by Gary Mintchell | Mar 31, 2025 | Networking, Security
More news from ODVA at Hannover. Following a presentation by a cyber security researcher at the annual meeting, everyone agreed that implementing CIP Security was a must have.
ODVA announced that a new pull model for configuration data is now available for CIP Security, the cybersecurity network extension for EtherNet/IP. This new profile is in addition to the existing pull model for CIP Security certificates which allows for efficient distribution of device authenticity information.
The CIP Security pull model for configuration information will allow for parameters in JSON format to be automatically available for EtherNet/IP network-capable devices. This new configuration data will make it possible for non-CIP devices, such as mobile phones and tablets, to access secure EtherNet/IP information and for hierarchical metadata to be more readily available. CIP Security now includes a pull model for configuration data and device certificates along with security properties, including a broad trust domain across a group of devices, a narrow trust domain by user and role, data confidentiality, device and user authentication, device and user identity, and device integrity.
The CIP Security pull model for configuration defines a file encoded format for delivering CIP Security configuration as well as a mechanism for a device to pull or query this configuration. The pull model for configuration is valuable when the traditional CIP object/server/attribute mechanism of delivering the CIP Security configuration is not appropriate. Use cases for the new CIP Security pull model for configuration include software that does not have CIP target functionality, such as with a mobile device application and with devices that are on a private network with Network Address Translation (NAT) that has configuration software on the public network. Additionally, the pull model for configuration can help improve device replacement by being able to automatically provide the needed communication configuration on top of automatically pulling the certificate. The CIP Security pull model for configuration can be delivered via a JSON file, which provides the advantage over the CIP object/service method of decoupling the configuration from the transport. The CIP configuration information structure is still retained when using a JSON format. The JSON file also includes a digital signature that allows for authenticity of the data, independent of the transport over which it is delivered.
“The addition of a CIP Security pull model for configuration makes it easier to replace devices to minimize downtime and allows for configuration data to be automatically provided to mobile devices and devices on a private network,” said Dr. Al Beydoun, President and Executive Director of ODVA. “CIP Security development is a continuous effort to help deter bad actors from accessing EtherNet/IP networks that enable efficient production in critical industries across the world.”
The importance of cybersecurity continues to grow as more devices than ever before are being connected by users to the network via wireless and Single Pair Ethernet (SPE) technologies. Additionally, the connection of the device level network to ERP and cloud systems to take advantage of the latest Artificial Intelligence (AI) analytics to optimize operations means that a defense in depth approach that includes device level security is imperative. CIP Security already takes advantage of robust, proven, and open security technologies, including TLS and DTLS for secure transport, hashes or HMAC as a cryptographic method of providing data integrity and message authentication, X.509v3 digital certificates, OAuth 2.0, and, OpenID Connect for authentication, and encryption to prevent reading or viewing of EtherNet/IP data by unauthorized parties. CIP Security now includes a pull model for configuration data to enable mobile device and private network connectivity along with improved device replacement. CIP Security is a robust device level security protection for EtherNet/IP that can help vendors and end users to prepare for regulations such as the European Union Cyber Resilience Act (CRA) and to achieve compliance with security standards such as IEC 62443. Visit odva.org to obtain the latest version of The EtherNet/IP Specification including CIP Security.
by Gary Mintchell | Mar 11, 2025 | Security
Rubrik has announced new capabilities to its cyber resilience offerings across cloud, SaaS, and hypervisors including Oracle Cloud Infrastructure, RedHat OpenShift, and more. Its new Identity Recovery for Active Directory and Entra ID addresses the key vulnerability to business operational recovery.
The innovations aim to provide customers with even more ability to anticipate breaches, detect potential threats, and recover with speed and efficiency no matter where their data lives.
Here is a list of new products.
Cloud Posture Risk Management (CPR): CPR addresses the lack of data visibility by automatically discovering and inventorying cloud data assets and identifying unprotected or sensitive data. CPR helps organizations make informed backup decisions and strengthen their overall backup posture by protecting only what truly matters, reducing risk and unnecessary costs.
Oracle Cloud Protection: Rubrik Security Cloud (RSC) is planned to support data protection for Oracle Cloud Infrastructure (OCI) —beginning with Oracle Cloud VMWare (OCVS) workloads and self-managed Oracle DB workloads operating OCI VMs. The solution is designed to enable customers to safeguard their cloud-based environments with the same robust, unified backup and recovery capabilities they rely on for other cloud and on-premises data.
Expanding Data Protection to PostgreSQL: Rubrik recognizes the critical importance of fortifying data defenses across all platforms. According to a recent Rubrik Zero Labs report, attackers are targeting backups in 96% of cyberattacks. By extending coverage to PostgreSQL, Rubrik ensures that one of the world’s most popular open-source databases thrives in the face of evolving digital threats. The comprehensive data security solution provides organizations with the assurance of maintaining data backup, availability, and recoverability.
Red Hat OpenShift Virtualization Data Protection: Sixty-percent of enterprises have adopted Kubernetes, emphasizing the critical need for cyber resilience solutions for their critical workloads. Rubrik’s new OpenShift support marks a significant step in securing these environments with comprehensive, automated, and immutable backups that deliver fast recovery from cyber incidents. Businesses have the flexibility to choose virtualization platforms for critical business processes without compromising manageability or cyber resilience.
Azure DevOps and GitHub Backup: For organizations using continuous integration and continuous development to accelerate innovation, Rubrik now protects Azure DevOps and GitHub with cyber resilient automated backups, granular recovery, extended retention, and robust compliance coverage for critical data stores.
Rubrik Cloud Vault (RCV) for Amazon Web Services, Inc. (AWS): RCV reduces the complexity and cost of managing a highly secure off-site archival location, with flexible policies and/or regions. RCV features immutable, isolated, logically air-gapped off-site backups combined with role-based access controls, advanced encryption, and retention locks to provide unparalleled confidence in data recovery.
Security and Resilience for Microsoft Dynamics 365: Rubrik’s enhanced protection for Microsoft Dynamics 365 aims to ensure businesses can secure their critical operational and customer data within a unified platform.
Sandbox Seeding for Salesforce: An intuitive user experience designed to allow users to select objects and records depending on specific criteria. This process aims to prevent seeding errors by thoroughly analyzing data selection size versus destination size availability before moving data to the sandbox environment. The goal of this solution, planned for 2025, is to save queries for future repetitive use, further expediting the sandbox seeding process.
With the introduction of Identity Recovery, Rubrik delivers the industry’s most comprehensive, automated, and secure solution for protecting hybrid identity environments across Entra ID and Active Directory (AD). Identity Recovery includes orchestrated Active Directory Forest Recovery to rapidly and cleanly restore entire identity environments – eliminating manual complexity and reducing downtime.
Advanced Security Features for Azure & Amazon Web Services, Inc. (AWS): Leveraging advanced machine learning and automation, new capabilities available today include Anomaly Detection, Data Discovery and Classification, and soon, Threat Hunting and Threat Monitoring. These capabilities are designed to work together to proactively detect and mitigate cyber threats, accelerate recovery, and ensure sensitive data remains protected and compliant.
Orchestrated Recovery for Azure VM: Rubrik is planning to extend its Orchestrated Recovery capabilities to the cloud beginning with Azure VM. By enabling customers to automate recovery sequences, schedule regular test recoveries, and generate comprehensive recovery reports, the solution is designed to reduce complexity and minimize the potential for human error.
Turbo Threat Hunting: Unlike traditional methods that scan one object at a time or require navigating multiple panes of glass, Turbo Threat Hunting scans at scale by leveraging pre-computed hashes stored within Rubrik’s metadata. This eliminates the need for file-by-file scanning, allowing organizations to rapidly pinpoint the exact recovery points free from malware or other threats within seconds — even in the most complex data environments. Internal testing found Turbo Threat Hunting scans 75,000 backups in less than 60 seconds.
Enterprise Edition for Microsoft 365: Delivering enterprise-grade security and resilience for Microsoft 365, Rubrik expands its capabilities for organizations to rapidly detect, respond to, and recover from attacks. New capabilities available for Microsoft 365 include Sensitive Data Discovery, which identifies and protects high-risk data before an attack happens, and Prioritized Recovery, which restores critical data first for fast operational recovery. Coming soon, Rubrik’s customers using Enterprise Edition for Microsoft 365 will also be able to add Anomaly Detection, Threat Monitoring, Threat Hunting, and Self-Service Recovery capabilities.
by Gary Mintchell | Mar 10, 2025 | Security
Om Malik recently posted a rant about how unfriendly consumer IoT is to its customers. The goal of almost all suppliers centers on sucking up as much consumer behavior as possible while preventing competitors from interoperating. I may have more on that later.
The rant came my way the day before this news item relating to security of connected devices in manufacturing. Reading Malik’s column, I wondered about the entire manufacturing IoT ecosystem—interoperability, ease of use, ease of adding new device, and, of course, security. In our case it’s not only suppliers sucking data from our systems, it’s also industrial espionage and attacks from outside.
This news discusses how three companies came together recently to devise a solution advance.
CyberArk and Device Authority, in collaboration with Microsoft, have launched a solution that strengthens and scales connected device authentication to enterprise applications with Zero Trust principles. It helps manufacturers reduce cyber risk from connected devices in factory floors and edge environments with robust identity security, automated access management and device lifecycle protection.
The manufacturing industry is rapidly transforming to digital, driven by the coming together of the Internet of Things (IoT) and Operational Technology (OT), with countless devices connected to optimize operations. Each connected device potentially introduces new cybersecurity vulnerabilities. The NIST reference architecture for IoT, introduced in May 2024, provides a structured approach to secure onboarding, continuous device management and threat monitoring across the device lifecycle. The collaboration between Microsoft, CyberArk and Device Authority helps organizations translate this framework into practical, scalable solutions.
Each partner brings essential capabilities to this end-to-end solution architecture for NIST compliance.
- Through Microsoft Azure IoT and Defender for IoT, Microsoft enables secure, scalable device management and real-time monitoring. The cloud-edge integration ensures consistent device security, even in remote, air-gapped environments.
- CyberArk’s modern privileged access management capabilities restrict unauthorized human access to critical devices and systems, enforcing user and device security policies without the need for time consuming, error-prone manual human intervention.
- Device Authority automates secure device onboarding, identity credentialing and encryption, minimizing human error, accelerating incident response and maintaining data integrity through the connected ecosystem.
Further reading
Learn about the importance of protecting your IoT and OT devices from cyber threats.
Learn more about the joint solution with CyberArk, Device Authority, and Microsoft.
by Gary Mintchell | Mar 4, 2025 | Security
News on the cybersecurity front. This component can now be deployed in Class 1 Div 2 environments.
]OPSWAT announced its MetaDefender Optical Diode Din Rail version has achieved Class 1 Division 2 (C1D2) certification. The MetaDefender Optical Diode offers unidirectional data flow, ensuring that sensitive networks remain isolated from potential threats originating from less secure, lower-level networks.
by Gary Mintchell | Feb 21, 2025 | Security
Schneider Electric news from the recent Orlando conference.
Schneider Electric announced new (operational technology) OT cybersecurity functionality for SCADAPack 470i and 474i. Critical infrastructure customers can now securely manage RTU access in harsh environments as easily as they can manage their employees’ email access.
Cyber threats to water and oil and gas pipelines continue to grow. So, controlling access to RTUs in remote and harsh environments is vital to OT security. Yet, managing this can be dangerous and time intensive. The SCADAPack 470i and 474i provides one smart device for all remote control and computer operations. This way, customers can securely manage RTU access using standard IT tools, such as Active Directory, in OT security, including water security and pipeline security.
The combination of a rugged RTU platform with the flexibility of Linux ensures a single SCADAPack 470i or 474i can host edge services, protocols, and applications for efficient OT security for all remote control and computer operations.
SCADAPack 470i and 474i’s role-based access control (RBAC) features also aid in edge cyber regulation compliance. The SCADAPack 47xi integrates with standard IT and OT security tools with support for IP firewall, NAT, DNP3 secure authentication, and more.
by Gary Mintchell | Jan 3, 2025 | Security
OPSWAT Acquires Leader in Advanced Data Diode Technology to Strengthen Cyber Defenses for Critical Infrastructure
Cybersecurity was a top topic for the past couple of years. I anticipate it being a top topic for the foreseeable future. One sub-trend has been market consolidation through acquisition. This news concerns OPSWAT acquiring Fend Inc. to broaden their offering in the Data Diode technology space.
OPSWAT announced its acquisition of Fend Incorporated. Fend is a pioneering data pipeline and cybersecurity company dedicated to securing operational technology (OT) against cyber threats, ransomware, and other evolving risks. Based in Arlington, Virginia, Fend is known for its expertise in protecting U.S. government agencies, utilities, oil and gas, manufacturing, and other critical industries where air-gapped environments are essential for defense against cyber incidents. The announcement establishes OPSWAT as providing the most comprehensive variety of Data Diodes and Unidirectional Gateways in the industry that utilizes proprietary technology like Multiscanning with up to 30 anti-virus engines, Deep CDR for zero-day threats, Sandboxing, and Proactive DLP technologies prevent sensitive data leakage.
Fend’s data diode technology creates a secure one-way communication channel, allowing data to flow from one network to another while physically blocking reverse transmission. This hardware-based approach is valued in high-security environments like defense, industrial control systems, and critical infrastructure, where preventing external access is paramount. Originally reserved for sensitive applications such as nuclear power plants, data diode technology has evolved to become more accessible and affordable, making it a practical solution for industries that require secure online monitoring and predictive analytics. With benefits such as increased operational efficiency, reduced unexpected downtime, and improved staff productivity, Fend’s data diodes offer protection across diverse industrial sectors.
Previous acquisition:
OPSWAT’s industrial OT offerings significantly expanded with its 2021 acquisition of Bayshore Networks. The acquisition of Fend further enhances OPSWAT’s capabilities in both centralized and distributed deployments, providing true cross domain security with connectivity to our MetaDefender Kiosk and MetaDefender Managed File Transfer to help secure solutions for remote assets and smaller facilities, such as water utilities, which have large numbers of endpoints at the edge that still require high security. Fend’s comprehensive connectivity options—accommodating Ethernet, cellular, and even serial connections for older networks—will enable OPSWAT to meet both the demands of emerging technologies such as 5G and Industry 4.0 and the vast landscape of legacy infrastructure around the world. To see the comprehensive options of OPSWAT’s variety of data diodes and unidirectional gateways, you can view the product comparison chart here.
