Firewall Out, WaterFall In

Waterfall Security Uni-directional Gateway

There are some cases, which the best firewall systems are not good enough. Such example may be computerized mission-critical systems of industrial plants, homeland security projects etc. According to best practices and NIST recommendations, the secure network must be completely separated from the rest of the organizational infrastructure in order to eliminate the smallest risk of cyber attack.

The appliances from WaterFall Security Systems, provide a hardware-based unidirectional gateway, which allows important data from the production network to pass through, while completely eliminating the possibility of cyber attack from outside the protected network segment.

The system is comprised of 2 hardware units, for transmitting and receiving the information respectfully. Such an architecture provides a unique way of transmitting any volumes of data in one way, without any data flow in opposite direction, making any type of cyber attack from outside the boundaries of the protected network segment completely impossible. The system does not rely on TCP/IP networking, so no possibility exists to use existing TCP session in order to break into the protected network.

WaterFall Benefits:

  • Hardware-based unidirectional data flow with galvanic network isolation.
  • No limitation on data volumes or file size
  • Support of 100Mbit and 1000Mbit network connection
  • No standard protocols are used over the uni-directional connection, eliminating back-connections and TCP session mechanism and increasing network security
  • Only certain types of information may be allowed to pass outside the protected network
  • The complete contamination of the secure area may be done by disconnecting a single network cable
  • Agent-based automated replication of select data from secure area to desired targets, no operator intervention required
  • Approved for use by most strict information security standards, such as NIST, NERC-CIP


Related Articles