Mercury Orchestrator

Protect your OT network and communications with advanced industrial cybersecurity
Published by Enigmedia


  • Secure remote access and connections
  • Asset discovery and inventory
  • Perimeter protection and segregation
  • Firewall and definition of conduits
  • Threat detection and security monitoring
  • Preventing vulnerabilities by armoring the network

Secure remote access and connections

Mercury is a secure, robust and easy to deploy solution that enables remote connection via WiFi/GSM/2G/3G/LTE, compatible with interfaces, devices, and protocols and is directly applicable to any infrastructure without replacing devices or changing configurations.

Mercury is configured, managed, and monitored, from Mercury Orchestrator. Thanks to its centralized console, authorized users can remotely configure temporary ports, FW settings, send copies of the traffic to SIEM/SOC or check operational status. Updates can be done remotely and completely secure.

Mercury Ciphers provides a TPM, Firewall features and enforces authentication and encryption in the channel. Also have several features for preventing DoS attacks and send alerts to the SIEM if detect any suspicious behavior in the network. Different roles are supported in order to avoid privilege escalation.

Thanks to the temporal firewall rules and different roles, plant operators can grant access to maintenance providers in a secure, compliant and auditable way. Note that tunneled devices cannot access to the configuration interface.
Secure remote access and connections

Asset discovery and inventory

Mercury Orchestrator includes an Assets Discovery and Inventory software that:

  • Identifies network elements
  • Provides a network diagram
  • Discovers IP and communications between devices
  • Categorizes network assets
  • Helps to identify vulnerabilities

  • Mercury software is extremely intuitive and easy to use. No ramp-up or costly training is required to obtain benefits.
    Mercury is fully compatible with third party IDS/IPS and other inventory softwares.
    It is possible to use them with full functionality but for a proportion of the cost and enhancing network security thanks to Mercury’s security features.
Asset discovery and inventory

Perimeter protection and segregation

Users can easily define network segments and secure zones from the Mercury Orchestrator control panel.

Users can configure what devices will be part of a specific zone, which ones are authorized to communicate with others and what will be the authorized protocols.
Perimeter protection and segregation

Firewall and definition of conduits

Firewall is essential, as it prevents attacks from spreading between zones and devices. With Mercury Orchestrator, it is very easy to manage the configuration of authorized ports and traffic.

Ports can be configured as "permanent ports" or "temporary ports". This functionality is very powerful, as having the ports exposed permanently can pose a risk to the integrity of the network and devices.

Firewall and definition of conduits

Threat detection and security monitoring

Mercury prevents attacks to the network, whether they are connection attempts through unauthorized protocols, network scanning, or denial of service attacks. This prevention capability can be combined with the monitoring of suspicious behavior, through centralized management of logs.

The Mercury Orchestrator server centralizes the logs of each Mercury Cipher which can be integrated with SIEM monitoring tools, to detect and manage alerts as well as suspicious behavior.

The solution is compatible with 3rd party products such as IDS/IPS and SIEMs. Additionally, one still deploy DPI in the network without loss of visibility.

Mercury approach prevents incidents, reduces complexity and standardize events to simplify correlation processes and avoid false-positive alarms.

Preventing vulnerabilities by armoring the network

Mercury encrypts all the traffic that goes through its appliances and distributes the info to validated end-points.

Mercury is designed for ICS/OT environment and ciphers the industrial protocols adding less than 1 ms latency. Mercury provides extensive vulnerability masking, limiting the available attack surface. The end-point devices simply ignore all other unknown or unapproved access attempts.

Most of the advanced attacks in OT requires to gather information from the targeted infrastructure as a first step. By cloaking the network, a malicious adversary is not able to perform such actions as she cannot attack what she cannot see.

Mercury architecture encrypts and obfuscates the network while keeping the visibility to allowed users and its compatible with DPI/IDS/IPS solutions.
Unauthorised background image

Your product is just steps away!

Register for FREE to buy, get downloads and access free trials.

Get Resources and Start FREE Trials

Easy Product Activation with Your Account

Products Saved to Personal Digital Library