Anybus Defender Industrial Firewalls – Purpose-Built to Protect Industrial Control Systems from Cyber Threats

Protecting industrial production and control systems from cyberattacks requires more than basic IT hygiene. While asset visibility, anomaly detection, and backup strategies are essential, they do not offer sufficient protection against today’s threats—whether they come from targeted attacks or unintended actions, such as connecting an infected laptop or clicking a malicious email link.

To effectively limit or prevent cyber incidents, manufacturers need industrial-grade firewalls designed specifically for OT environments.

Network segmentation is the single most impactful security control you can implement.

Anybus Defender zone firewalls enable you to segment your OT network into secure zones and conduits according to IEC 62443 architecture, including micro-segmentation down to individual machines or devices. This prevents lateral movement within the OT network, making it significantly harder for attackers to spread or escalate an attack.

Importantly, Anybus Defender supports implementation of network security controls in line with IEC 62443-3-3, helping your organization meet the requirements for Security Level 2 (SL2). This level is designed to protect against intentional breaches using simple means with moderate resources—such as those from organized threat actors or advanced malware.

Anybus Defender is Stateful Firewall

Stateful firewall keeps track of ongoing conversations between devices. It remembers the details of connections (like who started the conversation and if it’s allowed) and only lets data through if it matches an approved, ongoing connection or a set rule. This makes it smarter and more secure than a simple filter.

Deep Packet Inspection (DPI) is an important feature that looks beyond the TCP/UDP Ports and opens the contents of industrial protocols such as Modbus TCP, EtherNet/IP (CIP) and Siemens S7 protocols.

This enables use-cases where you can write a new set point for temperature, pressure, level of chemicals, etc., but you will not be allowed to set values over the maximum value defined in the firewall.

Anybus Defender includes a unique Packet Capture and Analysis for easy rule creation.
Don’t spend hours typing in DPI rules, let Anybus Defender do the work for you!  If rules / specific packet types are needed, they can be created by a user.

DPI function requires either the DPI/FW or PRO/FW License. Perpetual License - DPI function never expires!