Ultra Electronics 3eTi

EtherWatch (3e-636A)

Industrial deep packet inspection firewall

EtherWatch is an affordable industrial security appliance with a built in application layer SCADA firewall that protects critical infrastructure from both internal and external cyber-attacks. Its versatile security platform delivers low-latency network monitoring and filtering performance, while its optimized form factor and design makes it easy to use and deploy anywhere in a network to selectively and invisibly protect one or several network endpoints.

EtherWatch is specifically designed to deploy with no change to the existing architecture and with no impact on network performance. It is easily positioned at critical locations to invisibly monitor traffic and issue alerts in the event of anomalous, malicious, or dangerous activity without causing latency. Utilizing 3eTI’s proprietary cyber technology, EtherWatch is invisible to attackers so they cannot detect its presence or subvert its protections. EtherWatch can be remotely managed through an out-of-band network connection over an encrypted channel or through a dedicated management port preventing attackers from discovering that they have triggering an alarm.
Featured Security Controls

  • Industrial DPI Capable Firewall (DPI) – Encryption prevents attackers from intercepting network communications while firewalls block unauthorized network traffic while simultaneously alerting ICS operators. 3eTI’s firewall ensures that only authorized devices can communicate with the endpoint device. Its deep packet inspection (DPI) technology captures malicious commands and either prevents them from being received or alerts the operator. DPI provides robust cyber security for industrial protocols including OPC, DNP3, MODBUS TCP, BACNet, EtherNet/IP and CANopen/CAN bus. This feature can be tailored to a given industrial protocol or system via a customizable rule wizards. EtherGuard is also capable of automatically learning legitimate commands making it easy to write rules.
  • Protocol Access-Control Enforcement – EtherWatch can be configured as an enforcement point to allow intended industrial protocols to pass through while filtering out unwanted traffic. The access control function is tailored for M2M (machine-to-machine) communications on automation networks, providing an additional layer of protection against attacks that target critical infrastructure.
  • DarkNode Technology – Using DarkNode proprietary technology, it cloaks industrial endpoint data and communications using a “stealth mode”, which means that an attacker can’t detect its presence – they cannot hack what they cannot see. It also can be integrated directly into an existing system with no additional configuration required.