Product Service

Special Topics in Security

Security Research

About Us

About Topsec

China's leading cyber security, big data and cloud service provider

Learn about Topsec

Company Profile

Contact Us

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference.

Topsec Industrial Firewall System

In-depth analysis of industrial control protocols | Behavior control | High stability | High reliability

Overview

Topsec Industrial Firewall System (TopIFW) is a border security protection product designed for the production intranet environment of industrial Internet. It is developed based on an industrial-grade full-parallel and multi-core processing architecture platform and an NGTOS system with independent intellectual property rights. It integrates the security functions such as access control, in-depth industrial protocol resolution, whitelist policy management, self-learning, industrial control intrusion prevention, antivirus, intelligent bypass, and DDoS attack protection. TopIFW can protect the production intranets against unauthorized access, unauthorized operations, intrusion attacks, virus infections, DDoS attacks and other security threats, improving the overall cyber security protection capability and ensuring the continuous and stable operation of production business.

Activity & Announcement

Hot products Next Generation Firewall
Typical cases CNCC security construction project

Advantages

In-depth business protection mechanism

The whitelist-based industrial command-level "four-dimensional integration" in-depth protection technology deeply filters industrial control protocols, ensuring the safe operating of the industrial control network and control devices in three aspects: access control, business behavior and business data.

Intelligent AI protocol recognition

The built-in intelligent AI protocol recognition engine supports 70+ industrial protocols, allowing industrial enterprises to manage and control various service system applications and protocols.

Comprehensive threat defense capability

The system has built-in professional industrial control attack feature library and virus library to accurately locate the security threats in SCADA, PLC, DCS and other industrial control business scenarios, prevent the spread of security threats in time, and ensure the stable operation of industrial control systems.

Powerful network adaptability

The system supports various access methods such as IPv4/IPv6 dual stacks, TRUNK, QinQ, link aggregation, and virtual line, adapting to the increasingly complexity of industrial network environment and meeting the needs of industrial Internet service business development.

Application

Scenario

The serial access method is used between the process monitoring layer and the on-site control layer. Secure access strategies that conform to the application scenarios are made to protect security of the key control devices such as PLC, DCS, and RTU.

Issues Resolved

A 1-to-1 security protection mechanism is used to effectively identify command-level security threats based on the industrial protocol command-level "four-dimensional integration" in-depth protection technology.
Based on the network layer protection strategy, a communication whitelist is created to effectively block the communication between unauthorized hosts and key devices.
It can block DDoS attacks, prevent DDoS data packets from flowing into the controller to bring threats, and ensure the stable production of key facilities.

Scenario

The system is deployed between the production management layer and the process monitoring layer in serial access mode to achieve logical isolation between different production domains on the same level of network. The security zones can be established to avoid mutual interference and influence between zones.

Issues Resolved

By using the deep filtering and protection technology of industrial protocols, the system carries out fine-grained access control on the instructions or operations issued from the production management layer, and blocks abnormal data or illegal operations.
Create security zones, establish isolation barriers between the zones to block illegal business communications and malicious threat propagation, restrict security risks in independent areas, and reduce the overall probability of being attacked.
Support a variety of attack detection technologies, which can detect and resist scans or attacks on the process monitoring network in real time, ensuring the security and stability of the underlying business.

Scenario

Support IPSec VPN, use end-to-end connection mode, establish VPN encrypted channel from management center to remote site, and set up security protection policies at the industrial protocol command level to protect the security of data transmission and command control.

Issues Resolved

Encrypt data transmitted remotely through the VPN to ensure the security of the data transmission process.
Based on the industrial protocol command-level security access strategy, prevent spoofing attacks at the wireless layer.
Support a variety of attack detection technologies, which can detect and resist scans or attacks on the process monitoring network in real time, ensuring the security and stability of the underlying business.

Value to Customers

Security zones, key protection

According to the needs of industrial control business, properly allocate production network areas and mainly protect core production areas. Prevent attacks or malicious code infection from infiltrating different areas, and ensure the safe operation of core industrial control devices and business systems.

Comprehensive defense, threat prevention

Using the "white + black" security protection strategy and according to the needs of industrial control scenarios, locate security issues from multiple perspectives, block cyber security risks, comprehensively improve the ability of industrial production networks to resist intrusions and various network attacks, and ensure stable operation of devices.

Security management, reduce the burden

Provide various management functions, friendly user interface, and user-friendly statistical reports, greatly improving the efficiency of enterprise industrial control security management, making enterprise industrial control security management simple and easy to understand, and reducing overall O&M costs.

Success Case

Integrated monitoring system industrial control security project for a subway

There are many security threats in the network structure of the customer's integrated monitoring system. The areas are not logically separated, and the key facilities are not protected. The network is extremely prone to security threats such as intrusion attacks, virus infections, illegal access, malicious operations, and misoperations, which are major hidden dangers in the operation of the integrated monitoring system. It is necessary to deploy security protection measures at the boundary of the control center and the network boundary of the station/depot to prevent security threats from inside or outside the control system, and provide a reliable guarantee for the development of business continuity and informatization construction.

Value to Customers：: Construct the "white environment" of the integrated monitoring system network Guarantee business availability, continuity, and real-time performance Meet compliance requirements

View details

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation

Integrated monitoring system industrial control security project for a subway