Event Logger made for the SCADA world
New event logger module provides added SCADA security by protecting data loss
As reported exclusively in the last issue of Read-out (July/August 2009), September First sees the release by Byres Security of its newest Loadable Security Module, the Tofino™ Event Logger LSM – a security logging system created specifically for SCADA environments. The new LSM enables Tofino™ Security Appliances (Tofino SAs) to simultaneously log security events and alarms to multiple targets, including any of the following:
- Remote IT syslog servers
- USB drives installed directly in the Security Appliance
- Tofino Central Management Platform server
The Tofino Event Logger is designed with SCADA-friendly features not found in traditional IT syslog-systems. For example, in settings such as an offshore gas platform where remote connections to an IT log server may not be an option, the Tofino Event Logger will automatically store logs locally on the Tofino for later offload and transfer via USB key. In cases where no IT log server exists or the control system engineer would like their own copy of the logs for operational or regulatory reasons, a backup copy is always saved to the Tofino Central Management Platform (CMP) server.
The Tofino Event Logger is also engineered with reliability in mind. If communications between a Tofino SA in the field and an IT Syslog server are interrupted for any reason, events are stored in the Tofino SA. Once communications are repaired, the saved logs are then automatically forwarded to the server.
The Tofino Security Appliance can hold up to 20,000 event and alarm records in its memory (enough to last over a full month if security events occurred every minute). In addition, all event logs sent to a remote syslog server can be encrypted for added security.
Eric Byres, a leading global industrial security expert and the CTO of Byres Security Inc., points out: “Event loggers are nothing new in firewalls. But, we created the Tofino Event Logger to make it work in the world of SCADA systems, where communication links can come and go and yet data loss is not tolerated. If you are looking for an event logger created specifically for SCADA environments, this is the right module for you.”
See also our report Remote SCADA communication, on the Tofino™ Virtual Private Network (VPN) in co-operatiin with MTL reported by us in July