secure xchange network

Hardware-Based-Security

Provide your critical network with the highest end-to-end security.

Seclab offers a unique very high level of security for your network exchanges (IT/OT) by simple interposition (plug and play) of a configurable electronic unit Sec-XN.

Sec-XN provides insulation between 2 networks

Installing Sec-XN in your infrastructure allows to you:

  1. Isolate and hide two networks however interconnected;
  2. Secure flows;
  3. Secure your file transfers.

One example addressed by Sec-XN is the connectivity between two networks with need from the shop floor to remote operations (e.g. for program updates), data capture & consolidation, new-gen SCADA system. Connecting the shop floor to traditional Information Technology (IT) networks may introduce threats of varying impact.

Sec-XN removes most of those threats and enable other security products such as next gen firewalls to add even more security while being themselves protected from network attacks thanks to the Secure eXchange Network product.

This approach enables our customers to either burn once-for-ever a configuration, or change it using the tooling provided to our channels.

General Features

  • governance: Sec-XN is used to segregate IT and OT networks. So each administrator keep their own governance;
  • resilience: by destroying OSI transport layers.

Security Features

Prevention from:

  • scans;
  • 0-days attacks;
  • attacks on transport layers up to all OSI layers.

Prevents network routes other than predefined (approach of hardware- based ACLs).

Seclab Secure XChange Network makes network discovery impossible.

Functional Features

File Transfer:

  • Software and firmware secure updates;
  • Operational Technology updates.

Other features:

  • Log transfers;
  • Industrial Processes Supervision;
  • Database Replication.

Performance

Secure Xchange Network can deal with the busiest OT networks, protecting traffic up of multiple 100’s of Mbps over its 1G Ethernet ports.

Delivery Model

Secure Xchange Network is sold as an Appliance equipped in standard with 2 Ethernet ports (plus 2 for management). It fits into a 9” rack and includes 2 power supplies.

An optional hardware module for secured-file- transfer layer-7 analysis (also capable of checking certificates) can be added for the use-case of DSSN (Digital Software Supply Networks) where a company wants to enable a robust & secure program updates of remote machines distributed over the Internet.