iSEG Secure Gateways

Send all data traffic from remote sites to a central iSID Threat Detection System without taxing your network

Overview

The iSAP Smart Collector is a cost effective, distributed solution that offers a network-wide view of all connected devices and all network traffic, for threat detection at a central site.

Increasing network coverage by means of passing traffic from remote networks to a central IDS may create network overload problems, due to the large volumes of data sent to the central IDS. Radiflow’s iSAP Smart Collector solves this problem. Installed at each remote site, it receives all LAN traffic from the local switch (using port mirroring), and filters out much of the irrelevant traffic data, leaving intact the SCADA traffic (e.g. ModBus data).

iSAP helps reduce your overall cyber-security expenditure by requiring only one iSAP device for each remote network site. Each iSAP securely connects to a centrally located iSID Threat Detection server, where corporate-wide network and device activity is analyzed.

To further reduce bandwidth consumption, the iSAP Smart Collector uses Radiflow’s patented compression algorithm reaching ratios of up to 1:10. Once received at the central location, the iSID server is able to decompress the sent data packets with no loss of information. The user is able to set the amount of compression applied, if at all, to different data classes.

Radiflow iSAP is a versatile tool that can be deployed in any site, large and small, allowing for completely passive network coverage without modification of your existing infrastructure.

The Radiflow iSAP RF-2180 Smart Collector and the iSEG RF-3180 Secure Ruggedized Gateway are fabricated on identical hardware built by Radiflow and tested to the standards stated in the product specifications herein.

Features

Aggregation and tunneling

Aggregation and tunneling of monitored network traffic to the iSID Threat Detection System for analysis

Non-Interfering Operation

Seven secure, passive and non-interfering Ethernet ports for incoming OT traffic

Unidirectional transmission

Unidirectional transmission of mirrored network traffic through one-way link, for increased OT network protection

Data Compression & Filtering

Compression of industrial protocols at 1:10 ratio, as well as filtering out of irrelevant traffic data

Encrypted tunneling

Mirrored OT traffic is sent using encrypted tunnel over transport network

Field-Ready

iSAP was designed to meet the harsh environmental conditions at remote sites and substations

Implementation

Click on image for full size

Specifications

(Hardware specifications identical to those of the iSEG RF-3180 Secure Ruggedized Gateway)

Interfaces
  • 2 x 100/1000 SFP ports
  • 8 x 10/100 Base-T ports
Local Operation
  • RS-232 Console Port
  • Local USB Port for Emergency Boot
Physical Design
  • Mounting: DIN rail (optional wall mount)
  • Enclosure: Rugged – IP 30 rated, fan-less
  • Weight: 1.4Kg (DC), 1.8Kg (AC)
  • Dimensions: (mm) 148h x 72w x 123d
Environmental Parameters
  • Operating temperature: -40oC to 75oC
  • Storage temperature: -40oC to 85oC
  • Operating Humidity: 5%-90%
Standards
  • lEC 61850-3 – Electric Utility Substations
  • IEEE1613 EMI – Electric Utility Substations
  • EN50121-4 – Vibration and Shock resistance
  • lEC 61000-4 – Surge Immunity
Input Power Ranges
  • 24-24V DC (range: 18-32v DC)
  • 48-48V DC (range: 36-60v DC)
  • 110-230V AC (range: 90-250v AC)