Gateway
The BlastShield Gateway is an endpoint protection software instance that connects downstream the endpoints to the BlastShield™ network. It protects endpoints from unwanted access by cloaking them from outsiders. The Gateway provides layer 2 isolation to prevent lateral movement and enforces access to endpoints by policy. Connections between Gateways, Agents and users are made directly as peer-to-peer encrypted tunnels using AES-256 encryption.
A Gateway can protect different asset types, e.g., OT / IoT devices, VMs, private cloud virtual instances (AWS, GCP and Azure), virtual auto-scaling endpoints, serverless and networking functions. Multiple downstream endpoints may be connected to one Gateway, Gateways may be deployed on physical hardware, as VMs or as virtual instances.
 |
Only authenticated and authorized BlastShield™ nodes may communicate with Gateway Endpoints, and the Endpoints themselves must also be authorized by policy to be able to initiate a connection. Gateways are registered with the Orchestrator when they are created. The registration process creates a private key on the Gateway which is used to set up security associations with the Orchestrator and with other nodes in the network.
Gateways can be used when it is not possible to install Agent software on the device being protected. The Gateway is provided as software and may be installed into private cloud environments as a virtual instance, on hypervisors as a virtual machine, or on bare-metal x86 hardware.
Software Hardening
The BlastShield Gateway uses a purpose-built, hardened image and is digitally signed. All unnecessary ports and services have been removed.
What types of devices can be protected?
The BlastShield™ Gateway can be used to protect all types of critical assets in IT, IoT and OT environments including the following
Industrial control systems.
Sensors and IP Cameras.
PLC systems.
HMI and iPC systems.
Hosts with legacy operating systems.
Building management and automation systems.
Virtual machines and virtual cloud instances.