Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data


What do you do to protect your organisation’s network and information flow? What solution do you use and depend on? For many system administrators, the answer would include some sort of firewall. But another important question to ask is when a firewall isn’t enough.

As many of you know, a firewall is meant to protect your network as well as the information on it. The firewall makes sure that only some packets of data can enter the network and doesn’t let unauthorised messages come through. Even though firewalls have developed alongside digitalisation, it doesn’t guarantee the security of the network on all levels.

Organisations that have sensitive information and that operate in critical infrastructure, public sector or the defense industry, need their networks to keep a higher level of security. That’s why other solutions than only a firewall are needed. These solutions are called Cross Domain Solutions. A Cross Domain Solution safeguards the information exchange between different security domains and critical networks, without introducing the risks that come with digitalisation.

when a firewall is not enough

What is needed when a firewall is not enough?

The question is not whether or not a firewall offers enough protection, but rather what you should complement it with. It’s not about replacing the firewall but to realise its limitations and covering them with the right kind of solution.

Advenica’s Cross Domain Solution for this purpose is called ZoneGuard. A ZoneGuard safeguards the information transfered from one system to another and controlles the critical information flow. With an information centric design, all communication between the different security domains is validated. ZoneGuard makes sure that only information that has been approved by your organisation’s information policy is let through. Everything else is blocked. One of the greatest benefits of ZoneGuard is that it implements protocol break and full message inspection to migitate attacks and prevent cyberthreats. A ZoneGuard is not a replacement for a firewall, instead it enhances the overall network security level. It’s also a solution that is easy to adjust to the different needs of every organisation.

ZoneGuard offers solid inspection, validation and filtration of data and guarantees high assurance, something which many existing firewalls can’t. A ZoneGuard makes digitalisation possible without jeopardising security and is there when a firewall isn’t enough.

Read more about how ZoneGuard could help to increase your level of cybersecurity.


It’s no secret that organisations have physical assets that require protection. In the same way, valuable or even classified information kept on sensitive networks also needs to be safeguarded. One way of doing so is by isolating the networks, making them inaccessible to all other external networks.

However, there are times when you want and need to transfer information between these networks, regardless of their sensitive nature. How do you as an operator within critical infrastructure send information without risking the integrity of the network, and how do you as a member of the defense industry collect sensitive information while maintaining the confidentiality of the network? In both cases a high assurance solution is needed, e.g. a data diode.

what is a data diode

A data diode is hardware device that is often called a "unidirectional security gateway". It is placed between two networks with different levels of security and controls the flow of information. A data diode is a cybersecurity solution that makes sure that information can only travel in one direction.

So how does it work?

An optical fiber with a sender on one side and a receiver on the other ensures that data can only be transferred in a forward direction, and never in reverse. This means no two-way transfer, preventing leakage and manipulation from taking place.

If a data diode is directed out from the high security network towards a network with a lower security level, data can be transferred while the network stays protected. By transferring information via a data diode, you are guaranteed that no one can use the same connection in the opposite direction to reach the secure network and manipulate its environment.

A unidirectional solution makes sure that the integrity of the network is preserved.

A data diode can also be directed in towards the secure network. In these cases, it’s most likely that you want to collect information of some kind from another network. The security issue, however, is how to collect the information and at the same time make sure that there is no leakage of sensitive data from your network through this channel. A data diode will ensure the confidentiality of the network by preventing any form of leakage from happening.

one way road

Guaranteeing a unidirectional flow of information means sensitive information can be transferred without jeopardising the integrity or the confidentiality of the network, depending on how the data diode is used. Another benefit lies in the technology of a data diode. Being hardware and not software based, means it can’t be attacked by malicious code and intrusion is thereby prevented. A data diode allows you to transfer the data without putting the security of the network at risk.

A secure way to transfer data

As an effect of digitalisation along with an increased number of sophisticated cyberattacks, it’s not just operators within the defense industry or critical infrastructure that need to protect their data. It’s now up to all organisations with security sensitive and confidential information to choose a viable solution to transfer data in a highly secure way.