Mercury for EcoStruxure™ Plant Cybersecurity

Protect your OT network and communications with advanced industrial cybersecurity
Published by Enigmedia


  • Plug & Protect
  • Mercury OS
  • Quick and robust remote access
  • Centralized Management
  • Flexibility in hardware requirements
  • Threat detection and security monitoring
  • Preventing vulnerabilities by armoring the network
  • Ensure data integrity in industrial communications

Plug & Protect

Mercury ciphers are totally transparent to the industrial network. This means that Mercury adds extra security layer without changing current infrastructure or modifying its components. Deploying Mercury cipher in the field is seamless and can be done in minutes because it does not require changing any existing configuration. Mercury is vendor and protocol agnostic, ie, compatible with legacy devices and virtually any ethernet protocol.

Mercury OS

Mercury enjoys a hardened Mercury OS specifically designed for industrial network requirements, and considering “availability” as the main value to preserve. To prevent for attacks against firmware manipulation, Mercury Operating System (Mercury OS) uses a combination of security features to protect content store and allowing autostart without human interaction. Among others, Mercury OS includes:
  • Secure boot
  • Full disk encryption
  • Anti-tampering
  • Host IDS
  • OTA (over-the-air) signed firmware updates
  • Hardware watchdog
  • Alerts and logs management
  • Quick and robust remote access

    Mercury is a secure, robust and easy to deploy solution that enables remote connection via WiFi/GSM/2G/3G/LTE, compatible with interfaces, devices, and protocols and is directly applicable to any infrastructure without replacing devices or changing configurations. Mercury is configured, managed, and monitored, from Mercury Orchestrator. Thanks to its centralized console, authorized users can remotely configure temporary ports, FW settings, send copies of the traffic to SIEM/SOC or check operational status. Updates can be done remotely and completely secure. Mercury Ciphers provides a TPM, Firewall features and enforces authentication and encryption in the channel. Also have several features for preventing DoS attacks and send alerts to the SIEM if detect any suspicious behaviour in the network. Different roles are supported in order to avoid privilege escalation.
    Quick and robust remote access

    Centralized Management

    Mercury Orchestrator offers a simple and intuitive panel to configure and manage all Mercury features and ciphers remotely from a unique dashboard. These functionalities have been designed to offer the required tools to protect the network in accordance with the best practices and recommendations of IEC-62443 Norm and other organizations. The dashboard implements different roles such as administrator, engineer and operator with different capabilities. Note that tunneled devices cannot access to the configuration interface.
    Centralized Management

    Flexibility in hardware requirements

    Mercury is hardware-agnostic. Mercury allows to choose the best fitting appliance to match customers’ needs depending on project requirements (environmental, performance, budget, certification, or other criteria). Mercury has been tested and validated over Harmony products. Among others, these are some of the features covered by any of our hardware alternatives:
  • 10/100/1000 Fast Ethernet
  • Ethernet and Serial interfaces
  • POE (Power Over Ethernet)
  • Trusted Platform Module (TPM)
  • Physical by-pass
  • Wireless LAN: 2.4 GHz, 802.11b/g/n
  • Integrated 3G/4G LTE router
  • Mounting: VESA/wall/DIN-rail
  • -30ºC to 70ºC operating temperature
  • Vibration, dust, and shock ready
  • Threat detection and security monitoring

    Mercury prevents attacks to the network, whether they are connection attempts through unauthorized protocols, network scanning, or denial of service attacks. This prevention capability can be combined with the monitoring of suspicious behavior, through centralized management of logs. The Mercury Orchestrator server centralizes the logs of each Mercury Cipher. And then, these can be integrated with SIEM monitoring tools, to detect and manage alerts as well as suspicious behavior. The solution is compatible with 3rd party products such as IDS/IPS and SIEMs. Additionally, one still deploy DPI in the network without loss of visibility. Mercury approach prevents incidents, reduces complexity and standardize events to simplify correlation processes and avoid false-positive alarms.

    Preventing vulnerabilities by armoring the network

    Mercury encrypts all the traffic that goes through its appliances and distributes the info to validated end-points. Mercury is designed for ICS/OT environment and ciphers the industrial protocols adding less than 1ms. latency. Mercury provides extensive vulnerability masking, limiting the available attack surface. The end-point devices simply ignore all other unknown or unapproved access attempts. Most of the advanced attacks in OT requires to gather information from the targeted infrastructure as a first step. By cloaking the network, a malicious adversary is not able to perform such actions as she cannot attack what she cannot see. Mercury architecture encrypts and obfuscates the network while keeping the visibility to allowed users and its compatible with DPI/IDS/IPS solutions.

    Ensure data integrity in industrial communications

    Mercury ciphers implement strong authentication mechanisms such as certificates used to provide mutual authentication. A public key infrastructure (PKI) is managed according to X.509 standard. In addition, symmetric encryption schemes prevent a third party from capturing the communication in an intelligible format. Further, to ensure that the communication cannot be altered in transit without detection, security mechanisms such as hash-functions and time-stamping are used. These techniques allow us to verify data quality transmitted through the production network. Mercury ciphers include TPM (Trusted Platform Module) to store private keys and secrets. Thanks to that, hardware appliances can erase secrets and private keys in case of tamper break.
    Unauthorised background image

    Your product is just steps away!

    Register for FREE to buy, get downloads and access free trials.

    Get Resources and Start FREE Trials

    Easy Product Activation with Your Account

    Products Saved to Personal Digital Library