logo slogan

Floodgate Defender Appliance

Floodgate Defender Appliance™ is a compact firewall appliance providing drop in protection for networked industrial devices. Installation and configuration is done in minutes, providing instant protection against cyber-attacks from hackers, denial of service attacks, cyber-sabotage attacks, automated hacking bots, and other Internet-based threats. Floodgate Defender Appliance is powered by the Floodgate Software Products to provide protection, management and situational awareness for a single end point device or to create a secure enclave providing end point protection to multiple devices.


With inclusion of Floodgate Agent, a secure web interface or your corporate policy management system allows configuration of customized communication policies. The Floodgate Defender Appliance enforces these policies, dropping unwanted packets before they are passed to the target device, blocking attacks before a connection is even established.



Hackers Targeting Industrial Devices

Internet-based attacks are on the rise and an increasing number of these attacks are targeting industrial devices. Cyber-criminals, hacking bots, industrial or international espionage agents and even terrorist groups are now targeting industrial, military and utility systems.
Reported attacks against industrial devices include:


Automotive manufacturing plant shutdown resulting from a cyber-attack Hackers breached SCADA systems in 3 different cities (based on an FBI report).
Pipeline monitoring system that failed due to a DoS attack.
Train system delays caused by hackers.
Sewage spill caused by a control system that was hacked by an insider.
Pacemakers, insulin pumps and other medical devices hacked by researchers.
Printers that were hacked for corporate espionage.


Protection for Legacy Devices

Many industrial devices are 10 and even 20 years old, predating concerns over Internet-based threats. These devices were manufactured with inadequate security and likely have insufficient resources to run security software.

Updating to newer systems to improve security may be difficult or impossible. The cost of replacing existing equipment with new, more secure devices is often prohibitive and, in some cases, more secure devices may not even be available.

The Floodgate Defender helps maintain the investment in existing systems by transparently filtering IP traffic. No modification to the existing industrial device or network is required. Simply install the Floodgate Defender appliance, configure the filtering rules and your existing equipment will be protected from cyberattacks.


Device Protection with Floodgate Defender Appliance

Firewall technology is the cornerstone of security for home and corporate networks. Any modern PC includes a firewall. Yet most industrial control devices have no firewall. Worse still, many of these devices have been in service for years and include no security features at all. Replacing or upgrading these systems is impractical and expensive.

Floodgate adds security to existing systems without modifying the network, control systems, or legacy devices. Simply install the Floodgate Defender Appliance in front of the TCP/IP connection of the device you want to protect, configure the filtering rules, and Floodgate does the rest. With the Floodgate Defender Appliance you can preserve the investment in your current systems without sacrificing security.


Drop in Protection

Floodgate Defender can be used to protect any device attached to the Internet or any other TCP/IP network. It is installed between the device and the network and operates transparently; no modifications are required to either the network or to the device being protected.

Floodgate Defender provides bidirectional firewall capabilities, allowing complete control of communication both to and from the protected device. A secure web interface allows configuration of customized communication policies. Floodgate Defender enforces these policies, dropping unwanted packets before they are passed to the target device, blocking attacks before a connection is even established.


Protection from Cyber-Espionage and Cyber Terrorism

Floodgate provides bidirectional firewall capability, allowing complete control of communication both to and from the target device. Bidirectional firewalling ensures the protected device only communicates with known, trusted IP addresses. Cyber-espionage attacks, data-stealing-malware and any other attacks that attempt to send data from the protected device are blocked. This feature can also be used to quarantine an infected or non-trusted device.

Cyber Terrorists are often highly sophisticated with deep knowledge of the target device, allowing their attacks to disable or bypass traditional security measures. By controlling all communication with the target device, Floodgate can block sophisticated cyber terrorism attacks.



Protection from Insider Attacks

Insider attacks, whether intentional or inadvertent, accounted for more than 20% of all cyber-attacks, according to a 2011 study. Just beause a device is located behind the corporate firewall does not mean it’s safe from attackers.

Floodgate provides an extra layer of defense against insider attacks. Communication policies can be customized for each device, ensuring that non-authorized communication is blocked. Floodgate allows industrial devices to be connected to the corporate network while protecting them from unauthorized users, even from users who have legitimate access to the corporate network. In addition, logging and reporting capabilies can be used to detect and investigate unauthorized access no matter where it originates.


Using the Floodgate Defender Appliance

The Floodgate Defender Appliance can be used to protect any device attached to the Internet or any other TCP/IP network. Floodgate is installed between the device and the Internet and operates transparently; no modifications are required to either the network or to the device being protected. Floodgate will work with any network configuration. Floodgate auto configures based on your network topology.


Blocking Attacks


The Floodgate Defender Appliance uses a set of communication policies to filter packets before passing them to the device for processing. The communication policies define who the device is allowed to communicate with (IP address and MAC address filtering) and what communication is allowed (port and protocol filtering). When a hacker tries to access a protected device, Floodgate recognizes that the source IP address is not a known, trusted IP address and drops the packets. The identified packets are not forwarded to the protected device and the attack is blocked before a connection is even established.

Floodgate also recognizes and blocks common cyber attacks such as TCP SYN Flood attacks even if they originate from a trusted IP address.




Secured with McAfee Application Control to ensure the device itself remains secure.
Secure web configuration interface.
Log file and email alerts of security events.
Supports user-defined or default policies.
Protocols supported: Ethernet: TCP/IP, UDP/IP, & ICMP.
Filtering modes: whitelist or blacklist.
Filtering criteria: Ethernet MAC address, Ethernet frame type, IP address, IP protocol, TCP port number, UDP port number.
SSL tunneling support
Integration with the McAfee ePolicy Orchestrator.


Hardware specifications

Size: 4” x 4.5” x 1”
Weight: 13 oz
Operating temperature: 0–70 C
Power input: 12 VDC (external power brick provided)
Power usage: 8W full load, 1W standby, 6W low load
2 x 1000 BaseT Ethernet connections.

Additional hardware configurations are available for industrial environments, or to support additional ports, fail open/fail closed, or other options.


Logging and Alerting

Floodgate Defender generates alerts when alarm conditions are detected. It also maintains a log of all events and policy violations. These logs can be used for forensic investigation to determine the source of an attack. Floodgate Defender can send logs and alerts to the McAfee ePO, Icon Labs’ Floodgate Management system or to other Security Information and Event Management (SIEM) systems.


Integration with McAfee ePO and SIEM


The Floodgate Defender appliance is integrated with the McAfee ePolicy Orchestator, enabling centralized management of Floodgate Defender appliances. Using the McAfee ePO provides:


Centralized management of security policies

Situational Awareness and device status monitoring

Event management. All security events detected by the Floodgate Defender are reported to the ePO which provides reporting and event notification


NERC-CIP Electronic Security Perimeter

NERC-CIP mandates protection of assets using routable protocols. Floodgate Defender can help in achieving NERC CIP compliance by creating an Electronic Security Perimeter around assets that are otherwise unprotected, such as an RTU that utilizes a routable protocol to prevent unauthorized access. The Floodgate Defender meets the Electronic Security Perimeter requirements of NERC CIP by providing:

Access Control
Electronic logging and alerting
Strong authentication (using SSL tunneling mode)
Ports and Services protection by blocking all unused ports and protocols
Small secure enclaves of one to several devices within the perimeter for additional required protection