Tofino Secure Asset Management LSM

Tracks and protects network devices

  • Passive Asset Discovery
  • Asset Classification and Deployment
  • Firewall Rule Creation

SAM tracks and protects your network devices

Before you can protect a control system you need to know exactly what devices are on the network and how they communicate with each other. Seems obvious – but on today’s complex systems, getting complete and accurate information about the installed devices and protocols can consume a huge amount of effort without the right tools.

Tofino’s Secure Asset Management (SAM) LSM tracks every device that communicates through your Tofino Security Appliances, presenting them as a list of icons so you can quickly construct a network model using the visual drag-and-drop editors in the Tofino CMP. SAM uses Passive Asset Discovery exclusively – it never scans or probes your network, which could lead to traffic overload and even cause some controllers to fail.

During system deployment, SAM helps you identify the type of each device and match it up with the appropriate device template in the Tofino CMP’s device database, so you can quickly assign the appropriate traffic rules to each device. If you need to modify traffic rules during testing, SAM’s firewall rule wizard will guide you through the selections using data gathered from Tofino’s security alerts. And after deployment is complete, SAM will alert you right away if any new devices are discovered on the network.

Summary

Saves you money through:
  • Faster Tofino deployment
  • Reduced test time
  • Lower installation costs
  • Improved system reliability and stability

Features
  • Passive Asset Discovery locates network devices without any scanning
  • Identifies vendor info for common industrial control devices
  • Software wizard helps create firewall rules automatically from ‘blocked traffic’ reports

Applications
  • Tofino installation, deployment and testing
  • Post-deployment monitoring of existing and incoming assets on control networks

Specifications

Asset Discovery

Completely passive – no network probing or scanning

Asset classification
  • Matches discovered devices against entries in the Tofino CMP Device Database
  • User may select device family and model from the Tofino CMP database before deployment in the Tofino CMP Network Editor

Assisted Rule Generation

Firewall rule ‘wizard’ assists the control engineer in creating new firewall rules when traffic is blocked by the Tofino Security Appliance:

  • Extracts traffic data from the Tofino SA exception heartbeats
  • Guides the operator through device, protocol, and permission settings
  • Creates new firewall rule and downloads it to the Tofino SA when controls engineer clicks ‘Finish’ button

Configuration method

Simple configuration using built-in editor in the Tofino Central Management Platform (CMP)

Operating modes

All standard Tofino modes supported:

  • Passive: no filtering or alerting
  • Test: no traffic filtered; alerts generated as per user-defined rules
  • Operational: traffic filtered and alerts generated as per user-defined rules

Security alerts

Reports discovered assets to the Tofino CMP management console via Tofino ‘Exception Heartbeat’ mechanism

Certifications
  • MUSIC-2007 security certification (Foundation level)
  • Certified Modbus-compliant by Modbus-IDA

Standards compliance

System requirements

Ordering information

Part number LSM-SAM-100 (Tofino Secure Asset Management LSM)

Additional Information:

 Download Tofino Secure Asset Management LSM Data Sheet