Overview

In This Section: ICS Enforcement Using Application Control Supported ICS Applications Custom ICS Applications Prerequisites

ICS Enforcement Using Application Control

Check Point's ICS/SCADA cyber security solutions provide advanced Threat Prevention to ensure vital systems such as power generation facilities, traffic control systems, water treatment systems and factories are never compromised.

• Our Next-Generation Firewall enables granular functional control of ICS protocols.
• Log ICS protocols and commands for forensic analysis of incidents in your operation networks.

Application Control allows you to apply various industrial control system (ICS) applications in the Rule Base. You can apply a security policy on specific ICS protocols, or use more granular ICS commands.

Supported ICS Applications

There are more than 1000 different ICS applications currently supported, including:

Protocol	Command	Full Application Name	Comments
DNP3	--	DNP3 Protocol	Catch-all for DNP3 traffic
DNP3	delay measurement	DNP3 Protocol - delay measurement
Modbus	--	Modbus Protocol	Catch-all for Modbus traffic
Modbus	diagnostic	Modbus Protocol - diagnostic
Modbus	Read Device Identification	Modbus Protocol - Read Device Identification
IEC 60870-5-104	--	IEC 60870-5-104	Catch-all for IEC 60870-5-104 traffic
IEC 60870-5-104	Process Control	IEC 60870-5-104 - Process Control
CIP	--	Common Industrial Protocol (CIP)	Catch-all for CIP traffic
CIP	Delete	CIP Protocol - Delete

For the full range of ICS protocol applications, see the Check Point AppWiki.

Custom ICS Applications

If the existing ICS applications are not sufficient, you can use the signature tool to create your own custom applications. For more information, see sk103051.

Prerequisites

To use the ICS Security solution you must:

• Enable Application Control on your Security Gateway.
• Update the application list to get the latest Application Control applications.
• For Small and Medium Business (SMB) appliances, use the latest firmware available.