TOSIBOX - Water/Wastewater & Critical Infrastructure

The days of building OT networks with traditional IT are gone. Manual configuration with hours or days from an IT pro and expensive hardware has made these tools too costly and complex for OT.

Tosibox takes the best technologies from traditional IT and automates them specifically for OT. Eliminate cost, complexity, and cybersecurity risks by building your critical infrastructure with an OT dedicated tool.

STEP 1 - SERVERS

The Tosibox VCL is your SCADA agnostic networking hub. Integrate any software and secure it behind your VCL.

- Create always on VPN connections to any on-prem or cloud-hosted environment
- Manage user access down to the port, protocol, IP, or MAC ID level
- Time restrict user network access
- View a real-time user audit log
- Build access groups for simplified data, site, and user management
- Manage data connections to multiple hosted applications

The VCL can be hosted in any virtual environment including on-prem servers, hyperscaler clouds, or the Tosibox Tier 4 data center. Host where you choose.

STEP 2 - SITES

Connect dispersed assets in 10 seconds. Connect Tosibox edge devices to internet via broadband, WiFi, cellular, or satellite then connect Tosibox LAN to your automation equipment. Every edge device includes:

-Automated Firewall for network segmentation and device security
-Internet invisible infrastructure
-Layer 2 and 3 capable point-to-point VPN connectivity
-Remote access for your team or vendors through physical-first MFA
-Site-to-Server VPN tunnels built automatically through checkboxes
-Auto-failover between multiple internet sources (ethernet, WiFi, cellular, and/or satellite)

Tosibox edge devices are agnostic to hardware. Connect any make and model of automation equipment to Tosibox LAN and communicate with your preferred protocol natively without any drivers.

STEP 3 - USERS

Provide user access to servers and sites with physical first, multi-factor authenticated access control. Only users with approved, physically serialized devices and proper credentials can access Tosibox secured networks.

-Access provided through physical USB keys or software serializations for PC’s, Android, or IOS devices.
-All user access connections are through 256-bit AES encrypted VPN tunnels
-Provide access via Layer 2 or Layer 3 connections
-Restrict down to the port, protocol, MAC ID, or IP level
-Time restrict user access
-Users can have access to an unlimited number of sites or devices
-Point-to-point networks without any third-party cloud routing - you own the data

Tosibox remote access tunnels can be configured as Layer 2 which gives technicians 'from the bucket access control' from anywhere in the world. Utilize device discovery and the full capabilities of your industrial protocol as if you are directly connected to your automation equipment.

TOSIBOX University - Video Series

You are a Building Automation Master already familiar with Tosibox BAS Infrastructure technology.

Below is our Master Class Series highlighting our OEM and Application partners.

Check back often for new additions.

TOSIBOX And...

What Can You Do?

Recommended Steps to Protect Your Operational Infrastructure

As part of a proactive cyber posture, the CISA, FBI, and NSA recommend:

Step 1: Secure all IP nodes behind an internet invisible firewall

Step 2: Segment operational and IT networks to prevent lateral traversing in the case of an intrusion

Step 3: Distribute all access control through physical first, multi-factor authentication

Step 4: Institute logging to audit who has accessed what and when

Step 5: Backup operational data to minimize downtime in the case of a destructive breach

How Tosibox Can Help

TOSIBOX Is Your Dedicated Operational Network Platform:

Step 1: Secure - Automated setup of your firewall, network, cloud connection and user access control removes human error and ensures complete cybersecurity

Step 2: Segment - Internet invisible without any static/public IPs or DNS servers, Tosibox is purpose built to support and segment your OT network.

Step 3: Access Control - Tosibox requires Physical First, MFA, allowing only trusted users to access your network

Step 4: Audit Logging - Tosibox central platform provides detailed audit logs of who access what and when.

Step 5: Backup - Your data is backed up, encrypted at rest, and ready for same day disaster recovery

For more information, or to set up a time to talk with a TOSIBOX OT specialist, click the contact us link at the bottom of this page.

Reframe through OT Network Automation

Automated Cybersecurity

The Tosibox Platform is a fully automated OT platform that embeds industry leading cybersecurity in every connection automatically.

-Automated firewall
-Automated point-to-point, layer 2 and 3 capable VPN connections
-256-bit AES encryption
-No Static IPs = Internet invisible
-No 3rd party cloud routing
-User access control down to the port, protocol, or MAC ID/IP level
-Physical first multi-factor authentication
-Outbound ports only
-Secure boot

IT Approved

The Tosibox Platform has been approved by IT groups of global enterprise organizations in over 150 countries, and here is why:

-Fully embedded edge-to-edge OT cybersecurity
-No static IP or inbound ports
-Existing corporate & cloud firewall friendly
-Seamless integration with existing IT networks and applications
-Full IT/OT network segmentation
-All data packets accounted for
-No 3rd party cloud routing
-Invisible from the internet
-Everything cellular ready
-1-1 NAT, DHCP, VLAN Support, MAC Filtering, Proxy Support

Remote Connectivity

With the Tosibox Platform, you can create point-to-point Layer 2 or 3 capable VPN connections to equipment at the edge in 10 seconds. Once a network has been established, you can manage user access to equipment through simply checking boxes to provide new users cyber secure remote access to equipment at the edge.

The platform is also completely protocol agnostic, meaning, use any manufacturers ethernet capable equipment and speak any protocol you desire. If there is an ethernet port, it will work with Tosibox.

Always on Data Connectivity

Creating always on VPN connections to a hosted environment for data collection is as simple as checking boxes. No IPSEC tunnels, Static IPs, or building out port forwarding channels. The Tosibox Platform automates cyber secure, always on connectivity from equipment at the edge to your data analytics applications in the cloud or on prem.

Host your data and applications wherever you choose, that could be in the Tosibox Tier 4 OT Data Center, AWS, Azure, or in an On Prem. Server.

You can also use whatever data applications you desire. If you already have an application built and hosted, no problem, Tosibox will seamlessly integrate. If you are looking to build your own platform, Tosibox is here to help.

User Access Management

Adding or removing users from the network is as simple as checking boxes to provide true physical first multi-factor authentication. This access can be time restricted, or restricted down to the port, protocol, network, or MAC ID level.

Audit logs of user access times and devices is stored in the Tosibox platform for accurate user management and time stamps.

IT/OT Segmentation and Integration

The Tosibox platform was designed with OT in mind. Implementing Tosibox as your OT network solution provides full network segmentation from the IT side, setting the OT network behind its own cybersecurity. This protects your OT network from cyber vulnerabilities or attacks on the IT network.

Even though you are creating IT/OT network segmentation with the platform, there is still capability embedded for seamless integration with existing enterprise networks and corporate applications.

Host with Tosibox

The Tosibox Cloud is a network of Tier 4 Datacenters. We understand the critical nature of Operational Infrastructure and Data which is why we feel our hosting EXCEEDS the out-of-the-box capabilities of the large hyperscaler platform. Highlights for the datacenter component of Tosibox Hosting and Managed Services includes:

-All data throughput is included
-Fixed Monthly Costs
-Encryption of Data-at-Rest
-Daily Incremental and Weekly Full Encrypted Backups for immediate recovery
-Tier 4 Datacenters with SOC2 Compliance
-Additional Industry certifications (e.g. HIPPA, etc.)
-24/7 Datacenter Support
-Complete Disaster Recovery Redundancy (same country)
-Locations in US, UK, Ireland, Australia, Singapore.
-Free inbound migrations of existing hosted applications

Minimize Network Downtime Through Redundancy

Tosibox edge nodes can come ethernet/WiFi/Cellular (dual-sim integrated modem), and Satellite capable. We can select the best fit based on your application and network requirements.

Within the edge node settings is the capability to set the WAN priority. This is configured with a drop down menu to automatically fail-over between multiple internet sources.

Gone are the days where you are tied to one carrier or internet source. Setting up fully-redundant networks through the Tosibox platform has been simplified and automated.

-Proj. Example:

- First Internet Source: iNet LTE Cellular
- Second Internet Source: Verizon Cellular
- Third Internet Source: Satellite Modem
The Edge Node will automatically fail-over between carriers to decrease downtime and will also rely on the higher priority sources as first choice.

Capable Cellular Carriers:

-TosiSim Quad Carrier Sim (More Info in images below)

-All main cellular carriers including iNet LTE

Secure, Automated Networks - Designed for Water/Wastewater SCADA