Securely Monitor, Access, and Update an Isolated Data Vault

Secure Monitoring & Reporting

Monitoring the vault is extremely important to identify suspicious activity and monitor performance and system health information. However, with an air-gapped vault architecture, reporting would typically need to be performed in person at the physical location of the vault for the highest level of security. The OPDS-1000, Owl’s multi-purpose data diode, eliminates the need to be at the vault site and provides hardware-enforced, one-way data transfers of malware detection reports and system health information to security staff. Hardware-enforced data diodes securely transfer data in real-time via SMTP (email), Syslog, SNMP traps, through a one-way only, optical connection to a security operations center for secure remote monitoring. Unlike software-based solutions, hardware-enforced data diodes prevent threats from entering back into the air-gapped security network.

Click to learn more

Secure Remote Access

In addition to remotely monitoring the vault, some organizations require remote access into the vault. Software-based, bidirectional solutions, like firewalls, can pose risk to the air-gapped architecture of the vault and introduce new threat vectors to the environment. Software-based solutions can be configured for connections and protocols of any type, initiated from either side of the vault, increasing the risk of being hacked. ReCon, Owl’s bidirectional data diode, is comprised of two, one-way data diodes pointed in opposite directions, all in a 1U rack-mountable device. No routable information crosses the security boundary and configuration is separated for the source and destination sides, providing an additional level of administrative segmentation. Connections can only be initiated from the source side and both sides need to agree on the configuration for a TCP session to work end-to-end.

Secure Software Updates

For organizations that need a reliable and secure method to verify and transfer software patches into the vault, Owl’s SSUS solution provides hardware-enforced one-way transfers for files. SSUS uses Owl’s data diode technology to transfer the file(s) across the security boundary into the Cyber Recovery vault. An administrator maintaining the vault would request a hash code from the software vendors which are then independently entered into a manifest on SSUS. When a file is copied onto the SSUS solution for transfer, SSUS calculates the hash of the file, compares it to the hash in the manifest, and if it matches, transfers the file to the vault through the hardware-enforced SSUS data diode.

Click to learn more

Time Synchronization in the Vault (NTP)

Time is critical in a data vault. You may need to perform a recovery and collect historical data from a certain time period. Or in the event of an attack, you will need to analyze logs to identify and eradicate that attack, making time synchronization in the vault critical to those scenarios. Owl’s Network Time Protocol (NTP) solution is a hardware-enforced data diode that points one-way into the vault, takes a trusted source of time from the production network (SOC, GPS device), and relays that time to a node sitting on the vault side. That node inside of the vault then becomes the NTP server and can be used as a source of time within the vault.