Tofino™ LSM - Loadable Security Modules
Please note that this product has been discontinued. The information contained on this page is for reference use only.
For more information on migrating or equivalent product options click here
For more information on our current products click here
Loadable Security Modules - LSM’s - are firmware modules that are downloaded into the Tofino™ Security Appliance to implement the desired security features for each location in the control network.
Currently, there are five LSM’s available for Tofino™:
OPC Enforcer LSM
- First-ever application of connection tracking technology to industrial protocols
- Programmable data connection delay period to shut down unused connections
- Supports multiple OPC clients and servers
- Manage all traffic on systems that use OPC DA, HDA, A&E, DX or XML-DA
- Secure data transfers to and from data historians and supervisory applications
- Combine with Tofino VPN LSM for secure remote OPC connections
Firewall LSM
- Implements traffic filtering for TCP, UDP and non-IP communications protocols
- Advanced traffic filtering, such as rate filtering, via Byres-supplied special rules
- One-to-one, one-to-many, and many-to-many addresses in rules
- Implements unique Test mode to permit testing firewall rules without risk of blocking critical network traffic
- Blocked traffic is reported to Tofino™ CMP via rate-limited exception heartbeats
- Broadcast and multicast rules supported
Secure Asset Manager LSM
- Passive Asset Discovery detects network assets without active scanning or polling
- Reports IP address, MAC address, network location of discovered assets
- Matches asset OUI against CMP device database to assist user in identifying assets by vendor
- Download list of discovered assets into CSV file for auditing and report generation
- Assisted Rule Generation provides a ‘wizard’ to help users easily create new firewall rules from firewall exception heartbeats
MODBUS Enforcer™ Deep Packet Inspection LSM
- Advanced filtering and inspection of MODBUS traffic
- Performs sanity check on MODBUS commands
- Control systems engineer may specify permitted MODBUS function codes for each MODBUS connection
- Control system engineer may specify permitted MODBUS register/coil address range or value for each permitted function code
- World’s first content inspection tool for industrial protocols
Virtual Private Network (VPN) LSM
- Creates highly secure tunnels using Secure Sockets Layer (SSL) technology to protect control system integrity
- Allows testing of the VPN tunnel without committing control traffic to it
- Interoperates seamlessly with other Tofino LSMs to provide fine grained VPN access and SCADA-capable firewall protection
- Easy to deploy, test, and manage with drag and drop configuration interface
- Supports legacy automation protocols
Event Logger LSM
- Provides triple redundancy by simultaneously recording security events to syslog servers, a Tofino CMP server, and local SA memory
- Protects event information even if communication links are interrupted
- Enables a Tofino SA to hold up to 20,000 security events and alarms in its memory
- Logs sent to a syslog server can be transported using UDP, TCP, or TLS protocols