Shielding the Industrial OT: 2024 Next-Generation Industrial Firewalls Enhance Cybersecurity Resilience

This year has, so far, witnessed the release of several NGFWs dedicated to Operational Technology (OT) cybersecurity, including Palo Alto Networks' PA-450R-5G and Fortinet’s FortiGate Rugged 70G with 5G Dual Modem. Palo Alto’s PA-450R-5G is a new ruggedized firewall appliance that is a cellular version of the PA-450R NGFW, which was also recently unveiled in 2H 2023. The new 5G version of the firewall is specifically designed for industrial environments with cellular activity, while its ruggedized nature makes it suitable for harsh environments with extreme temperature and high levels of humidity or dust. Palo Alto Networks emphasizes that the new security appliance “features four 5G multi-band antennas and two nano SIM card slots to enable connectivity using two different mobile network providers.” Moreover, the NGFW features two SFP/RJ-45 combo ports and six RJ-45 ports, while it is powered by Direct Current (DC) power and supports power redundancy. Excellent for its industrial use cases, the device is fanless and can be installed almost anywhere (so it is not dependent on an equipment rack).

Fortinet’s Rugged 70G is also ruggedized and enables 5G connectivity in OT environments. The device deploys the fifth-generation Fortinet Security Processing Unit (SP5), and boasts an 8 Gigabits per Second (Gbps) firewall throughput and 7 Gbps Internet Protocol Security (IPSec) Virtual Private Network (VPN) throughput. Like the Palo Alto Networks device, it is also ruggedized and resists extreme conditions. Cisco also announced this June that it will release the Cisco Firewall 1200 Series with first models being available in the market in October 2024. Cisco’s new software 7.6 version of Firewall Threat Defense (FTD) will be deployed for both its physical and virtual firewalls. FTD 7.6 enhances security by using Artificial Intelligence (AI) to prevent zero-day attacks.

These new firewalls achieve substantial improvements compared with previous generations. The Cisco Firewall 1200 Series integrates Software-Defined Wide Area Network (SD-WAN) capabilities, providing a unified solution that reduces the need for multiple devices, enhancing network efficiency and security. The PA-450R-5G by Palo Alto Networks boasts Machine Learning (ML) capabilities for advanced threat detection and supports high throughput and session capacities, making it ideal for high-demand industrial settings. 5G capability makes the appliance a great option for mobile businesses that require cellular as their primary Wide Area Network (WAN), because they can simply deploy the firewall without the hassle of additional appliances to leverage 5G.

OT cybersecurity is no longer a niche market and is transforming to a mature state, with a host of diverse and capable offerings. Firewalls are no exception, although physical firewalls, especially ruggedized versions with 5G capabilities, are still designed and manufactured by limited vendors. In the short term, firewall competition will remain in the hands of major players such as Palo Alto Networks, Fortinet, and Cisco, while smaller firewall vendors such as Check Point and TXOne will attempt to increase their market shares. In the short term, competition will remain fierce, but mostly among these leading vendors. Parallel with the main competition, more partnerships will be formed between firewall suppliers and cybersecurity providers, along with System Integrators (SIs) in order to incorporate firewalls into the latter’s security offerings. This will integrate firewalls much more into a comprehensive security solution and further solidify the firewall market in the hands of the top players. Yet, it could also lead to others following the same path to grab a portion of the market, but selling cheaper products to security providers and integrators to capture part of the market via offering cost-effective solutions.

Industrial firewalls with 5G capabilities offer key advantages over those without them, including enhanced connectivity and network continuity if wired connections fail. Also, 5G can be used as a backup connection, therefore achieving redundancy, which is vital for critical industries and maintaining continuity. 5G-enabled firewalls also better support scalability and increasing data transmissions in modern 4.0 industries by providing faster speeds and lower latency. Thus, they are more reliable and flexible, and could eventually replace those devices that are solely reliant on a wired connection. Also, industrial organizations could show a tendency to purchase 5G firewalls even if they don’t immediately need 5G connectivity, in order to future-proof their investments if they decide to transition to 5G.

Other OT cybersecurity firewall providers will need to invest in developing firewalls with integrated 5G capabilities if they want to compete with the main industrial firewall players in the industry. Ruggedized designs that can withstand harsh environments are important to market these devices to industrial organizations. The scalability and adaptability of firewalls with various industrial protocols, and their ability to process a surge in industrial network traffic are key factors to remain competitive. Also, customers usually look for high throughput, advanced threat prevention features such as AI/ML, and low latency in industrial firewalls. Industrial firewall users should assess their needs, especially whether they need to invest in new technologies if their future connectivity requirements demand 5G connectivity. Finally, firewalls need to integrate with Zero Trust security frameworks, while also supporting existing client security frameworks in order to avoid costly overhauls of entire industrial architectures.