Overview
As one cyberattack safeguard, modern institutions understand the importance of archiving key data used both for historical business analysis and as a means of recovery from a breach. Many utilize a “3-2-1” rule for backups: Three (3) backup copies minimum, preferably in two (2) different formats, with one (1) of those copies stored off-site or air-gapped from the network. Considered the best cybersecurity practice, an air-gapped archive acts as a record of last resort if critical business files have been corrupted or locked due to ransomware, wiperware or other malware. Owl can provide much-needed visibility into data vault networks, such as the Dell EMC Cyber Recovery solution, without introducing potential exploit or attack vectors.
Challenge & Objectives
A key challenge in operating an air-gapped recovery archive is that there is no operational visibility to the systems inside the vault. The lack of connectivity means that data from the conventional system monitoring and threat detection cannot be integrated into routine data center operations. A smart solution would be to gain visibility into the air-gapped data vault (dark-site) via a one-way transfer device that achieves the system security objectives:
- Isolate the production/business network from the data vault while permitting important system health data to flow one-way out without creating a threat vector into the vault
- Safely transfer SNMP events, SYSLOG, performance, cybersecurity heuristics/analytics, console screen replication, and diagnostics reports to an existing NOC or SOC environment
- Enable multiple concurrent protocols to be sent from the vault to production without exposing internal IP addresses and system details
- Prevent malware/ransomware E-W movement from NOC/SOC to data vault
Use Case | Before
What is a Data Diode?
Owl uses a multi-layered, patented approach to the design of our data diodes. Owl data diodes are hardware-enforced, electronic cybersecurity devices designed with two separate circuits – one send-only, and one receive-only – which physically constrain the transfer of data to one direction only, forming an “air gap” between the source and destination networks.
Solution
Designed for a physically-enforced optical separation and one-way only data transfer, Owl data diodes provide extremely high security assurance and reliability. The technology’s “set and forget” usability and unhackable nature make them an ideal protection mechanism to gain visibility, safely monitor security and system health information in your data vault, and maintain a secure and segmented one-way flow from the air-gapped data vault.
Features
- Air-gap level network/system segmentation and security
- Deterministic, hardware-enforced one-way data transfer of nearly any data type
- Payload only transfer with non-routable protocol break – guaranteed delivery
- Up to 10 Gbps scalable throughput
Use Case | After
Results
- Enables remote visibility to data vault operations without exposure to external threats
- Eliminates IP scan, lateral movement, and up-credentialing, with zero side channel leakage
- Integrates seamlessly with most IT networks, systems, and protocols, including the cloud
- Virtually no management overhead compared to standard software firewall