In order to protect what is most sensitive and critical to operations, a technology other than firewalls should be considered. With a firewall, it is difficult to know exactly what information is being exported or imported into the system. A firewall configuration often becomes complex, which increases the risk of misconfiguration. Firewalls also do not separate administration and data flow in a way that protects the information from insiders. Thus, you should secure your network with more than a firewall!
When is a firewall not enough to protect your network?
A firewall is a device with the purpose to protect your network by only allowing certain traffic to enter it. It monitors and filters what packets enter the network, and which are blocked based on rule setups. However, if you need to transfer information to or from a security sensitive network a firewall should not be the only solution you chose to enhance your cybersecurity. Though a firewall strives to protect the network, a high assurance addition in terms of a Cross Domain Solution is also needed.
Cross Domain Solutions can protect your network
Cross Domain Solution (CDS) is a term used to describe the concept of maintaining secure information exchange between domains with different security or protection needs. This can be between databases, servers, applications, or combinations of these. CDS addresses the concept of communicating, sharing or moving information between domains and applies validation, transformation or filtering to the exchange.
If you have security sensitive or even classified information, and the need for bidirectional communication, you need a viable Cross Domain Solution that offers secure and filtered information flow. The purpose is to apply strict information level control during information transfers and mitigate cybersecurity threats such as manipulation, data leakage and intrusion.
What is a ZoneGuard?
ZoneGuard is a gateway that controls the information exchange that takes place between different networks and security domains. ZoneGuard focuses on information flow and ensures that organisations’ information policies are enforced during every transfer. ZoneGuard also creates an audit trail providing evidence of all transfers.
Who needs a ZoneGuard?
Cybersecurity threats today are diversified and the ZoneGuard technology has several defence mechanisms which all act together to provide protection for your information flow. ZoneGuard’s ability to safeguard which information is transferred to and from a system provides unparalleled control and accountability for any organisation with a critical information flow, whether you work with national security, critical infrastructure or in the public sector.
Data diodes can also protect your network
Data diodes can also work as a complement to a firewall. Data diodes are the failsafe way to protect sensitive systems and confidential data. Data diodes are hardware devices, also called ”unidirectional security gateways”, which sit between two networks. Working like a check valve, the function of a data diode is to allow all data to pass in one direction, while blocking all data in the reverse direction. It is physically impossible for data to travel in the opposite direction. And as it is not software, the unidirectional function cannot be attacked by for example malicious code, which results in high assurance.
Why do you need a data diode?
A common solution to keep sensitive or classified information safe from leakage or manipulation is to completely disconnect the system that holds the information from other networks. However, there are situations when data needs to be transferred to or from a protected network. By using a data diode, you can ensure that the transfer is done securely without jeopardising the integrity or the confidentiality of the network.
Who needs a data diode?
Along with digitalisation and the increase of sophisticated cyberattacks, every organisation that operates with sensitive information has great use of a data diode in order to protect its valuable information and securely exchange data. A high assurance data diode protects assets for operators within critical infrastructure (ICS/SCADA) and defence industries.
Read more about when a firewall is not enough in our know-how!
Do you need help finding a complement to your firewall? Do not hesitate to contact us!
