Fortinet today announced several updates to its operational technology (OT) security platform, including a new industrial Ethernet switch, an access point for hazardous OT environments and a wireless gateway for use in vehicle deployments.
Networking switch for harsh outdoor deployments
The new FortiSwitch Rugged 424F is designed for deployments in harsh outdoor environments, especially for digital substations and the power utility industry. Fortinet claims that this industrial Ethernet switch supports real-time OT networking protocols and integrates with the FortiGate next-generation firewalls (NGFWs) for security and access control.
“For digital substations, the key requirements are ruggedization: high electrical immunity and fanless operation at extreme temperatures; redundancy protocols for the network MRP [media redundancy protocol], HSR [high-availability seamless redundancy], PRP [parallel redundancy protocol] and protocols to support precise timing — IEEE 1588 PTP [precision time protocol] — for the substation equipment,” Nirav Shah, VP of products and solutions at Fortinet, told SDxCentral in response to questions.
The switch also offers the Power over Ethernet (PoE) capability, which simplifies the installation of cameras, sensors and wireless access points in the network and reduces the overall network total cost of ownership, according to the security vendor.
Access point for hazardous OT environments
The new FortiAP 432F Access Point meets the Class 1, Division 2 requirements defined by the National Electric Code (NEC) in the U.S., used for the design and installation of electrical equipment in hazardous environments.
The product is the expansion of Fortinet’s IP67-rated access-point line that is designed to segment industrial Wi-Fi networks to prevent attacks from spreading across unprotected devices and systems and enable additional deployments in industries such as oil and gas.
“OT customers already deploy FortiAP outdoor models in shop-floor environments. [And] this model and its Class 1, Division 2 requirements for use in hazardous OT environments certifications allow them to extend Wi-Fi access to environments that may have explosive substances present, like oil refineries, pipelines and chemical plants,” Shah said.
Wireless gateway meets AT&T FirstNet requirements
Fortinet also unveiled the new FortiExtender Vehicle 211F wireless gateway, which is a semi-ruggedized mobility solution designed for connected fleets, mobile systems, and OT deployments.
The ruggedized wireless WAN extender can offer cellular and Wi-Fi connectivity in a single vehicle-mounted form factor for a variety of mobile applications. These use cases include public safety/first responders, transportation, logistics or travel-industry vehicles.
For example, the FortiExtender Vehicle 211F is designed to meet the requirements of the AT&T First Responder Network Authority (FirstNet) wireless communications network. FirstNet is a nationwide, high-speed broadband communications platform for first responders and the extended public safety community. It is built with AT&T in a public-private partnership with FirstNet.
“The AT&T FirstNet capable device with support for LTE Band 14 network which enables public safety and first responders access to prioritized, dedicated bandwidth to support their communications needs during critical incidents,” Shah said.
Fortinet’s OT security platform
The Fortinet OT Security Platform is part of its Security Fabric that pairs its software with hardware running on its custom ASICs and comprises over 50 products across networks, endpoints and clouds.
“The Fortinet OT Security Platforms provides industrial-built solutions for network security, zero trust and security operations all supported by AI- [artificial intelligence] powered OT threat intelligence whereas our competitors tend to focus on one area or even one hardware or software solution,” Shah said.
Fortinet’s software OT security services include FortiOS updated with the OT View dashboard to correlate and display important OT data; FortiAnalyzer including OT-specific analytics, risk, and compliance reports; FortiNDR that can analyze more than 15 different OT-network protocols; the FortiGuard OT Security Service covering more than 70 OT protocols and more than 4,000 OT application and device vulnerability signatures; and FortiGuard Outbreak Alerts that includes critical information about OT-specific threats.
“Threats to OT, or production or critical infrastructure, can come from the IT network or the OT network. Thus, any security solution needs near real-time threat intelligence from both sides,” Shah said. “Most solution providers have IT threat intelligence, which is critical to protect against malware, like ransomware, that can have an impact on production and critical infrastructure.”
“Likewise, OT threat intelligence which leverages different communication protocols and targets OT devices, is unique and necessary to properly protect OT-specific threats. Thus, both IT and OT threat intelligence are critical to properly protect OT,” he added.