Company Overview
A mid-market national bank with over $500 million in assets and capital.
Case Summary:
Industry: Banking
Challenge: Enable transfer of forensic data files to bank’s secured forensic lab network while preserving the isolation of the lab environment.
Solution: OPDS-1000 data diodes deployed to capture and contain forensic evidence.
Benefits: One-way data flow enables file transfer to forensic lab, while ensuring the lab environment remains isolated and secure from external cyber threats.
Cybersecurity Challenge
Capturing and analyzing cyber asset forensic metadata related to exposure of bank cyber assets (laptops, servers, PCs, etc.) to various networks, websites, users, etc. is vital to investigating and ultimately remediating cyber threats. The bank needed a method to capture, package, and copy compromised cyber assets and their associated metadata, then securely transfer them to their forensic lab for analysis. The bank also wanted to ensure that only trusted files were allowed into the lab network, and that no potentially infected data would be allowed out.
Requirements:
- Compatibility with software utility which scans compromised assets and their metadata and packages them into forensic data files
- Enable a secure method to transfer the forensic data files from the bank network to the forensic lab environment
- Preserve “disconnected” secure architecture of forensic lab network, keeping it inaccessible from external networks
Use Case | Before
Solution
OPDS-1000 was selected to transfer the forensic data files, packaged by a 3rd party software tool, to the secured lab environment. The diodes also preserved the disconnected nature of the forensic lab network, preventing access from external networks.
Use Case | After
Deployment
Solutions:
Owl Perimeter Defense Solution – 1000 (OPDS-1000)
Self-contained 1U data diode, purpose-built for network segmentation and deterministic, one-way data transfer up to 1Gbps.
Results
- Provided deterministic, one-way transfer of packaged forensic data files from bank network to secured forensic lab
- Preserved disconnected architecture of lab network with secure, hardware-enforced boundary
- Bank forensic lab network cannot be accessed via any external network connection and potential evidence cannot be tampered with
- Potentially harmful cyber infections cannot escape the forensic lab