The most effective means to protect IoT and digital OT devices is through zone-based segmentation and Zero Trust policy rules. Check Point Security Gateways provide scalable policy enforcement and zone controls for the enterprise. Ordr Systems Control Engine discovers, classifies and groups all devices and automatically maps them into their respective zones, areas, and cells using Check Point IoT Asset groups, and then dynamically generates Security Gateway policy rules based on these groups to deliver streamlined microsegmentation.
For example, building automation devices are seamlessly mapped to the Facilities Zone and facility devices within this zone are further segmented from each other. Security policy rules are enforced by Security Gateways to restrict access between zones, areas, and cells based on the minimum access required to allow devices to properly function while protecting them from insider or outsider attack.
An HVAC system can talk with a trusted smart-building controller using approved protocols and applications such as BACnet, but blocked from communicating to the Internet or to another HVAC system.
Ordr SCE integrates natively with Check Point Security Management for multi-gateway policy enforcement. When new devices are connected to the network, they are automatically classified and updated in Check Point Security Management and Security Gateways with the proper IoT Asset membership. Through its network and device awareness, Ordr SCE maintains current IP addressing for IoT Assets in all Security Gateways.
