Unidirectional Security Gateways can replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks originating on external networks.
Modern enterprises transmit control system information to business networks continuously, and need to send information from business networks into operations networks occasionally – for example when sending control recipes into batch manufacturing systems or when sending anti-virus signatures and other security updates.
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how you can send information into these sites securely.
Waterfall FLIP is a hardware-enforced Unidirectional Security Gateway whose orientation is reversible. The Waterfall FLIP is “pointed” so that it replicates OT servers to IT networks routinely. By schedule, or by exception, an independent control mechanism inside the protected OT network triggers the FLIP hardware to change orientation, allowing information to flow back into the protected OT network as needed.
Waterfall FLIP harnesses security features of Waterfall Unidirectional Security Gateways to address specific IT/OT integration needs. Data streams out of, and occasionally into the OT network are completely independent and are physically unable to coexist. As a result, the Waterfall FLIP is stronger than firewalls, and meets the most demanding IT/OT integration needs.
Waterfall’s Application Data Control is a novel data inspection system that operates as an add-on to Waterfall’s stronger-than-firewall product lines. Application Data Control adds inspection and in-depth analysis capabilities to information being passed through Waterfall’s Security Gateways.
Application Data Control scans, analyses and filters data passed through a Waterfall gateway. By applying rules, policies and verification tests Application Data Control mitigates data related risks, addressing both data exfiltration attacks and of targeted, cyber-sabotage attacks against industrial networks.