Rockwell's FactoryTalk services (Platform, Networking Manager, View Software, Policy Manager, System Services) as a product group achieve device authentication, data integrity and data confidentiality, by means of certification, cryptographic protocols, HMAC and data encryption. For those of you that are in the space already, or have working experience with Industrial Network devices, what scenario / use-case would require a Cell / Area based Industrial Firewall (Cisco in this case), given (from my understanding) that the Firewalls are stateless, and act as a whitelist / ACL filter in essence, which similarly, Rockwell's FactoryTalk architecture is able to deliver? Defense in-depth is always a consideration, with overlapping security layers, I am curious to hear of real world use cases.
My thoughts;
- Supplicant / endpoint / cell requires additional routing to an SSL / TLS proxy for Cloud based communications?
- Additional micro-segmentation, off-loading / dropping packets at the cell border, rather than traffic hitting a distribution switch, network manager and identity services?
- Where a Cell / Zone is larger, with it's own Network Services internal to the Cell?
Many thanks
