Waterfall Blackbox

The Waterfall BlackBox provides a tamper-proof online repository that can survive a cyber attack, preventing attackers from hiding evidence of how they entered a network and their malicious actions within it. Just as an aircraft’s black-box survives a crash, the Waterfall BlackBox survives a cyber attack – keeping your logs untampered and secure.

How it works

Group 1117

Secure Forensics

Stores logs, transactions & configuration files out of attackers’ reach

Group 1117-1

Disable Attacks

That seek to manipulate logs & cover their tracks

Group 1117-2


Remote expert systems and expert advice


Tamper-Proof logs repository

Preserves copies of logs, packets & other data before and during a cyber attack

Enables effective incident response

Reliable forensics facilitate post-attack analysis of a cyber attack and ensure business continuity

Secure storage

Hardware-enforced unidirectional protection of logged data with encryption and authentication of logged information

Secure data retrieval

The BlackBox appliance can only be accessed physically via a dedicated out-of-band port

Ransomware-Proof backup

Backs up data to a unidirectionally-protected repository that ransomware cannot access, encrypt or otherwise tamper with

Hardware-Enforced protection

Unidirectional hardware is unable to sustain TCP connections or any other kind of command / response tampering



Hardware is modular, flexible, and user-serviceable


1Gbps standard throughput


Hardware-enforced unidirectional data gathering


Compatible with a wide variety of logging systems, file formats


Optional forensic data compression and encryption 


Optional on-demand file storage for PLC, firewall or other important system configurations and data

Technical specifications


43.5(W), 76(D), 4.4(H) cm 1U standard rackmount


110-240vac, 50-60 Hz


8 kg

Network Interfaces

10 x 1Gbps

Certification & Compliance


Common Criteria EAL4+, Singapore NITES, Korean KC, Israel NIS


Idaho National Labs, Digital Bond Labs

Enables compliance with

Global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82R2, CFATS, ISO, Industrial Internet Consortium SF, ANSSI ICS Standards, and many more

Product Information

One way for data.
Zero entry for attackers.