Start » FAQ
How much do you know about cybersecurity?
Cybersecurity and its different aspects can be difficult to grasp – especially when you have just started to work with it. There is a lot that needs to be learned – here are some things you might not know about cybersecurity!
Do you have questions about cybersecurity? See what others have asked in our FAQ!
Not only is there a lot to learn about cybersecurity itself – it can also be difficult to know what products you might need or how they work. Here are some frequently asked questions!
Do you have more questions? Do not hesitate to contact us!
We need a POC – how is this handled by Advenica?
We see the advantages with a POC and it is something that we offer, but how it is done is totally customised. Please contact us and tell us about your case and let’s see what we can offer!
Do you provide on-site support?
Advenica has limited possibilities to provide direct on-site support. However, partners of Advenica can provide on-site support. SLAs can vary based on the partner capabilities and location.
How do we receive help after implementation/installation?
First of all: make sure you have a valid MSA. If you have an MSA, you can contact Advenica Customer Services through web form, e-mail, or phone.
What does your roadmap look like?
We offer solutions for cybersecurity that meet the very highest security requirement and we constantly develop our products and services to meet future threats. The product development at Advenica differs from traditional development work as our customers demand that we with high assurance can vouch for and can demonstrate that our solutions are secure, today as well as in the future. Read more about high assurance products and how we develop them!
Which certifications do you have?
We have many different certifications for our products. You can read more about this here!
Which protocols do you support?
We support many different protocols with our products. Read more about this here! If there is a protocol you do not find in the list, we can always develop a solution for that protocol together with you.
What is the delivery time?
We generally have very short delivery times and can usually deliver your products within a week. The time from the point of delivery of the products until they are functioning is also very short, given that other relevant infrastructure is in place.
Where do you produce your own products?
We produce our products at our site in Malmö, Sweden.
Which industries have a need for your products?
All organisations that have a need for protection of valuable information can benefit from using our products. Countries, authorities, and companies within critical infrastructure are our main customers as they all have digital information and systems that are sensitive and worth protecting, and where the information also is critical to the whole society.
I can’t find my use case, can you customise a solution for me?
Yes we can! Our Customer Solutions team is a dedicated team that develops customised solutions based on our products. Contact us to discuss your use case and we’ll decide together how to proceed!
Read more about how such a project is done!
Data Diodes
Here are some frequently asked questions about our Data Diodes!
Data diodes are expensive, right?
The word “expensive” is a relative term if a data diode is viewed solely as an expense. Actually, a data diode is an investment that can be cheaper than not having bought it in the first place. It is all about the alternative cost and risk apetite of not having sufficient security. If the use case is right for a data diode, it is not only more secure but also lower in TCO(Total Cost of Ownership) to alternative technologies as it demands less in maintenance, administration, and support. Read more about it here!
How do we calculate the ROSI?
To calculate the ROSI (Return on Security Investment) is about calculating what the lack of security can cost and what the most cost-effective solutions are – this to be able to know what you should spend on security. Read more about how to do it here!
How much does it cost?
We offer a selection of data diodes with different perks and conditions. The price starts at around €3000 CAPEX but depends on what product you purchase and how complex the solution you need is. The base products do not come with any need for MSA (Maintenance and Support Agreement).
What are the alternatives?
For unidirectional data communication flow, a data diode is the most secure alternative. But, if you require data communication in two directions, there are other solutions you could choose – for example, a Security Gateway. (In some cases a network design with data diodes in opposite directions can be a solution.) A Security Gateway only forwards received information when it complies with a certain policy which is derived from your organisation’s information security policy. Read more about Security Gateways!
What is the difference between a configured firewall and a data diode?
A data diode contains special hardware designed in such a way that there are no known physical methods or properties that can be used to transmit information in the reverse direction, i.e. in the wrong direction through the data diode. A firewall configured for unidirectional traffic ensures this with software that may contain backdoors, bugs, and exploitable vulnerabilities. It is also difficult to guarantee the correctness of the configuration during the entire time the firewall is in operation. In addition, there are examples of firewalls which, despite being configured for unidirectional traffic, still allowed some data traffic in the wrong direction.
Can a data diode function in both directions?
That depends on how the question is meant. One data diode cannot function in both ways as a data diode guarantees unidirectional separation between network interfaces. It contains optical fiber with a transmitter on one side and a receiver on the other side, with no chance of a two-way transfer. But you can of course make a two-way secure communication design with a data diode in each direction. Another option when you need a secure two-way communication is to use Security Gateways, e.g. Advenicas ZoneGuard. ZoneGuard, allows for a strictly controlled two-way filtered information flow supporting third party controls for enforcing a digitally signed information policy. Read more about ZoneGuard.
Are your data diodes approved according to Common Criteria?
Advenica solutions have been awarded several prestigious approvals by the European Union, national certification bodies and international IT security certification bodies. Currently, our data diodes do not have the common criteria certification, but they are available with approval on assurance level N3 by the Swedish Armed Forces. It means that you can use Advenica’s approved data diodes to let secure networks receive information from open or lower classified networks. Important to know is that a Common Criteria approval does not guarantee that you will not discover vulnerabilities. Most, if not all, products with Common Criteria-certifications need to be updated when vulnerabilities are identified. The core of an Advenica data diode is based on physical separation and is immutably secure without updates. Read more about our certifications.
Do you control all your production, including all components?
Advenica offers solutions for cybersecurity that meet the highest security requirements. Our product development differs in many ways from traditional development as our customers require us to demonstrate that our solutions offer high assurance security. This can only be achieved if all work is possible to evaluate. We develop and manufacture the vital parts of our solutions in-house to ensure the highest level of security (high assurance). We ensure IT security, protection of development and production environments, perimeter security of the premises and the availability of a reliable, security conscious workforce. We design the products with as few components as possible that are vital from a security perspective, and that vital parts can be assembled or supplied under our own control. We perform final configuration and control ourselves on our premises with our own personnel and under strict security control. Read more about our high assurance product development in our White Paper.
What is the delivery time?
We generally have very short delivery times and can usually deliver your products within a week. The time from the point of delivery of the products until they are functioning is also very short, provided that other relevant infrastructure is in place.
What is the difference between the different data diodes?
All our data diodes have high performance and provides physical separation in the forbidden backward direction. DD1000i includes integrated server hardware and software for the proxies. It can solve two-way network protocols and is available in a military approved version. The DD1000A offers in a small form factor, measuring only 216 x 167 x 44 mm, the same military approved high assurance. The DD1G series offer secure data transfer in a very compact format (130x20x150/163 mm) and can be delivered as DIN-mountable or stand-alone. Read more about the different models and what protocols they support.
Security Gateways
Here are some frequently asked questions about our Security Gateways!
What is a Security Gateway?
A Security Gateway, also sometimes called Data Guard or Information Exchange Gateway, is a device that validates the information flowing between different security domains. Advenica provides this functionality in a product named ZoneGuard. Read more about Security Gateways
What is the difference between a Security Gateway and a firewall?
The ZoneGuard filters data in the application layer. This means that it’s possible to control the information flow with high granularity.
A traditional firewall acts on data in the transport layer. While good at handling a dramatic denial of service attack, the firewall is often limited to block access to hosts or services on specific IP addresses or ports.
An attack where your most valuable information is quietly stolen through an unpatched vulnerability in one of your services can pass unnoticed through the firewall for weeks or even years. A ZoneGuard lowers the probability of such scenario by orders of magnitude.
The ZoneGuard can be combined with a firewall for additional layers of security.
What is the difference between a Security Gateway and a data diode?
The ZoneGuard is bidirectional, and filters data based on information transferred in the application layer. The bidirectional information flow means that the ZoneGuard can be used to query a database or acknowledge that submitted data has reached its destination.
A data diode has a uni-directional transportation layer with no data flow in the other direction. With a data diode you can be certain that information is only flowing in one direction.
The ZoneGuard can be combined with a data diode for additional layers of security.
Read more about data diodes!
When do I need a ZoneGuard?
A ZoneGuard is useful when you want to connect two security domains while maintaining granular control over the information flow.
The domains could be the two networks within your own organisation separating IT from OT. ZoneGuard can also be used as a trusted point of contact when sharing sensitive information with another organisation through a VPN tunnel.
Has the ZoneGuard been certified by a third party?
The ZoneGuard has been rigorously tested by Advenica together with our customers. But so far, most of the customers have asked to remain undisclosed and thus Advenica can’t share their evaluation protocols.
Security Gateways are expensive, aren't they?
The word "expensive" is a relative term if a Security Gateway is only seen as a cost. Actually, a Security Gateway is an investment that can be cheaper in the long run than if you choose not to buy it. It's all about the alternative cost in case you get breached and have insufficient security. Determine your risk appetite (and perhaps do a ROSI calculation – see below) and then decide to invest or not.
What is the delivery time?
We generally have very short delivery times and can usually deliver your products within a week.
What are the options?
If you need data communication in two directions, a Security Gateway is a secure solution as a Security Gateway only forwards received information when it follows a certain policy derived from your organisation's information security policy. If, on the other hand, you need a unidirectional data communication flow, a data diode is the most secure option. A data diode guarantees unidirectional separation between the networks. It consists of optical fiber with a transmitter on one side and a receiver on the other, with absolutely no risk of two-way transmission. Read more about Data diodes!
How to calculate ROSI (Return on Security Investment)?
Calculating ROSI is about calculating what the lack of security can cost and what the most cost-effective solutions are - this is to be able to know what to spend on security. Read more about how to do it (in an article about another security product) here!
Do you control your production, including all components?
Advenica offers cybersecurity solutions that meet the highest security requirements. Our product development differs in many ways from traditional development as our customers demand that we can show that our solutions offer security with a high level of assurance. This can only be achieved if all work can be reviewed and evaluated. We therefore develop and manufacture the vital parts of our solutions in-house to ensure the highest level of security (high assurance). For our Security Gateway, this means that we use hardware that we have checked and in the case of software, we check and verify it so that we can take full responsibility for it throughout its life cycle. We ensure IT security, protection of development and production environments, perimeter security in the premises and access to a reliable, security-cleared and security-aware workforce. We design the products so that as few components as possible are vital from a security perspective and that these parts can be assembled and delivered under our own control. We carry out the configuration and final inspection ourselves on our premises with our own staff and under strict supervision. Read more about our high security product development in our White Paper.
SecuriVPN
Here are some frequently asked questions about our SecuriVPN!
What is a typical SecuriVPN customer?
All EU companies, organisations and authorities that need to communicate sensitive information. Please note that for non-EU customers, export regulations may apply. Contact Advenica for further information.
Why should you choose SecuriVPN?
If you need to communicate sensitive information, you need a solution that comes with high assurance. This means that very high demands are placed on security and control at all stages – from development and production to delivery. Thus, users can be confident that the sensitive information is protected during transport between different networks. Advenica is one of only a handful of suppliers that can deliver high assurance solutions.
How can a SecuriVPN system be used?
SecuriVPN is a highly flexible IP-based system that can be set up as anything from the simplest P2P connection to a comprehensive system consisting of hundreds of VPN devices with centralised administration and key servers for remote distribution of encryption keys.
All devices can be connected using either electrical or optical interfaces, and it is possible to customise a device’s configuration for communication over radio and satellite links.
What makes SecuriVPN a secure system?
SecuriVPN has a wide range of built-in security features. Some of these are:
- Hardware-based encryption with hardware separation between domains
- Quantum-safe symmetrical encryption algorithms
- Frequent and automatic change of encryption keys
- Replay protection
- Active and passive tamper protection
Contact Advenica for further information.
Are high availability and redundancy possible?
Yes, SecuriVPN has several network-based features that enable high availability and redundancy.
Redundant central administration means that multiple administrative sites are active at the same time. Should one site fail, full functionality will still be available.
Failover is a feature where two VPN devices are connected in parallel. One device is active and handles all communication while the other is passive and waits to take over if the active device fails.
Parallel devices make it possible to increase bandwidth by placing up to 10 VPN devices in parallel.
Redundant tunnels allow a VPN device to connect to a given network via two different tunnels. Configuration determines which tunnel is normally used. If problems occur with the designated tunnel, the other, redundant tunnel will be used.
To ensure continuous operation, the different encryption models of the system can be equipped with redundant power supply.
Do you control your production, including all components?
Advenica offers cybersecurity solutions that meet the highest security requirements. Our product development differs in many ways from traditional development as our customers demand that we can show that our solutions offer security with a high level of assurance. This can only be achieved if all work can be reviewed and evaluated. We therefore develop and manufacture the vital parts of our solutions in-house to ensure the highest level of security (high assurance). For our Security Gateway, this means that we use hardware that we have checked and in the case of software, we check and verify it so that we can take full responsibility for it throughout its life cycle. We ensure IT security, protection of development and production environments, perimeter security in the premises and access to a reliable, security-cleared and security-aware workforce. We design the products so that as few components as possible are vital from a security perspective and that these parts can be assembled and delivered under our own control. We carry out the configuration and final inspection ourselves on our premises with our own staff and under strict supervision.