Dramatically Reduce Cyberattack Paths Inside Your Industrial Networks

Protect Your Critical Assets

Industrial networks today are no longer air-gapped and immune from cybersecurity threats. Although deploying a firewall and segmenting networks is a good first step, how are Operational Technology (OT) engineers, who primarily work with industrial protocols and may lack sufficient IT security expertise, supposed to prevent cybersecurity threats from infecting and spreading across networks? After all, the cybersecurity landscape is constantly changing and goes far beyond blocking the spread of worms or unauthorized PLC commands.

Moxa’s industrial cybersecurity solution is specifically designed to secure industrial networks from both an OT and IT perspective to better address the surging market demand for a comprehensive cybersecurity solution for industrial networks. The solution includes critical IT cybersecurity technologies such as an Intrusion Prevention System (IPS), a key component for defense-in-depth strategies, which has been specifically tailored to protect OT networks from cyberthreats without disrupting industrial operations. Read on to learn more.

 

Benefits

Detect and Mitigate Cyberthreats for System Integrity

Protect Networks With Integrated OT-IT Technologies

Centralized Management to Simplify Monitoring and Perform Updates

How Moxa's Industrial IPS Works

Optimize Data Transmissions

Moxa’s industrial IPS (Intrusion Prevention System) features our OT-centric Deep Packet Inspection technology, enhances IT network security visibility, and ultimately helps mitigate risks and protect industrial networks from security threats. Deep Packet Inspection can identify multiple industrial protocols and allow or block specific functions, such as read or write access. Based on the identified protocol, the industrial IPS can then prevent any unauthorized protocols or functions. This way, you can be more confident that the traffic on your industrial networks is trusted and non-malicious. In addition, Moxa’s industrial IPS provides virtual patching of vulnerabilities for operating systems, application software, and industrial equipment such as PLCs. By effectively integrating OT and IT technologies, Moxa’s industrial IPS safeguards your critical assets from the latest cybersecurity threats.

How Whitelisting Control Works

In order to ensure that network activity on your industrial networks is authorized, Moxa’s industrial cybersecurity solution allows you to define granular access controls at different levels. You can define a whitelist of devices and IP ports that are allowed to access all or part of your entire network. In addition, you can also define the authorized protocol format to prevent unauthorized commands from passing through the industrial IPS or firewalls. Furthermore, OT engineers can even define which control commands can pass through the network to reduce human error associated with sending a wrong control command. With whitelisting control, you can significantly reduce the likelihood of a DoS attack by OT Trojans.

Industrial Cybersecurity Solution

Roll Out Starting in April 2020

EtherCatch IEC-G102-BP Seires

Industrial IPS/IDS

EtherCatch IEC-G102-BP Seires

Industrial IPS/IDS

EtherFire IEF-G9010 Series

Industrial Next-generation Firewall
  • Compact, security-hardened, and rugged design
  • Fine-grained Layer 2 to Layer 7 firewall policy with IPS capability
  • Industrial NAT and network segmentation

Get In Touch

Your Messages
Automation Expo South from 26th to 28th April

IKS-G6524A Series

24G-port Layer 2 full Gigabit managed Ethernet switches

Product Features

  • Supports MXstudio for easy, visualized industrial network management
  • V-ON™ ensures millisecond-level multicast data and video network recovery
  • 24 Gigabit Ethernet ports
  • Up to 24 optical fiber connections (SFP slots)
  • Fanless, -40 to 75°C operating temperature range (T models)
  • Turbo Ring and Turbo Chain (recovery time < 50 ms @ 250 switches), RSTP/STP, and MSTP for network redundancy
  • Isolated redundant power inputs with universal 110/220 VAC power supply range

Product Description

Process automation and transportation automation applications combine data, voice, and video, and consequently require high performance and high reliability industrial grade rackmount switches. The IKS-G6524A series full Gigabit backbone switches are equipped with 24 Gigabit Ethernet ports, and support Layer 3 routing functionality to facilitate the deployment of applications across networks, making them ideal for large scale industrial networks. The IKS-G6524A’s full Gigabit capability increases bandwidth to provide high performance and the ability to quickly transfer large amounts of video, voice, and data across a network. The switches support the Turbo Ring, Turbo Chain, and RSTP/STP redundancy protocols, and are fanless and come with an isolated redundant power supply to increase system reliability and the availability of your network backbone.

IKS-6726A/IKS-6728A Series

24+2G/24+4G-port modular managed Ethernet switches

Product Features

  • Modular design lets you choose from a variety of media combinations
  • -40 to 75°C operating temperature range
  • Supports MXstudio for easy, visualized industrial network management
  • V-ON™ ensures millisecond-level multicast data and video network recovery
  • 2/4 Gigabit plus 24 Fast Ethernet ports for copper and fiber
  • Turbo Ring and Turbo Chain (recovery time < 20 ms @ 250 switches), RSTP/STP, and MSTP for network redundancy
  • Isolated redundant power inputs with universal 24/48 VDC or 110/220 VAC power supply

Product Description

The IKS-6726A/6728A series of industrial rackmount switches are designed to meet the rigorous demands of mission critical applications for industry and business, such as traffic control systems and maritime applications. The IKS-6726A/6728A’s Gigabit and fast Ethernet backbone, redundant ring, and 24/48 VDC or 110/220 VAC ual isolated redundant power supplies increase the reliability of your communications and save on cabling and wiring costs. The modular design of the IKS-6726A/6728A also makes network planning easy, and allows greater flexibility by letting you install up to 4 Gigabit ports and 24 fast Ethernet ports.

RKS-G4028 Series

 

Product Features

  • Meets a wide range of demands from Fast Ethernet to full Gigabit industrial networks (up to 28 Gigabit ports)Modular interfaces for flexible connector type combinations
  • Support for IEEE 802.3bt PoE for up to 90 W output per port
  • High EMC immunity compliant with IEC 61850-3 and IEEE 1613
  • Hardware-based IEEE 1588 PTP for high-precision time synchronization
  • Turbo Ring and Turbo Chain (recovery time < 20 ms @ 250 switches) , and STP/RSTP/MSTP for network redundancy
  • -40 to 75°C operating temperature range
  • Supports MXstudio for easy, visualized industrial network management
  • Developed according to the IEC 62443-4-1 and compliant with the IEC 62443-4-2 industrial cybersecurity standards

Product Description

The RKS-G4028 Series is designed to meet the rigorous demands of mission-critical applications for industry and business, such as power substation automation systems (IEC 61850-3, IEEE 1613), railway applications (EN 50121-4), and factory automation systems. The RKS-G4028 Series’ Gigabit and Fast Ethernet backbone, redundant ring, and 24 VDC, 48 VDC, or 110/220 VDC/VAC dual isolated redundant power supplies increase the reliability of your communications and save on wiring costs.

The modular design of the RKS-G4028 Series also makes network planning easy, and allows greater flexibility by letting you install up to 28 Gigabit ports with various connector types.

EDS-608/EDS-611/EDS-616/EDS-619 Series

8, 8+3G, 16, 16+3G-port compact modular managed Ethernet switches

Product Features

  • Up to 19 optical fiber connections in a compact switch (EDS-619)
  • Modular design with 4-port copper/fiber combinations
  • Hot swap media modules for continuous operation
  • Turbo Ring and Turbo Chain (recovery time < 20 ms @ 250 switches), RSTP/STP, and MSTP for network redundancy
  • TACACS+, SNMPv3, IEEE 802.1X, HTTPS, and SSH to enhance network security
  • Easy network management by web browser, CLI, Telnet/serial console, Windows utility, and ABC-01
  • Supports MXstudio for easy, visualized industrial network management

Product Description

The versatile modular design of the compact EDS-600 series Ethernet switch allows users to combine fiber and copper modules to create switch solutions suitable for any automation network. The EDS-600’s modular design lets you install up to 3 Gigabit Ethernet ports and 16 Fast Ethernet ports, and the advanced Turbo Ring and Turbo Chain (recovery time < 20 ms) technology, RSTP/STP, and MSTP helps increase the reliability and availability of your industrial Ethernet network. Models with an extended operating temperature range of -40 to 75°C are also available. The EDS-600 series supports several reliable and intelligent functions, including IEEE 1588 PTPv2, EtherNet/ IP, Modbus/TCP, LLDP, DHCP Option 82, SNMP Inform, QoS, IGMP snooping, VLAN, TACACS+, IEEE 802.1X, HTTPS, SSH, SNMPv3, and more, making the Ethernet switches suitable for any harsh industrial environment.

EDS-510E Series

7+3G-port Gigabit managed Ethernet switches

Product Features

  • V-ON™ ensures millisecond-level multicast data and video network recovery
  • 3 Gigabit Ethernet ports for redundant ring or uplink solutions
  • Turbo Ring and Turbo Chain (recovery time < 20 ms @ 250 switches), RSTP/ STP, and MSTP for network redundancy
  • RADIUS, TACACS+, SNMPv3, IEEE 802.1x, HTTPS, SSH, and MAC address sticky to enhance network security
  • Security features based on IEC-62443
  • EtherNet/IP, PROFINET, and Modbus/TCP protocols supported for device management and monitoring
  • Supports MXstudio for easy, visualized industrial network management

Product Description

The EDS-510E is a Industrial grade managed ethernet switch. The Gigabit managed Ethernet switch is designed to meet rigorous mission critical applications, such as factory automation, ITS and process control. The 3 Gigabit Ethernet ports allows great flexibility to build up a Gigabit redundant Turbo Ring and a Gigabit uplink. The switch adopts USB interfaces for switch configuration, system file backup, and firmware upgrade, making it easier to manage.

EDS-G508E/EDS-G512E/EDS-G516E Series

8G/12G/16G-port full Gigabit managed Ethernet switches

Product Features

  • V-ON™ ensures millisecond-level multicast data and video network recovery
  • Up to 12 10/100/1000BaseT(X) ports and 4 100/1000BaseSFP ports (EDS-G516E)
  • Turbo Ring and Turbo Chain (recovery time < 50 ms @ 250 switches), RSTP/STP, and MSTP for network redundancy
  • RADIUS, TACACS+, MAB Authentication, SNMPv3, IEEE 802.1x, MAC ACL, HTTPS, SSH, and MAC-address sticky to enhance network security
  • Security features based on IEC-62443
  • EtherNet/IP, PROFINET, and Modbus/TCP protocols supported for device management and monitoring
  • Supports MXstudio for easy, visualized industrial network management

Product Description

The EDS-G500E series is a Industrial grade managed ethernet switch& is  equipped with 8/12/16 Gigabit Ethernet ports and up to 4 fiber optic ports, making it ideal for upgrading an existing network to Gigabit speed or building a new full Gigabit backbone. Gigabit transmission increases bandwidth for higher performance and transfers large amounts of triple-play services across a network quickly. Redundant Ethernet Turbo Ring, Turbo Chain, RSTP/STP, and MSTP increase system reliability and the availability of your network backbone. The EDS-G500E series is designed especially for communication demanding applications, such as video and process monitoring, ITS, and DCS systems, all of which can benefit from a scalable backbone construction.

MDS-G4028

28G-port Layer 2 full Gigabit modular managed Ethernet switch

Product Features

  • Multiple interface type 4-port modules for greater versatility
  • Easy replacement of defect ports to minimize downtime and MTTR
  • Passive backplane to minimize the risk of malfunction
  • Ultra-compact size for easy installation
  • Rugged die-casting design for use in harsh environments
  • HTML5 for a better user experience

Product Description

The MDS-G4028 Series modular managed ethernet switch supports up to 28 Gigabit ports, including 4 embedded ports, 6 interface module expansion slots, and 2 power module slots to ensure sufficient flexibility for a variety of applications. The highly compact MDS-G4000 Series is designed to meet evolving network requirements, ensuring effortless installation and maintenance, and features a hot-swappable module design that enables you to easily change or add modules without shutting down the switch or interrupting network operations. The multiple Ethernet modules (RJ45, SFP, and PoE+) and power units (24/48 VDC, 110/220 VAC/VDC) provide even greater flexibility as well as suitability for different operating conditions, delivering an adaptive full Gigabit platform that provides the versatility and bandwidth necessary to serve as an Ethernet aggregation/edge switch. Featuring a compact design that fits in confined spaces, multiple mounting methods, and convenient tool-free module installation, the MDS-G4000 Series switches enable versatile and effortless deployment without the need for highly skilled engineers. With multiple industry certifications and a highly durable housing, the MDS-G4000 Series can reliably operate in tough and hazardous environments such as power substations, mining sites, ITS, and oil and gas applications. Support for dual power modules provides redundancy for high reliability and availability while LV and HV power module options offer additional flexibility to accommodate the power requirements of different applications. In addition, the MDS-G4000 Series modular managed ethernet switches features an HTML5–based, user-friendly web interface providing a responsive, smooth user experience across different platforms and browsers. Check MDS-G4012 (12 port modular switch) clicking here & MDS-G4020 (20 ports modular switch) on clicking here

EDS-G4014 SERIES

8G+6 2.5GbE-port full Gigabit managed Ethernet switches

Product Features

  • Developed according to the IEC 62443-4-1 and compliant with the IEC 62443-4-2 industrial cybersecurity standards
  • Turbo Ring and Turbo Chain (recovery time < 50 ms @ 250 switches), and RSTP/STP for network redundancy
  • Wide range of power input options for flexible deployment
  • Compact and flexible housing design to fit into confined spaces
  • Supports MXstudio for easy, visualized industrial network management
  • Increased bandwidth capabilities with fiber SFP slots supporting up to 2.5 Gbps

Product Description

The EDS-G4014 Series is equipped with eight Gigabit Ethernet ports and six 2.5 Gbps fiber-optic ports, making it ideal for upgrading an existing network to Gigabit speed or building a new full Gigabit backbone. Gigabit transmission speed increases bandwidth for higher performance and can transfer large amounts of triple-play services across a network quickly. Redundant Ethernet technologies such as Turbo Ring, Turbo Chain, and RSTP/STP increase the reliability of your system and improve the availability of your network backbone. The EDS-G4014 Series is designed specifically for demanding applications such as video and process monitoring, ITS, and DCS systems, all of which can benefit from a scalable backbone. The EDS-G4014 Series is compliant with the IEC 62443-4-2 and IEC 62443-4-1 Industrial Cybersecurity certifications, which cover both product security and secure development life-cycle requirements, helping our customers meet the compliance requirements of secure industrial network design.

NPort 5150AI-M12/NPort 5250AI-M12/NPort 5450AI-M12 Series

Railway 1, 2, and 4-port RS-232/422/485 serial device servers

Product Features

  • Speedy 3-step web-based configuration
  • COM port grouping and UDP multicast applications
  • Real COM/TTY drivers for Windows and Linux
  • Standard TCP/IP interface and versatile TCP and UDP operation modes
  • Complies with all EN 50155 mandatory test items*
  • M12 connector and IP40 metal housing
  • 2 kV isolation for serial signals
 

Product Description

The NPort 5000AI-M12 is a Serial to Ethernet Module, designed to make serial devices network-ready in an instant, and provides direct access to serial devices from anywhere on the network. Moreover, the NPort 5000AI-M12 is compliant with EN 50121-4 and mandatory sections of EN 50155, covering operating temperature, power input voltage, surge, ESD, and vibration, making them suitable for rolling stock and wayside applications where high levels of vibration exist in the operating environment.

NPort 5100A Series

1-port RS-232/422/485 serial device servers

Product Features

  • Surge protection for serial, Ethernet, and power lines
  • COM port grouping and UDP multicast applications
  • Standard TCP/IP interface and versatile TCP and UDP operation modes
  • Speedy 3-step web-based configuration
  • Screw connectors for secure installation
  • Real COM/TTY drivers for Windows and Linux
  • Connect up to 8 TCP hosts
  • Only 1 W power consumption
 

Product Description

The NPort® 5100A device servers are worlds most popular Serial to Ethernet Gateways, designed to make serial devices network-ready in an instant and give your PC software direct access to serial devices from anywhere on the network. The NPort® 5100A device servers are ultra-lean, ruggedized, and user-friendly, making simple and reliable serial-to-Ethernet solutions possible. A Greener Serial-to-Ethernet Solution

The MiiNe is a small but powerful Arm-based serial-to-Ethernet SoC with RAM and Flash embedded. With the MiiNe inside, the NPort® 5110A Series’ power consumption is less than 1 W. The NPort® 5100A Series saves at least 50% on power consumption compared to existing solutions on the market, helping engineers meet the tough environmental compliance challenges found in today’s industrial environments.

NPort 5110/NPort 5130/NPort 5150 Series

1-port RS-232 / 422 / 485 serial device server.

Product Features

  • Easy-to-use Windows utility for configuring multiple device servers
  • Small size for easy installation
  • SNMP MIB-II for network management
  • Real COM/TTY drivers for Windows and Linux
  • Standard TCP/IP interface and versatile operation modes
  • Configure by Telnet, web browser, or Windows utility
  • Adjustable pull high/low resistor for RS-485 ports
 

Product Description

NPort 5100 series device servers (serial to ethernet converters) are designed to make serial devices network-ready in an instant. The small size of the servers makes them ideal for connecting serial devices such as card readers and payment terminals where connections are RS-232 & devices like PLC’s, Energy meters where Serial ports are RS-422 or RS-485, to an IP-based Ethernet LAN. Use the NPort 5100 series device servers to give your PC software direct access to serial devices from anywhere on the network. Using serial to ethernet converters to connect legacy serial devices to Ethernet is now common, and users expect device servers to be cost-effective and to provide a broad selection of useful functions. With its full support of Microsoft and Linux operating systems, the NPort 5110  provides the best choice for serial (RS-232)-to-Ethernet converters. For RS-485 port or a combo – RS-232 / 422 / 485 ports, please use our Nport 5130 or Nport 5150 models!

NPort 5210/NPort 5230/NPort 5232 Series

2-port RS-232/422/485 serial device servers

Product Description

The NPort 5200 serial to ethernet device servers are designed to make your industrial serial devices Internet-ready in no time. The compact size of NPort 5200 serial device servers makes them the ideal choice for connecting your RS-232 (NPort 5210/5230/5210-T/5230-T) or RS-422/485 (NPort 5230/5232/5232I/5230-T/5232-T/5232I-T) serial devices—such as PLCs, meters, and sensors—to an IP-based Ethernet LAN, making it possible for your software to access serial devices from anywhere over a local LAN or the Internet. The NPort 5200 Series has a number of useful features, including standard TCP/IP protocols and choice of operation modes, Real COM/TTY drivers for existing software, and remote control of serial devices with TCP/IP or traditional COM/TTY Port.

CN2610/CN2650 Series

8 and 16-port RS-232/422/485 terminal servers with dual-LAN redundancy

Product Features

  • Dual-LAN cards with two independent MAC addresses and IP addresses
  • Redundant COM function available when both LANs are active
  • Dual-host redundancy can be used to add a backup PC to your system
  • LCD panel for easy IP address configuration (excluding wide temperature range models)
  • Dual-AC-power inputs (for AC models only)
  • Real COM/TTY drivers for Windows and Linux
  • Universal high-voltage range: 100 to 240 VAC or 88 to 300 VDC

Product Description

The CN2600 has two separate LAN ports that can be connected to separate LAN networks. Dual-LAN redundancy involves setting up two separate physical networks to connect the PC host with the CN2600 (the PC host also requires two LAN cards). If one connection fails, the PC host can still communicate with your serial devices over the alternative LAN connection.

CN2510 Series

8 and 16-port RS-232 terminal servers

Product Features

  • Real COM/TTY drivers for Windows and Linux
  • ±48 VDC for telecom applications
  • LCD control panel for easy on-site management
  • Supports up to 16 dial-in users when operating as a standalone remote access server
  • PPP/SLIP with RADIUS authentication and RIP I/II routing protocols supported

Product Description

The CN2510 provides an easy console management solution in a convenient 1U rackmount package. With its RS-232 ports, connections are easily established to the console ports of network equipment, such as Unix servers or routers, for centralized management of the attached devices. Each device’s RS-232 console port becomes a network-accessible node, giving users Telnet access from anywhere on the network for configuration and management of the device. Full modem control signals are supported, ensuring compatibility with a wide range of serial peripherals.

NPort 6610/NPort 6650 Series

8/16/32-port RS-232/422/485 rackmount secure terminal servers

Product Features

  • Popular low-voltage ranges: ±48 VDC (20 to 72 VDC, -20 to -72 VDC)
  • Security features based on IEC 62443
  • Up to 32 ports for high-density environments
  • Nonstandard baudrates supported with high precision
  • Port buffers for storing serial data when the Ethernet is offline
  • Supports IPv6
  • DES/3DES/AES for highly secure data transmissions
  • Ethernet redundancy (STP/RSTP/Turbo Ring) with network module
  • Universal high-voltage ranges: 100 to 240 VAC or 88 to 300 VDC
  • Modular design for scalability

 

Product Description

The NPort® 6600 series of secure device servers is the right choice for applications that use large numbers of serial devices packed into a small space. Security breaches are intolerable and the NPort® 6600 ensures data transmission integrity with support of DES, 3DES, and AES encryption algorithms. Serial devices of any type can be connected to the NPort® 6600, and each serial port on the NPort® can be configured independently for RS-232, RS-422, or RS-485 transmission.

NPort 6450 Series

4-port RS-232/422/485 secure terminal servers

Product Features

  • Supports IPv6
  • Ethernet redundancy (STP/RSTP/Turbo Ring) with network module
  • Generic serial commands supported in Command-by-Command mode
  • Security features based on IEC 62443
  • Secure operation modes for Real COM, TCP Server, TCP Client, Pair Connection, Terminal, and Reverse Terminal
  • Nonstandard baudrates supported with high precision
  • Port buffers for storing serial data when the Ethernet is offline
  • LCD panel for easy IP address configuration (standard temp. models)
 

Product Description

The NPort® 6450 is a 4-port device server that uses the SSL and SSH protocols to transmit encrypted serial data over Ethernet. Up to 4 serial devices of any type can be connected to the NPort® 6450, with all four devices using the same IP address. The Ethernet port can be configured for a normal or secure TCP/IP connection.

NPort 6250 Series

2-port RS-232/422/485 secure terminal servers

Product Features

  • Nonstandard baudrates supported with high precision
  • Choice of network medium: 10/100BaseT(X) or 100BaseFX
  • Enhanced remote configuration with HTTPS and SSH
  • Port buffers for storing serial data when the Ethernet is offline
  • Supports IPv6
  • Generic serial commands supported in Command-by-Command mode
  • Security features based on IEC 62443
  • Secure operation modes for Real COM, TCP Server, TCP Client, Pair Connection, Terminal, and Reverse Terminal
 
 

Product Description

The 2-port NPort® 6250 device servers use the SSL and SSH protocols to transmit encrypted serial data over Ethernet. Models are available for connecting to a 10/100BaseT(X) copper Ethernet or 100BaseT(X) fiber network. Both single-mode and multi-mode fiber are supported.

NPort 6150 Series

1-port RS-232/422/485 secure terminal servers

Product Features

  • Secure operation modes for Real COM, TCP Server, TCP Client, Pair Connection, Terminal, and Reverse Terminal
  • Nonstandard baudrates supported with high precision
  • Automatic RS-485 data direction control with Moxa’s patented ADDC®
  • Enhanced remote configuration with HTTPS and SSH
  • Port buffers for storing serial data when the Ethernet is offline
  • Supports IPv6
  • Generic serial commands supported in Command-by-Command mode
  • Security features based on IEC 62443

Product Description

The NPort® 6150 1-port device servers use the SSL and SSH protocols to transmit encrypted serial data over Ethernet. The NPort® 6150’s 3-in-1 serial port supports RS-232, RS-422, and RS-485, with the interface selected from an easy-to-access configuration menu.