Upon discovery of a cyberattack, forensic experts look inside the compromised network’s various logs to locate and analyze tracks left by the attacker. Logs are the baseline information required for quality incident response and forensics. They consist of tracks and hints of the attack and the attacker.
However, once inside your network, after attackers got into a position of control, they know how to remove or alter incriminating information in all log repositories. Covering up the tracks is “basic hygiene” of a cyber attack. This is true for local, centralized or cloud-based log repository systems.
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how, in order to keep log repositories more secure than the attacked network, Waterfall developed the BlackBox.
Waterfall BlackBox was developed with response teams, forensics and other audit professionals in mind, to maintain trust in logged information. Patented and based on Waterfall’s innovative and patented unidirectional security technology, the Waterfall BlackBox secures logs “behind” a unidirectional gateway, ensuring that logs are physically kept trustworthy and out-of-reach of cyber attackers.
With the BlackBox, there is a physical barrier between the network and the logged data so that the data sent to the BlackBox is stored physically “outside” the network, inaccessible and untouchable to anyone looking to cover their tracks.
Inside the BlackBox is a high-speed, high-capacity logging and analysis system, which can be used for revealing attackers’ tracks, detection of attempted changes, manipulation and abnormal activities. In time of need, data can be retrieved and inspected securely by physical access to the BlackBox appliance.