DataHub Tunnel/Mirror

better network segmentation

Every day we hear of a plant or company getting hit by a cyberattack. In most cases, the hackers were able to invade the corporate network. Once in IT, they penetrated OT (operations) through open firewall ports, or simply by being on the right VPN. Many of these companies have sophisticated cybersecurity applications that should have stopped the attack. But that’s not always enough.

It’s time for a better network solution, one that supports the NIS2 Directive and ISA-95 standard, secures OT, and yet still allows data to move bi-directionally. A solution that shares the data, without sharing the network.

Network segmentation

For industrial security, the best approach is network segmentation. Governments and industry leaders worldwide agree on this basic industrial cybersecurity practice—to completely isolate OT data from IT networks using DMZs, behind closed firewalls.

DataHub Tunnel/Mirror Network Segmentation Problem diagram

Making the connection

With a DMZ securing the connection, you can still share data between segmented networks. The simplest way is with DataHub tunnel/mirroring. Tunneling connects across DMZs through closed firewalls, while mirroring maintains a consistent image of the data in real time on both sides. The data flow can be one-way or bi-directional, and the tunnel/mirror can connect virtually any data source to any client, in-house or in the cloud.

DataHub Tunnel/Mirror Network Segmentation Solution diagram