Zero Trust – Microsegmentation Firewall (ZTMFW)

Naïve Architecture

  • Two network appliances: Switch and North-South Firewall
  • No Isolation between OT devices
  • VLANs freely forward network packets to devices that are part of the same broadcast domain
  • Only packets that need to travel beyond the broadcast domain undergo control
  • Insufficient security for OT environment

Zero Trust Architecture

  • One OT firewall for both North-South and East-West communication
  • No PLC-PLC access
  • PLCs can only access specified server or cloud service
  • Deep packet inspection looks for communication anomalies in key protocols
  • Network is zero-trust and compliant with key standards (e.g. IEC62443)