Overview

Introducing OTArmor, GE Vernova's cybersecurity solution

In a complex world of ever-evolving technologies, GE Vernova understands the importance of having an experienced industrial cybersecurity partner to help you safely secure your digital assets. Systems must be continually tuned, monitored, and managed—and many teams struggle to keep pace with all these ongoing demands. Establishing these security mechanisms doesn’t just take time, it takes expertise.

The reality is that implementing general purpose security platforms in OT environments can break business-critical plant operations.

Many decision makers face two highly unappealing scenarios:

  1. Make the massive investments of staff time and budgets that are required to build a comprehensive security program from scratch.
  2. Do nothing; or do the minimum, and hope their organizations aren’t exposed by a cyber-attack or hit by significant fines for non-compliance.

But GE Vernova's cybersecurity solution offers a far more appealing alternative.

Close up businessman hand typing or working on laptop for programming about cyber security , advance future technology concept

A single platform

GE Vernova's cybersecurity solution delivers comprehensive  security capabilities in a single, pre-integrated platform, enabling your organization to establish robust, defense-in-depth controls in plant environments.

The solution provides security controls and OT maintenance tools for GE and non-GE control networks. With GE Vernova's cybersecurity solution, you can leverage a full suite of security capabilities—without all the time, cost, and effort of procuring, testing, integrating, and deploying these disparate solutions independently.

Access control and cyber security concept. Padlocks and locks on virtual digital screen. Data and information protection protocol. Secure connection.

A range of features

GE Vernova’s cybersecurity solution helps collect, correlate, and forward security logs and events, and it presents this information to plant personnel in a highly usable format. The solution offers identity and password management capabilities for control-system environments. Additionally, the solution can be customized so that it aligns with your existing environment—including your security incident and event management (SIEM) platform, backup mechanisms, anti-virus technologies, log management platforms, and more:

  • Hardware appliance and operations console
  • Hardened server and thin-client console
  • Optional, hardened firewall
  • Secure-by-design configuration
  • Global regulatory certifications support—including IEC 62443 2-4 (that demonstrates secure lifecycle of GE’s cybersecurity platform), and 3-3 (that demonstrates using a secure product development lifecycle process)
Platform

Explore our comprehensive cybersecurity platform

Application allow listing

With the application white-listing option, Windows-based devices have an improved security posture by reducing the risk and cost of malware, improving network stability and reliability.

This feature automatically identifies trusted software that is authorized to run on control system human-machine interfaces (HMIs) and prevents unknown or unwanted software.

Asset management

Continuous threat monitoring and advanced logging intelligence that aims to give you deep, granular industrial control system (ICS) visibility via asset identification and asset configuration change detection.

By analyzing network traffic through deep packet inspection and fluent in over 42 of the native industrial protocols commonly found in ICS security, a baseline is constructed of normal operations, which is then used to detect anomalies.

Data security

Automatic, centralized backup and recovery of the process control domain saves time and cost by deploying a quick disaster recovery plan with minimal downtime. 

All backup activities are logged and easily accessed for generating reports that conform with compliance reporting.

Data diodes

A data diode is a physical piece of hardware that acts as a unidirectional network communication device that facilitates a secure, one-direction transfer of data between networks. 

Its design inherently creates a physical separation between the source and destination networks. Data diodes effectively eliminate all external points of entry to the sending system, thus preventing unauthorized users from gaining access to the protected network.

Network security

GE Vernova’s customizable network security option helps monitor and block malicious activity and attacks and provides continuous visibility of unusual activity and potential threats to the control system network. Stateful tracking of network traffic to allow approved communications between connected devices and the “outside” network.

Additionally, Next Generation Firewalls can inspect certain network traffic types to identify ports that may change during communications to demonstrate that traffic is permitted to flow (for example, FTP, TFTP). Next Generation Firewalls can perform additional checks on traffic—including application-level inspection and filtering of network traffic with exception.

 

Role-based access control (RBAC)

Provides centralized control and management specific to the controls environment, enabling you to manage access to the industrial control system based on permissions. Benefits of RBAC include:

  • Lower risk
  • Cost reduction
  • Enhanced operational efficiency
  •  Improved compliance

Security information and event management (SIEM)

GE Vernova provides a scalable solution with both real-time and historic dashboard views of cyber activity—such as changes to switch configurations, failed login attempts, unauthorized port access, and USB usage. Operator cybersecurity dashboards include:

  • Data-rich SIEM
  • Ready for SOC integration

Multi-factor authentication

Multifactor Authentication (MFA)—sometimes called “two-factor authentication” or 2FA—is a security protocol that requires a user to present two pieces of evidence when logging into a given account or application.

Multi-factor authentication combines hardware-based authentication and public key cryptography to ensure strong authentication and eliminate account takeovers.

Secure remote access

A zero-trust solution that safeguards against cyber risks—including insider threats—through its unique, browser-based hardened platform. Secure remote access technology provides a simple and secure access mechanism to critical assets by using:

  • Protocol and system isolation
  • Encrypted display
  • Multi-factor authentication
Contact us

Want to learn more about our OTArmor?