WATERFALL FLIP

SAFE SCHEDULED UPDATES TO OT NETWORKS

Many industrial control systems require regular updates of antivirus signatures, batch production orders and other items. Every path for such updates through a firewall though, introduces attack opportunities, since all firewalls are software and all software can be hacked or misconfigured. The Waterfall FLIP is a type of Unidirectional Gateway whose orientation can be reversed, enabling disciplined scheduled updates without the vulnerabilities firewalls always introduce

WATERFALL FLIP

SAFE SCHEDULED UPDATES TO OT NETWORKS

Many industrial control systems require regular updates of antivirus signatures, batch production orders and other items. Every path for such updates through a firewall though, introduces attack opportunities, since all firewalls are software and all software can be hacked or misconfigured. The Waterfall FLIP is a type of Unidirectional Gateway whose orientation can be reversed, enabling disciplined scheduled updates without the vulnerabilities firewalls always introduce

Benefits

REAL-TIME MONITORING WITH SAFE UPDATES

Disciplined, scheduled, secure updated
to unidirectionally-protected networks

EXTENSIVE INDUSTRIAL SUPPORT

100+ Waterfall software connectors for unidirectional
replication of industrial servers and devices

STRONGER THAN FIREWALLs

An evolutionary alternative to firewalls in a strong preventative cybersecurity program for Industrial Control Systems

SERVER REPLICATION FOR SEAMLESS INTEGRATION

IT and industrial clients access replica server and
devices normally and interactively

FEATURES

Hardware is modular, flexible, and user-serviceble

1Gbps standard throughput, multi-Gbps with several TX/RX pairs

Front panel cabinet connections for clear system visibility

Wide variety of COTS software connectors, no customization fees

Flexible connector hosting supporting all major operating systems

THEORY OF OPERATION

The FLIP is a combination of hardware and software. The hardware includes a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. A short fiber-optic cable connects the two hardware Modules. The FLIP is therefore able to transmit information in only one direction at a time. While the FLIP hardware transmits information from a source network to a destination network, that hardware is physically incapable of transmitting any information back from the destination network into the source network.

Hardware orientation reversals are triggered by dedicated hardware on a schedule, or by manual activation from the front panel of the FLIP Module. The FLIP software replicates servers and emulates devices. Clients and users on each network access the replicas as if they were the originals, making the FLIP a plug and play replacement for software firewalls. Unlike firewalls, the FLIP is not a router and is incapable of forwarding network traffic or network attacks.

CERTIFICATION & COMPLIANCE​

CERTIFICATION:

Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore, Korean KC Certification and Israel NISA

ASSESSMENTS:

Idaho National Labs, Digital Bond Labs

ENABLES COMPLIANCE WITH:

Global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more

Resources

Request info/quote