Nexus OTArmor™

With the application whitelisting option, Windows®-based devices have improved security posture by reducing the risk and cost of malware, improving network stability and reliability. This feature automatically identifies trusted software that is authorized to run on control system HMIs and prevents unknown or unwanted software.

Continuous threat monitoring and advanced logging intelligence that gives you deep, granular ICS visibility. By analyzing network traffic through deep packet inspection and fluent in over 42 of the native industrial protocols commonly found in ICS, a baseline is constructed of normal operations which is then used to detect anomalies.

Automatic, centralized backup and recovery of the process control domain saves time and cost by deploying a quick disaster recovery plan with minimal downtime. All backup activities are logged and easily accessed for generating reports that conform with compliance reporting.

A hardware-based electronic device designed with two separate circuits–one send-only, and one receive-only–which physically constrain the transfer of data to one direction only and form an “air gap” between the source and destination networks. Data diodes can be used to protect network segments of all sizes, from a single controller to an entire facility.

This customizable network security option monitors and blocks malicious activity and attacks and provides continuous visibility of unusual activity and potential threats to the control system network.

The Cyber Asset Protection subscription provides monthly software and firmware updates for your HMI, historians, switches, firewalls, OSM and RSG, including essential security patches. With Nexus OTArmor, patches can be centrally deployed, eliminating an average of four hours per HMI of work hours, which can save up to $20,000 monthly per plant.

Provides centralized control and management specific to the controls environment, enabling you to manage access to the industrial control system based on permissions.

We provide a scalable solution with both real-time and historic dashboard views of cyber activity, such as changes to switch configurations, failed login attempts, unauthorized port access and USB usage.

Adopting stronger employee and vendor authentication is an easy method to reduce risk. Multi-factor authentication combines hardware-based authentication and public key cryptography to ensure strong authentication and eliminate account takeovers.

Stateful tracking of network traffic to allow approved communications between connected devices and the “outside” network. In addition, NGFW can inspect certain network traffic types to identify ports that may change during communications to ensure traffic is permitted to flow (e.g. FTP, TFTP). Next Generation Firewalls have the ability to perform additional checks on traffic including application level inspection and filtering of network traffic with exception.

A zero-trust solution that safeguards against cyber risks, including insider threats, through its unique, browser-based hardened platform. Secure remote access technology provides a simple and secure access mechanism to critical assets by utilizing protocol and system isolation, encrypted display, and multi-factor authentication.

Nexus Controls offers a control system agnostic assessment service to support compliance with industry standards such as ISA99/IEC 62443 and NERC-CIP and will help elevate your cybersecurity awareness and identify potential vulnerabilities. After the assessment is conducted, the final report provided enables the creation of an actionable roadmap of prioritized mitigations to improve your security posture.

Nexus Controls’ team of cybersecurity analysts are experts in big data solutions like, Elastic Search, Splunk & Hadoop. These highly skilled forensic analysts review relevant logs to minimize false positives and maximize detection of threats. Whether you already have a Security Operations Center (SOC) or not, our 24X7 managed security services are scalable to meet your unique needs.

Cyber Asset Protection (CAP) is a key part of a defense-in-depth system for turbine, plant, and generator controls environments. The patching program includes operating system and application patches as well as anti-virus/ intrusion detection signatures to cover updates for HMIs, servers, switches, and network intrusion detection devices. Monthly updates can be applied to individual HMIs or via the Nexus OTArmor™ platform for network-wide deployment.