WF BLACKBOX

IN LOGS WE TRUST

What do you do after an attack when you need to know what happened? How can you recover from a cyber attack if you can’t trust your information? Modern cyber attackers routinely erase or compromise logs to hide evidence of wrong-doing. All network repositories, including central SOCs and cloud backups, can be accessed and so can be breached. The Waterfall BlackBox provides a tamper-proof online repository which can survive a cyber attack, and prevents attackers from covering their tracks.

WF BLACKBOX

IN LOGS WE TRUST

What do you do after an attack when you need to know what happened? How can you recover from a cyber attack if you can’t trust your information? Modern cyber attackers routinely erase or compromise logs to hide evidence of wrong-doing. All network repositories, including central SOCs and cloud backups, can be accessed and so can be breached. The Waterfall BlackBox provides a tamper-proof online repository which can survive a cyber attack, and prevents attackers from covering their tracks.

TAMPER-PROOF FORENSIC REPOSITORY

TAMPER-PROOF FORENSIC REPOSITORY

Benefits

TAMPER PROOF LOGS REPOSITORY

Preserves copies of logs, packets & other
data before and during a cyber attack

ENABLES EFFECTIVE INCIDENT RESPONSE

Reliable forensics facilitate post-attack
analysis of a cyber attack and ensure
business continuity

SECURE STORAGE

Hardware-enforced unidirectional protection
of logged data with encryption and
authentication of logged information

SECURE DATA RETRIEVAL

The BlackBox appliance can only be accessed
physically via a dedicated out-of-band port

MULTIPLE FORM FACTORS

BlackBox is available in 1U Rack Mount form
factor for permanent pre-attack deployment

THEORY OF OPERATION

Inside Waterfall’s BlackBox is a high speed, high capacity logging and analysis system able to record attack  information, attempted changes, manipulation of records and abnormal logging and recording conditions.  When necessary, data can be retrieved and inspected securely by physically accessing the BlackBox appliance via the Secure Data Access port. 

Unidirectional Gateway technology contains both hardware and software components. The hardware  components include a TX side, containing a fiber-optic transmitter/ laser, and an RX side, containing an  optical receiver, but no laser. The gateway hardware can transmit information from a signaling system  network to the BlackBox data manager, but is physically incapable of sending any status, feedback or any  signal at all back to an attacker who might seek to subvert the recording system.

CERTIFICATION & COMPLIANCE​

CERTIFICATION:

Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore, Korean KC Certification and Israel NISA

ASSESSMENTS:

Idaho National Labs, Digital Bond Labs

ENABLES COMPLIANCE WITH:

Global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more

Resources

Request info/quote