- Discovery and inventory of network assets
- Plug & Protect
- Segmentation and definition of secure zones
- Firewall and definition of conduits
- Integration with event correlation systems
- Mitigation of unknown vulnerabilities in protocols and devices
Discovery and inventory of network assets
Plug & Protect
Deploying Mercury is as easy as plugging Mercury Box directly to the interface, or network switch. Once deployed, Mercury protects PLCs encrypting for all network traffic, offering:
Segmentation and definition of secure zones
Firewall and definition of conduits
Firewall is essential, as it prevents attacks from spreading between zones and devices. With Mercury, it is very easy to manage the configuration of authorized ports and traffic.
Ports can be configured as "permanent ports" or "temporary ports". This functionality is very powerful, as having the ports exposed permanently can pose a risk to the integrity of the network and devices.
Integration with event correlation systems
Mercury prevents attacks to the network, whether they are connection attempts through unauthorized protocols, network scanning, or denial of service attacks. This is down to Mercury's native encryption and firewall feature. This prevention capability can be combined with the monitoring of suspicious behavior, through centralized management of logs.
The Mercury Orchestrator server centralizes the logs of each Mercury Box. These can be integrated with SIEM monitoring tools, to detect and manage alerts as well as suspicious behavior.
Mitigation of unknown vulnerabilities in protocols and devices
Once deployed, Mercury builds an encrypted layer, protecting the industrial network. All traffic is encrypted between Mercury Boxes. As a result, all devices and protocols are hidden. Thanks to this feature, Mercury is a perfect tool for risk mitigation.
Mercury obfuscates ICS networks. This means that an attacker cannot exploit existing vulnerabilities, as he cannot obtain network information. Mercury’s encryption technology has been specially designed for ICS requirements, adding less than 2ms delay in communications. This is ideal for industrial processes, as it does not impact operations.