Cybersecurity For Data Centers
Protecting data center operational networks from evolving cyber threats
Customer/ Partner:
A large, multi-site data center corporation in Asia Pacific.
Customer Requirement:
Enable security monitoring and management of multiple segmented operational networks without putting these protected networks at risk.
Waterfall’s Unidirectional Solution:
The Waterfall Unidirectional Security Gateway enables the safe monitoring and remote management of operational networks without risk that enterprise connectivity will “leak” attacks back into protected operational control networks.
Data Centers Growing Need To Protect Physical Operations
Enable safe access to OT files, OPCUA data, Syslog alerts, and OT emailed updates for external IT services. Enable the access for an off-site Security Operations Center which the data for security monitoring purposes, and for other IT systems, which use the operations data for a variety of business automation purposes. Enable all of these integrations safely, without risk to physical operations at the data center.
The challenge
Waterfall’s Unidirectional Security Gateways were deployed to protect building automation, access control and electrical systems at a fleet of data centers. Each gateway protects multiple data center operational networks and replicates OPC UA, Syslog and other data through unidirectional hardware. In addition, Waterfall’s Remote Screen View enables off-site management and updates of OT systems without enabling risky remote desktop connections.
Waterfall solution
Waterfall’s Unidirectional Security Gateways were deployed to protect building automation, access control and electrical systems at a fleet of data centers. Each gateway protects multiple data center operational networks and replicates OPC UA, Syslog and other data through unidirectional hardware. In addition, Waterfall’s Remote Screen View enables off-site management and updates of OT systems without enabling risky remote desktop connections.
Results & benefits
Security: No attack from any external, third-party or Internet network can leak back into protected operational networks through the unidirectional gateway hardware.
Simplicity: Unidirectional server replication and emulation make Waterfall’s gateways easy to use. The unidirectional replicas are normal participants in external IT networks.
Efficiencies: By securely enabling access to OT data, the gateways help the business realize SOC-based visibility into OT networks and other business automation and efficiencies – safely.
Theory of Operation
Waterfall Unidirectional Security Gateway solutions replace firewalls in industrial network environments, providing absolute protection to control systems and operations networks from attacks emanating from external less-trusted networks. Waterfall Gateways contain both hardware and software components. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. Unidirectional Gateway software makes copies of industrial servers, enabling external IT and Internet users to connectto the replica servers for access to real-time operational information. At this customer, the Unidirectional Security Gateway copies standard OPC-UA servers, Syslog servers, SMTP servers and file servers from operational networks to the IT network where SOC systems and analysts, as well as other IT business automation systems can access the replicas and their OT data normally. The gateway is also equipped with unidirectional Remote Screen View to enable remote vendor support personnel to see the screen of the Engineering Workstation in order to assist site personnel in diagnosing, adjusting and correcting software and hardware problems.
Unidirectional Security Gateway Benefits:
Safe IT/OT integration, providing access to operations data, without risk of compromise of critical data center operations networks.
Safe unidirectional data transfer to offsite or less trusted networks without introducing cyber threats to the OT environment.
Supports 100+ industrial protocols & applications; from legacy systems to cloud-based platforms.
No attack, no matter how sophisticated or malicious, can enter the unidirectionally protected network.
Enables secure deployment of IT and outsourced SIEM, SOC, NOC & security monitoring solutions.
Global Cybersecurity Standards Recommend Unidirectional Security Gateways
Waterfall Security is the market leader for Unidirectional Gateway technology with installations at critical infrastructure sites around the world. The level of protection provided by Waterfall’s Unidirectional Security Gateway technology is recognized as best practice by leading industry standards bodies and authorities such as NIST, ANSSI, NERC CIP, ISA / IEC 62443, the US DHS & CISA, ENISA, TS50701 and many others.
Share
Trending posts
Stay up to date
Subscribe to our blog and receive insights straight to your inbox
