Waterfall Security is delighted to announce the launch of HERA – hardware-enforced remote access, a new technology designed to enable safe and secure remote access into data center operational technology (OT) networks. HERA allows organizations and their vendors to reap the operational and economical value of remotely accessing and controlling OT devices and workstations, without introducing the risks that come with external connectivity.

Remote access is one of the weakest links, exposing too many vulnerabilities, when it comes to OT cybersecurity. According to Uptime Institute surveys, the number one cause of cyber incidents and outages in data centers during 2022 and 2023 was traced to remote access by vendors into OT devices. While a necessity to support operational and business needs, “opening up” the OT network to external internet connectivity for remote access has become too risky for most data centers.

With Waterfall’s new HERA solution, enterprise-grade remote access capabilities are enabled and secured with engineering-grade security. Leveraging Waterfall’s battle-tested hardware platform, HERA physically maintains network segmentation, keeping data center BMS and OT environments safe and secured.

Network engineering uses engineering-grade protections to prevent cyber attacks from entering data center OT networks in the first place. This is important because data centers are all about uptime and reliability. What happens when mechanical fail-safes engage to protect the cooler? Things shut down – infrastructure essential to continuous data center operations is shut down to protect it from damage. It is a good thing that engineering-grade measures prevent threats to worker safety and equipment damage. But if we want our uptime preserved, we need more. We need to prevent cyber attacks from entering OT networks in the first place and triggering these fail-safe shut-downs.

While network engineering includes a number of engineering-grade tools for the prevention of cyber attacks from entering OT networks, the most widely applicable tool is the unidirectional gateway. The gateways are deployed at consequence boundaries – connections between networks with physical consequences vs. networks with only business consequences. In data centers, the gateways are deployed most commonly at the edge of the BMS. Unlike software firewalls, hardware-enforced unidirectional gateways provide engineering-grade unidirectionality – BMS data is copied to IT networks in real-time, with zero risk that cyber attacks (like ransomware and malware) from IT can penetrate through the gateways back into OT networks to put uptime at risk, or to put the physical equipment that is essential to uptime at risk.

“HERA represents a giant leap in how the industry approaches remote access into OT environments in general and the BMS specifically,” explains Lior Frenkel, CEO and Co-founder of Waterfall Security. “By applying physical cybersecurity over cyber-physical systems, Waterfall Security’s solutions enable zero compromise between industrial cybersecurity and functionality. Together with our market-leading Unidirectional Gateway technology, Waterfall Security provides a holistic solution for data center customers’ OT environments and cyber-physical assets.”

HERA’s patented technology has been designed from the ground up with OT cybersecurity in mind. It harnesses decades of know-how, expertise, and field-tested technology to deliver the safest solution to remotely access data center BMS and OT networks.

Learn more about HERA here and download our BMS use-case ebook here.