ZoneGuard - secure transfer of correct and validated information

As your true asset is information, ZoneGuard is designed to focus on information security rather than network security. Securely transferring correct and validated information using an allowlisting approach automatically solves network security in the cross domain exchange.

ZoneGuard only forwards received information when it complies with your organisation's information policy. The information policy implemented in ZoneGuard defines accepted structure, format, types, values and even digital signatures and how information has to comply.



Enforces organisational IT policy on system integration 

ZoneGuard is designed around separation of duties and a policy enforcement function. A digital signature is needed to change the information policy inside ZoneGuard. The keys for signing the information policy can be owned by an IT security department or another appointed policy approver. Changes cannot be done without these keys. The policy approver thus effectively takes superior control over information validation, ruling out the operational IT team and the users.

ZoneGuard also provides log control and audit trails. It can be configured to log any information entering its validation core, which is vital when you need evidence of compliance to policies and regulations.


Why do you need a ZoneGuard?

There are many systems and solutions that are vulnerable to protocol or implementation errors. These potential vulnerabilities are e.g. flaws in a network protocol or applications that haven’t been tested enough for buffer overflow attacks. A ZoneGuard will prevent these by providing:

  • Protocol-break to reduce the attack vectors dramatically by removing attacks on the network layer level.
  • Transformation of network protocol and information content from one format to another mitigates malwares and application layer attacks.
  • Validation and filtering of the information per an organisations information policy safeguards that only information permitted by you is transferred.


Read more about when you need more than a firewall here.


How does a ZoneGuard work?

Advenica's Security Gateway, ZoneGuard, allows for a strictly controlled two-way filtered information flow supporting third party controls for enforcing a digitally signed information policy. ZoneGuard uses filters in both directions and information is always controlled using full message inspection. The filter can allow information to pass depending on several factors e.g. source/destination addresses, file formats, attributes or the presence of a digital signature.

Read more about Security Gateways and how they work!


What does the ZoneGuard process look like?

When a message is sent from one system to another where both systems are connected to a ZoneGuard, information in the message received from one system is analysed according to configured rules. Approved parts of the received message are put into a new message which is sent to the intended receiver on the other system.

  1. Data is sent to one of the DATA ports on the ZoneGuard.
  2. The data packages are collected.
  3. The entire message is restored.
  4. The message is divided according to the loaded Service.
  5. The content is structured to fit the loaded Schema.
  6. Schema In will accept only correctly structured content.
  7. Pre-defined filter checks the content.
  8. Schema Out will accept only correctly structured content.
  9. The entire message is restored.
  10. The message is divided into data packages.
  11. The data packages are sent to the intended receiver.

ZoneGuard Technology

ZoneGuard Variants


ZoneGuard Platform

Enables use of several different kinds of services in a single security domain crossing. The ZoneGuard Platform includes a free of charge license for Advenica Generic Proxy Services. A Software Development Kit (SDK) supports custom-made applications and communication protocols. This means organisations benefit from comprehensive security yet can take control of the applications and use their own preferred development team or implement other communication protocols.


ZoneGuard Appliances

File Transfer Application

In ICS/SCADA systems it is necessary to send reports and allow incoming firmware updates while preserving the system integrity. Defence organisations need to keep classified information within the security domain but still have to be able to release information to another system or security domain. File Transfer Application handles both use cases, protecting integrity and confidentiality by allowlisting information exchange and providing explicit control over files sent from or to a system.


Email Application

A versatile and powerful tool providing policy-based e-mail exchange between network boundaries. Only “permitted by you” validation allows messages including attachments to be sent through an information centric content inspection, where the inherent allowlisting works to allow permitted information to be transferred and denies all other information.


Integration Application

Market and efficiency requirements mean ICS systems, business networks, legacy systems get more and more connected to each other, the Internet or other environments with little knowledge of current vulnerabilities. Integration Application protects integrations and fulfils the organisational information policy 24/7, making digitalisation possible without reducing security.

Read more about our applications here!


New call-to-action

Key features

ZoneGuard is a gateway for controlled information exchange between different networks and security domains. With the information in focus, ZoneGuard ensures that an organisation’s information policy is enforced on every transfer that is made, creating an audit trail as evidence.


ZoneGuard Technology

Many existing systems and solutions are vulnerable to protocol or implementation errors. Potential vulnerabilities range from a flaw in a network protocol to applications not thoroughly tested for buffer overflow attacks. ZoneGuard's ability to safeguard which information is transferred to and from a system provides unparalleled control and accountability of the entire critical information flow.


Information Centric Design

ZoneGuard focuses on information exhange while the network protocol is simply a way of sending information on the network. The solution empowers organisations who need to enable secure, precise information exchange between varying security domains. ZoneGuard’s Information Centric design and policy enforcement promotes organisational growth, reduces costs and enforces internal and industry compliance.


Precise Information Exchange

Validation and filtering of the information per an organisation’s information policy, safeguards that only information permitted by you is transferred. The filters can be scripted to provide a tailored validation of the information flow.


Protocol Break and Full Message Inspection

ZoneGuard provides Protocol Break and Full Message Inspection to reduce the attack vectors against the receiving system. By disconnecting the network protocol used from the information itself, both network layer attacks and application layer attacks can be mitigated.


SecuriCDS ZoneGuard

ZoneGuard PE250

Advenica ZoneGuard PE250

ZoneGuard PE250 offers futureproof secure two-way information exchange that safe-guards your assets at all times.


Some security challenges where ZoneGuard is a good solution


    Secure remote access

    Many organisations depend on remote access through RDP, for example, to allow suppliers to perform maintenance, or so that operating personnel can monitor and control a system. Secure remote access solves many of the security risks that are otherwise associated with such solutions. Read more about secure remote access.


    Secure IT/OT integration

    Digitalisation means that IT and OT systems are connected. This integration presents security challenges and requires special solutions. Read more about secure IT/OT integration.


    Secure transfer of SCADA information

    To transmit critical information, e.g. from a SCADA system to an administrative office network means potential security risks. But there are solutions that take care of security problems and at the same time enables an exchange of information. Read more about secure transfer of SCADA information.

Product Sheets