SCADAfuse for GE Digital’s iFIX Adds Another Layer of Network Protocol Protection
Bayshore Networks, a leading provider of industrial cybersecurity protection, today announced its SCADAfuse appliance now supports GE Digital’s iFIX software proprietary protocols. Bayshore Networks collaborated with GE Digital to add a new layer of network security for six proprietary protocols used on the networks on which iFIX nodes, clients, and drivers operate.
Bayshore’s SCADAfuse is an automatically configured, industrial firewall appliance with a proprietary intelligent Intrusion Prevention System (IPS) and policy engine, designed for easy deployment and use by automation engineers. It is a physical device that sits in front of critical endpoints, creating an enhanced secure zone for the PLCs and other industrial assets behind it. The SCADAfuse appliance automatically analyzes industrial network traffic, proposes its own firewall rules, enforces normal operations for each plant environment, and actively reduces threats to OT assets in real-time, now with native support for iFIX’s version 6.0 protocols.
“Industrial companies now have an opportunity to easily and efficiently add additional security controls and policy enforcement through the SCADAfuse for iFIX appliance,” said Toby Weir-Jones, Bayshore Network’s Chief Product Officer. “We are honored to be working with GE Digital and its reseller channels to bring this solution to customers.”
iFIX enables plant operators to pinpoint and address issues that impact productivity and gives visibility into operations for smarter OT and IIoT decision-making, increased efficiency, faster troubleshooting and reduced downtime. iFIX is the Human Machine Interface (HMI) and Supervisory Control And Data Acquisition (SCADA) system communicating with critical process control systems such as PLCs, VFDs, and other assets.
“Security is always top of mind for HMI/SCADA customers as they consider how to share mission critical process control data with other business initiatives,” said Scott Duhaime, iFIX Senior Product Manager at GE Digital. “We are pleased that Bayshore Networks has incorporated iFIX protocols into the SCADAfuse product to provide additional network security to iFIX customers who require it.”
Bayshore began working with GE Digital in 2019 to adapt SCADAfuse to support iFIX. Bayshore’s proprietary protocol inspection and policy enforcement engine was adapted to support iFIX protocols. Core Bayshore technology has already been in use during the past seven years with a number of large industrial customers. Units are now available from Bayshore directly, and through various GE Digital resellers registered with Bayshore.
Evolving security best practices call for protections at both the application level and the network level. iFIX is robust at the application level, but it is application software which runs on Windows workstations and generic IP networks. iFIX is not, in and of itself, a networking product and cannot mitigate unauthorized network communications. Therefore best practices suggest that any production environment should augment the network where iFIX resides with additional network level security tools.
SCADAfuse iFIX is specifically designed to provide network security for iFIX 6.x installations. It is the only product in the market which provides native deep packet inspection of six proprietary GE iFIX protocols and enables automated, real-time protection. SCADAfuse alleviates the cost of hiring a team of security specialists to monitor and continuously triage a flood of alerts on anomalies and eliminates the delay required for manual review of security risks before any response to a threat can be taken.
SCADAfuse iFIX provides five separate security controls to protect iFIX standalone, SCADA, and view nodes as they interact with each other and the broader OT/IT network. The following table outlines the five security controls and the risks they address.