Defending Critical Government Operations From Cyber Threats
Customer:
A Government Security Agency in Asia-Pacific
Customer Requirement:
Enable real-time transfer of arbitrary files into a secure network environment from open-source networks via file transfer, HTTP and email transports, while providing absolute protection from online data leakage and data exfiltration attacks from the secure network.
Waterfall’s Unidirectional Solution:
Secures the classified/high-security network with a Unidirectional Security Gateway, ensuring continuous and secure cross-domain data flow, while preventing sensitive data from leaking into or being exfiltrated from external, low-security/unclassified networks.
Preventing Data Exfiltration Attacks on High-Security Networks
Government security agencies, public utilities, financial institutions and other sensitive sites world-wide are vulnerable to online cyber attacks aiming to exfiltrate sensitive data. As all software can be hacked, protecting an organization’s most sensitive information with only software and firewalls is not sufficient from a national security standpoint. Software and firewalls can be exploited by malicious and sophisticated adversaries seeking to gain access to sensitive data stored in high-security networks.
- The challenge
Seamlessly and efficiently transfer files from an open source network into a highly-sensitive secure network, while removing embedded malware from the files and preventing absolutely any data exfiltration back into the source network. Support file movement via HTTP, file transfer and emailed transports.
- Waterfall solution
A Waterfall Unidirectional Gateway was installed to transmit files from the low-security to the high-security network. Unidirectional Gateway software connectors gather files in real time from the low-security network and populate those files into file and email servers in the high security network. Government and law enforcement applications and personnel can interact normally and bi-directionally with the copies on the secure network, while the Unidirectional Gateway hardware physically prevents any data leakage back into the low-security network.
- Results & benefits
Hardware-Enforced Security: The classified/high-sensitivity network is now physically protected from online data exfiltration attacks.
Seamless Integration: with a wide variety of CDR solutions
Common Criteria Certification: for the utmost in assurance of resistance to cyber attacks
Network Appliance: with web-based user interface for all administration, monitoring, management and even troubleshooting activities, with no additional software required to be installed on source or destination networks or servers.
Theory of Operation
Waterfall Unidirectional Security Gateways replace one layer of firewalls in the defensive design of classified high-security network environments, providing absolute protection from online data exfiltration attacks. Unidirectional Gateways contain both hardware and software components. Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.
Unidirectional Security Gateways Benefits:
Safe cross-domain integration of classified and non-classified networks
Eliminates any risk of online data leakage through the gateway from classified and other high-security networks
Simplifies compliance with even the most demanding cybersecurity regulations, standards and best-practice guidance, including USDHS, ANSSI, Australian Government Information Security, and more
Simplifies audits and change reviews
Replacing at least one of the layers of firewalls in a defense-in depth architecture with Unidirectional Security Gateways disables online data exfiltration attacks
Global Certifications and Compliance:
Certified: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore
Assessed by: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital Bond Labs, GE Bently Nevada Systems Labs, and NISA Israel
Complies with: global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, Australian Signals Directorate, and many more