What is a security gateway?

Do you want a solution that will protect your information? Security Gateways are security devices that are designed to focus on the transferred information rather than the protocols used for the communication over the network. Learn more about bidirectional Security Gateways and how you can secure your information in this know-how.

What is a Security Gateway?

A Security Gateway, also called a Data Guard or Information Exchange Gateway, is a device that controls, validates, and filters the information exchange that takes place between different security domains.

What is the difference between a Security Gateway and a firewall?

A Security Gateway can be compared to a firewall as it regulates what traffic that can enter and exit a network. A comparison to explain the difference between a Security Gateway and a firewall could be to visualise an airport. The firewall would be the check-in desk where a simple check is performed, such as identity and ticket control. The Security Gateway would be the security control where you are more scrutinised, your bags are looked through, you go through body visitation, and so on.

A firewall is a device with the purpose to protect your network by only blocking known bad traffic to enter or exit. It monitors and filters what packets are blocked based on its configuration.

For some types of businesses, a firewall is simply not enough.

With a firewall, it is difficult to know exactly what information is being exported or imported into the system. A firewall configuration often becomes complex, which increases the risk of misconfiguration. Firewalls also do not separate administration and data flow in a way that protects the information from insiders. Organisations that have sensitive and confidential information and that operate in critical infrastructure, public sector or the defence industry, need their networks to keep a higher level of security. That is why additional solutions to a firewall are needed.

Do you want to know more about when you need stronger protection than a firewall? Read our White Paper!

How does a Security Gateway work?

A Security Gateway only forwards received information when it complies with a certain policy which is derived from your organisation’s information security policy. The policy implemented in the Security Gateway defines accepted structures, formats, types, values, and even digital signatures. When a message is sent from one security domain to another across the Security Gateway, information in the message is analysed and validated according to the configured policy. Approved parts of the received message are put into a new message which is sent to the intended receiver in the other domain. In this way, you know that only allowlisted information crosses this boundary.

Why do you need a Security Gateway?

As previously mentioned, organisations that have sensitive information and that operate in e.g. critical infrastructure, authorities or the national defence, need their networks to keep a high level of security in order to protect their information and systems. Thus, they need to ensure secure bidirectional communication and be sure that nothing malicious enters their sensitive networks, and that sensitive information and data does not leak to a less sensitive and less protected network. There are many systems and solutions that are vulnerable to protocol or implementation errors. These potential vulnerabilities are, for example, flaws in network protocols or applications. A Security Gateway will prevent these by providing:

• A full protocol-break to reduce the attack vectors dramatically by removing attacks from the network layers.
• Transformation of network protocol and information content from one format to another mitigates threats from malware and application layer attacks.
• Validation and filtering of the information per an organisation’s information policy safeguards that only permitted information is transferred.

A Security Gateway makes sure that your networks can communicate without the risk of sensitive information being exposed to a less secure environment, and lets you control what information that can enter your more sensitive networks.

What is Advenica’s solution?

Advenica’s bidirectional security gateway is called ZoneGuard. Advenica’s ZoneGuard offers a custom fitted yet simple information policy-based solution empowering organisations who need to enable secure, precise information exchange between varying security domains. ZoneGuard offers solid inspection, validation, and filtration of data and guarantees a design with high assurance – something that many existing firewalls cannot.

How does Advenica’s ZoneGuard work?

When a message is sent from one system to another where both systems are connected to a ZoneGuard, information in the message received from one system is analysed according to configured rules. Approved parts of the received message are put into a new message which is sent to the intended receiver on the other system.

1. Data is sent to a DATA port on the ZoneGuard.
2. The data packages are collected.
3. The entire message is restored.
4. The message is divided according to the loaded Service.
5. The content is structured to fit the loaded Schema.
6. Schema In will accept only correctly structured content.
7. Pre-defined filter checks the content.
8. Schema Out will accept only correctly structured content.
9. The entire message is restored.
10. The message is divided into data packages.
11. The data packages are sent to the intended receiver.

Read more about Advenica’s ZoneGuard and download the product sheet!

Do you have any questions about Security Gateways or what we can offer in terms of information security? Do not hesitate to contact us!