Unidirectional Security Gateways

Stronger Than Firewalls


  • Waterfall Unidirectional Security Gateway
  • Waterfall FLIP

Waterfall Unidirectional Security Gateway

Waterfall Unidirectional Security Gateways enable monitoring of industrial networks for operational needs without cyber risk. The gateways provide network perimeter protection with a hardware-enforced, physical barrier preventing remote attacks, malware, DOS attacks, ransomware and human errors originating on external networks. Industrial Control System sites worldwide increasingly deal with cyberattacks ranging from disgruntled insiders, to pervasive viruses and botnets, to targeted remote control attacks. These attacks routinely defeat firewalls and other IT-focused protections. Every element of the Waterfall solution suite is hardware-enforced, able to defeat even advanced online attacks.
Waterfall Unidirectional Security Gateway
Cyber security - Network perimeter protection
  • Server replication via unidirectional communications. Provides absolute protection from online attacks originating on external networks. A Unidirectional Gateway is a combination of hardware and software preventing cyber threats from propagating back into the protected network.
How Unidirectional Security Gateways Work?
  • Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/ laser, and an RX Module, containing an optical receiver, but no laser. The hardware components – transmitter, fiber optic cable and receiver, (or core data diode technology) – along with the software components – application software connectors – ensure one-way transmission and replication of server information from an industrial control network to an external network, but prevent the propagation of any virus, DOS attack, human error or any cyber attack at all back into the protected network.
Safe IT/OT Integration
  • Seamless IT/OT network integration without introducing Internet-based cyber threats.
Stronger Than Firewalls
  • An evolutionary alternative to firewalls in a strong preventative cybersecurity program for Industrial Control Systems.
Reduced Down-time
  • Ensure operational continuity by preventing plant shut downs and potential damage to plant assets, the environment and even human lives.
Plug-n-Play Solution
  • 100+ software connectors on the market, commercial off the shelf solutions, such as Wonderware by AVEVA.
Certification and Compliance
  • Certified: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore
  • Assessed by: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital Bond Labs, GE BentlyNevada Systems Labs, and NISA Israel
  • Complies with: Global ICS Standards & Regulations, NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more.

Waterfall FLIP

Many industrial control systems require regular updates of anti-virus signatures, batch production orders and other items. Every path through a firewall, introduces attack opportunities. The Waterfall FLIP is a type of Unidirectional Gateway whose orientation can be reversed, enabling disciplined scheduled updates without the vulnerabilities firewalls always introduce.
Waterfall FLIP
Real-time Monitoring with Disciplined Updates
  • Disciplined scheduled updates to unidirectional-protected networks
How FLIP Works
  • The FLIP is a combination of hardware and software. The hardware includes a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. A short fiber-optic cable connects the two hardware Modules. The FLIP is therefore able to transmit information in only one direction at a time. While the FLIP hardware transmits information from a source network to a destination network, that hardware is physically incapable of transmitting any information back from the destination network into the source network. Hardware orientation reversals are triggered by dedicated hardware on a schedule, or by manual activation from the front panel of the FLIP Module.
Stronger Than Firewalls
  • Hardware-enforced protection that never forwards traffic.
Server Replicatoin for Seamless Integration
  • IT and industrial clients access replica servers normally and interactively.
Extensive Industrial Support
  • 100+ software connectors on the market, commercial off the shelf solutions, such as Wonderware by AVEVA.
Simplifies Compliance
  • ICS Security Standards: ANSSI, IEC 62443, NERC CIP
  • Best Practices: DHS Defense in Depth. DHS Seven Steps to Improve ICS Security
  • Security Frameworks: NIST Cybersecurity Framework, IIC Cybersecurity Framework
Unauthorised background image

Your product is just steps away!

Register for FREE to buy, get downloads and access free trials.

Get Resources and Start FREE Trials

Easy Product Activation with Your Account

Products Saved to Personal Digital Library