Secure Industrial Networking

Deploy Demilitarized LANs across your industrial network for faster and more secure connectivity

Physical Device
Simple UI
Advanced Network Topology
Industrial Proxy
Layer 7 decryption
Encryption Tunnels

Network performance and security with Overlay Demilitarized LANs

Demilitarized LAN is a new approach to secure networking. From a central hardware, get visibility into your network and deploy granular DMZ in front of each assets, in a few clicks.


Trout provides an integrated solution to scale DLAN across your infrastructure: gain visibility into your assets, deploy layers of protection, accelerate compliance. Offering transparent and dependable solutions to safeguard critical infrastructure.



On the network hardware with  asset discovery and management capacities, allowing you to detect changes in real-time.


Trout solutions run native, scalable proxy - spanning across protocols - to accelerate the implementation of layers of protection and buffer zones.


Pre-built expert detections and frameworks in line with global regulations (NIS2, NIST, CMMC). With the ability to extend custom multi-system detections.


Integrated log forwarder with Gb/s throughput, with skimming capacities and integration to log sink and SIEM products.


Simplifying compliance management for information security regulations with edge proof collection and correlation with policies.

Website Redesign

Thales secures environments with Trout

Thales, a top-tier defense company, has long been recognized for its steadfast commitment to security and technological innovation. In a strategic move to accelerate security by the edges, Thales embarked on a transformative initiative by integrating Trout into its ecosystem.


Frequently Asked Questions

What is a DMZ?

A DMZ, or Demilitarized Zone, in the context of network security, refers to a physical or logical subnetwork that separates an internal local area network (LAN) from other untrusted networks. DMZ are mostly implemented at the edge of a given infrastructure, which is a problem in todays' connected environments.

What is a OD-LAN ?

A OD-LAN - or Overlay Demilitarized Local Area Network - is a logical subnetwork that aims to protect a given LAN with Demilitarized capacities: internal firewall, access control, proxy server and log monitoring. OD-LAN brings the concept of DMZ internally to an infrastructure to drastically increase its security.

What is the difference between a VLAN and a OD-LAN?

A VLAN (Virtual Local Area Network) or bridge, consists in "bridging" several ports of a switch onto a similar LAN, allowing them to connect at the switch speed. To ensure maximum speed VLAN use the 802.1q standard to tag ethernet frames and quickly pass them along without interpretation.

OD-LAN provide a logical overlay to implement Demilitarized capacities in front of a given LAN. The newly setup DLAN provides a high level of security: analyzing packets, enforcing access control, proxying services on the LAN...

VLAN optimize for speed, OD-LAN optimize for security.

Which frameworks and organizations recommend OD-LAN?

Several cybersecurity frameworks and organizations recommend the use of DMZs as part of a layered security strategy. Notable among these are:

  • ISO/IEC 27001: This international standard for information security management systems (ISMS) recommends implementing network segmentation and segregation, which include DMZs, to protect sensitive data.
  • NIST (National Institute of Standards and Technology): NIST's cybersecurity guidelines often include the use of DMZs to protect internal networks from untrusted external networks.
  • IEC 62443: IEC 62443, the leading international standard for security in automation environments, recommends to shield OT systems with a DMZ with front and back firewalls.
  • PCI DSS (Payment Card Industry Data Security Standard): For organizations that handle credit card information, PCI DSS requires the implementation of DMZs to separate payment systems from other network resources.
  • ANSSI (National Agency for the Security of Information Systems in France): ANSSI provides recommendations for network segmentation and the use of DMZs to secure critical infrastructure.

What functionalities should a DLAN have?

A well-configured DMZ should provide the following functionalities:

  • Service Isolation: The DMZ should host only the services that need to be accessible from the untrusted network, minimizing the risk of internal network exposure.
  • Access Control: It should strictly control incoming and outgoing traffic between the DMZ, the internal network, and the internet using firewalls and other security appliances to prevent unauthorized access.
  • Monitoring and Logging: The DMZ should be equipped with tools to monitor and log activities, allowing for the detection of suspicious behavior and potential breaches.
  • Intrusion Detection and Prevention: Implement intrusion detection systems (IDS) and intrusion prevention systems (IPS) within the DMZ to identify and block malicious activities.
  • Regular Updates and Patch Management: Services hosted in the DMZ should be regularly updated and patched to protect against known vulnerabilities.

The Trout Cyberbox simplifies the implementation of these DMZ functionalities by providing a hardware solution that automates the setup and management of a secure IDMZ environment, adhering to recommended security practices and standards.


DMZ Article


Don't know where to start

Schedule a 45 minutes audit with our networking and cybersecurity expert team to discuss your environments and potential questions.