Cybersecurity out of the box

17 May 2021

All elements in Industry 4.0 – people, machines, production facilities, business functions, products, and services – are constantly generating data and communicating with one another; after all, that’s the core of digitisation. Data transfer and communication take place via powerful network structures, which must be protected.

Normally, companies must consider and pay attention to a lot when it comes to cybersecurity, which is why users can feel overwhelmed by this due to a lack of specific know-how. Therefore, Siemens is taking a different, simpler path for its customers. Thanks to the extensive know-how of the Digital Enterprise Services experts in the areas of automation, digitisation, and cybersecurity, Siemens can offer a single-source solution which is ideally suited for every production environment and meets all requirements in terms of availability and security. The basis of this approach is defense in depth – a multilayer security concept that gives industrial plants both all-round and in-depth protection as recommended by the international security standard IEC 62443. The defense consists of three different layers: plant security, network security, and system integrity for comprehensive network security at all levels. Especially when it comes to network security, network segmentation is an essential aspect. Therefore, Siemens provides its customers the Industrial DMZ Infrastructure, a single source and out-of-the-box solution for the segmentation of IT and OT networks. 

Preventing unauthorised access
The DMZ (demilitarised zone) with front and back firewalls prevents direct access from potentially insecure or unsupervised systems to the automation level. Due to the firewalls, the OT systems are shielded from the corporate IT, which means – according to the IEC 62443 recommendation – that there is no direct communication between the two environments. This separation allows access to systems that require data from the Internet (e.g., WSUS) and at the same time protects the system network from unauthorized access from outside. The redundant state-of-the-art next generation firewalls not only function as port filters, but also analyse the data on the application level (layer 7). The services forthcoming in the DMZ, e.g., remote access, file exchange, and active directory, are made available as virtual machines on a separate high-performance virtualisation host. Furthermore, the DMZ itself is based on the zero-trust concept, therefore the communication between the virtual machines within the DMZ is effectively prevented and only takes place via the firewalls.

Defense in depth on a hyper-convergent IT platform
The Industrial DMZ Infrastructure offers network segmentation as part of network security. It also includes additional features and services for network security and system integrity, such as archiving, backup, endpoint protection or patch management. With this range of security measures, the Industrial DMZ Infrastructure serves two of the three layers of the defense in depth concept. Plus, the DMZ is implemented on the hyper-convergent Industrial Automation DataCenter, the proven IT platform from Siemens, allowing high performance computing with virtualisation. This leads to more flexibility, availability, and energy-efficiency. After individual planning and configuration by the service experts, the solution is delivered ready-to-run and will be maintained over the long term with lifecycle services, following the Digital Enterprise Services holistic approach in three steps – consulting, implementation and optimisation.

All-round carefree package
With the Industrial DMZ Infrastructure Siemens offers its customers a concrete solution to the problem of IT/OT network segmentation. On top of that user benefit from many more out-of-the-box and ready-to-use security features that ultimately enable defense in depth. Everything is implemented on a hyper-convergent IT platform. In the end with this solution Siemens’s customers receive a single source IT infrastructure for the needs of OT in every production environment, increasing availability and the security level of the whole system.  

For more information visit: 

Contact Details and Archive...

Print this page | E-mail this page