical infrastructure; any industry can benefit from proper separation. Nowadays, there is no need for a stand-alone solution, which is impossible anyway.
- Hardened devices from the start.
- Environment-specific firewall rules.
- Threat detection and DoS protection.
- Customizable menu card style
Special features of the product:
A menu of selectable firewall deployment scenarios and security features such as high availability, authentication, threat detection, etc. is presented to the customer, and additional features can be added as needed. A detailed analysis of traffic requirements and suitable firewall functions is performed by our specialists. The iDMZ-Box can also be adapted to unconventional scenarios.