MB Connect Line is presenting the mbSECBOX as a new product for providing PLC security. This device detects malware similar to Stuxnet and other possible threats on S7 Controllers. After a threat is found the mbSECBOX immediately alerts the operator before any damage occurs.
Unfortunately, most S7 PLCs offer no safeguards against the intrusion of viruses and malware. Traditional types of virus scanners with pattern recognition do not protect controller appliances from potential threats. However, the mbSECBOX operates on the principle of a positive list, hence the first step is to create a so-called 'reference backup'.
The complete program memory (OB, FC, FB , DB, SFC , SFB, SDB), the order number and the serial number from the PLC are read and stored in memory. Based on the reference data, the device continuously monitors the static memory area of S7-300 and S7-400 controllers. The program blocks are read in a user-specified interval and compared with the reference backup. When changes are executed to the program data, the system operator will be informed via an email or text message, or a warning light or siren can be triggered from an output.
Manipulation by malware and viruses is therefore recognised as unauthorised changes to the controller's program, and an alarm raised.
The connection to the controller is established via MPI-/Profibus or Ethernet and, for security reasons, the device is not accessible over the company network or the internet.
Follow the link for more information about the mbSECBOX.