Network performance and security
Trout Cyberbox provides a simple and scalable hardware to implement Demilitarized LAN (DLAN) across your industrial sites.
Leveraging our expertise in defense and aerospace, we engineered a solution to deploy secure, air-gapped zones in industrial sites. The Trout Cyberbox seamlessly integrates with your existing assets and topology, enhancing the performance of your sites and drastically increasing their protections.
Trusted by leading companies
Why DLANs
Demilitarized LAN allows network managers to create granular segmentation - to optimize network loads and enhance site cybersecurity.
Trout Cyberbox provides an Overlay solution, empowering users to implement DLAN without rewiring
Trout Cyberbox
Build the most secure facilities. A proprietary hardware providing an integrated solution to scale DLAN across your infrastructure - gain visibility into your assets, deploy layers of protection, accelerate compliance. Offering transparent and dependable solutions to safeguard critical infrastructure.
Visibility
Out-of-the box asset discovery and management capacities, allowing you to detect existing assets in your environments and asset changes in real-time.
Protection
Trout Cyberbox runs native, scalable proxy - spanning across protocols - to accelerate the implementation of layers of protection and buffer zones.
Detections
Pre-built expert detections and frameworks in line with global regulations (NIS2, NIST, CMMC). With the ability to extend custom multi-system detections.Integration
Integrated log forwarder with Gb/s throughput, with skimming capacities and integration to log sink and SIEM products.
Compliance
Simplifying compliance management for information security regulations with edge proof collection and correlation with policies.
Thales secures environments with Trout
Thales, a top-tier defense company ranking among Europe's elite, has long been recognized for its steadfast commitment to security and technological innovation. In a strategic move to accelerate security by the edges, Thales embarked on a transformative initiative by integrating Trout into its ecosystem.
Build the most secure facilities
Need clarification?
What is a DMZ?
A DMZ, or Demilitarized Zone, in the context of network security, refers to a physical or logical subnetwork that separates an internal local area network (LAN) from other untrusted networks. DMZ are mostly implemented at the edge of a given infrastructure, which is a problem in todays' connected environments.
What is a OD LAN ?
A OD LAN - or Overlay Demilitarized Local Area Network - is a logical subnetwork that aims to protect a given LAN with Demilitarized capacities: internal firewall, access control, proxy server and log monitoring. OD LAN brings the concept of DMZ internally to an infrastructure to drastically increase its security.
What is the difference between a VLAN and a OD LAN?
A VLAN (Virtual Local Area Network) or bridge, consists in "bridging" several ports of a switch onto a similar LAN, allowing them to connect at the switch speed. To ensure maximum speed VLAN use the 802.1q standard to tag ethernet frames and quickly pass them along without interpretation.
OD LAN provide a logical overlay to implement Demilitarized capacities in front of a given LAN. The newly setup DLAN provides a high level of security: analyzing packets, enforcing access control, proxying services on the LAN...
VLAN optimize for speed, OD-LAN optimize for security.
Which frameworks and organizations recommend OD LAN?
Several cybersecurity frameworks and organizations recommend the use of DMZs as part of a layered security strategy. Notable among these are:
- ISO/IEC 27001: This international standard for information security management systems (ISMS) recommends implementing network segmentation and segregation, which include DMZs, to protect sensitive data.
- NIST (National Institute of Standards and Technology): NIST's cybersecurity guidelines often include the use of DMZs to protect internal networks from untrusted external networks.
- IEC 62443: IEC 62443, the leading international standard for security in automation environments, recommends to shield OT systems with a DMZ with front and back firewalls.
- PCI DSS (Payment Card Industry Data Security Standard): For organizations that handle credit card information, PCI DSS requires the implementation of DMZs to separate payment systems from other network resources.
- ANSSI (National Agency for the Security of Information Systems in France): ANSSI provides recommendations for network segmentation and the use of DMZs to secure critical infrastructure.
What functionalities should a DLAN have?
A well-configured DMZ should provide the following functionalities:
- Service Isolation: The DMZ should host only the services that need to be accessible from the untrusted network, minimizing the risk of internal network exposure.
- Access Control: It should strictly control incoming and outgoing traffic between the DMZ, the internal network, and the internet using firewalls and other security appliances to prevent unauthorized access.
- Monitoring and Logging: The DMZ should be equipped with tools to monitor and log activities, allowing for the detection of suspicious behavior and potential breaches.
- Intrusion Detection and Prevention: Implement intrusion detection systems (IDS) and intrusion prevention systems (IPS) within the DMZ to identify and block malicious activities.
- Regular Updates and Patch Management: Services hosted in the DMZ should be regularly updated and patched to protect against known vulnerabilities.
The Trout Cyberbox simplifies the implementation of these DMZ functionalities by providing a hardware solution that automates the setup and management of a secure IDMZ environment, adhering to recommended security practices and standards.
Don't know where to start
Schedule a complimentary 45 minutes audit with our networking and cybersecurity expert team to discuss your environments and potential questions.