Make my forensic records tamper-proof

Modern cyber attacks will often erase or tamper with logs and other security record-keeping in order to hide their activity and especially to hide their origins. If incident response teams cannot determine how an attack occurred, there is a big risk of the attack recurring the moment a system is restored to normal operations. 

Waterfall protects against such threats with a tamper-proof repository that keeps a unidirectional copy of the logs. 

With Waterfall you get

Hardware protection Hardware protection
Reliable records Reliable records
Known-good backups Known-good backups
Hardware protection Hardware protection

Waterfall's BlackBox gathers logs, configuration files and other information and sends it through Unidirectional Gateway hardware into a forensic repository. No TCP connection or other remote-control attack can penetrate the hardware to put forensic records at risk. 

Reliable records Reliable records

Incident responders at site can physically connect to the BlackBox system and access a reliable forensic record. Comparing records in the forensic repository to logs and other configurations at site identifies which records attackers modified and can suggest which kinds of information the attackers were most interested in hiding. 

Known-good backups Known-good backups

PLC and other automation system configuration files and other important records can easily be dragged and dropped into the BlackBox repository. Remote control attacks cannot tamper with these backups. The BlackBox provides incident respons teams with knows-good backups to work from when restoring industrial systems. 

Hardware protection Hardware protection

Waterfall's BlackBox gathers logs, configuration files and other information and sends it through Unidirectional Gateway hardware into a forensic repository. No TCP connection or other remote-control attack can penetrate the hardware to put forensic records at risk. 

Reliable records Reliable records

Incident responders at site can physically connect to the BlackBox system and access a reliable forensic record. Comparing records in the forensic repository to logs and other configurations at site identifies which records attackers modified and can suggest which kinds of information the attackers were most interested in hiding. 

Known-good backups Known-good backups

PLC and other automation system configuration files and other important records can easily be dragged and dropped into the BlackBox repository. Remote control attacks cannot tamper with these backups. The BlackBox provides incident respons teams with knows-good backups to work from when restoring industrial systems. 

How it works

Group 1117

Gather

Forensic data –
from industrial sources

Group 1117-1

Send

Safely – through Unidirectional Gateway hardware

Group 1117-2

Store

Reliably – in the unidirectionally-protected repository

Waterfall’s Industry-Specific Solutions

One way for data.
Zero entry for attackers.