The Bayshore IT/OT Gateway™ unlocks the power of the Industrial Internet by connecting OT data to industrial applications.
The Bayshore IT/OT Gateway provides IT with visibility into OT processes, applications and data. It prevents disruptions and enhances operational efficiency and continuity. The Gateway’s patented policy engine provides deep, granular filtration of OT data and application content and automatic transformation and interpretation of OT data into advanced analytics. The Gateway delivers value in the following areas:
- It ensures employee safety in production zones. Bayshore safety policy (tailored by each customer) is automatically generated and easily enforced.
- With Bayshore’s extensive industrial domain knowledge, it provides IT with complete visibility into operations and access to analytics.
- It supports all popular industrial protocols and easily adapts to proprietary protocols.
When it comes to OT security and safety, the Bayshore IT/OT Gateway has proven to provide significant advantages over IT firewalls:
- It is policy-based rather than configuration based. The predicate-based policy language is based on XML, so it can quickly adapt to proprietary protocols and new protocols.
- It enforces policy based on content awareness rather than meta data. It provides granular inspection and filtration of content all the way down to machine transaction and data value levels, much deeper than any firewall.
- Off the shelf, it includes years of domain intelligence on the leading industrial protocols and applications — Modbus TCP, DNP3, and EtherNet/IP, to name just a few.
IT/OT Gateway vs. IT Firewalls
Next-generation firewalls, which are rules-based, signature-based and appID-based, won’t scale to protect your OT environments. Because the Bayshore platform is based on a high-performance, intuitive, and extremely granular policy development and enforcement engine, it scales to secure the world’s largest OT networks.
Compared to firewalls, Bayshore is able to scale with OT networks by providing a policy-based platform as opposed to configuration-based; and by providing content-aware controls rather than network-based controls.
By deploying at the IT/OT convergence point, the Gateway captures all network flows, providing a complete security picture. As shown in the diagram below, it is able to provide IT departments with unprecedented visibility into their OT environments. At the same time, it provides OT departments with access to IT applications such as advanced analytics, which were previously not accessible.
The Gateway provides extremely granular content inspection at Layers 3, 4 and 7, which is necessary for OT content filtering, network segmentation, and machine isolation. It can filter OT traffic to identify the actual machine operations commands and transaction values. With its inherent understanding of industrial protocols, it can identify machines by the type of application traffic they are sending and receiving.
The Bayshore Pallaton policy language, which is included with every IT/OT Gateway is state-of-the-art. It is XML-based for easy extensibility, which enables it to quickly adapt to any proprietary protocol in an IT or OT environment. Bayshore offers an expanding library of policies for security, operations, safety and compliance. Because it is predicate-based, Bayshore policy is rapidly customizable to the specific context of each OT network. Additionally, Bayshore can import and enforce third-party policies.