Cross Domain Communication Security

Network segmentation is an important element of IT security concepts. Organizational networks are divided into segments based on criticality and sensitivity requirements of data and systems. Network segments that hold particularly sensitive data (e.g., national RESTRICTED or SECRET classification) are many times isolated (“air gapped”) or available through limited enforced communication patterns and data flows.

Similarly, the zero-trust model distrusts all endpoints, applications, and users. All internal and external communication must be checked. Any user or service must authenticate itself. Many IT security concepts only focus on minimizing external threats which is a weakness exploited for Cyberattacks.

Accordingly, a distinction is made between:

  • Cross-domain transitions between internal networks
  • Cross-domain transitions between internal networks and DMZ
  • Cross-domain transitions between internal networks and the Internet
  • Cross-domain transitions between DMZ under internal/external control and the Internet

However, isolation of network segments presents a real challenge for public and private organizations. Government agencies, the military, and companies (e.g., banks, power stations, oil platforms) increasingly must exchange, merge or analyze data in order to be able to fulfil their respective mission in real time as they go digital. In many cases it is only computer systems that must communicate with each other. The labor and time intensive task of exchanging data between isolated and connected domains (“swivel chair interface” or “sneaker network”) is a showstopper to digitization.

This is where Cross-Domain Solutions (CDS) come in. These are highly trusted, government-accredited network security components (e.g., Security Gateways, Data diodes) that control and, if necessary, block the flow of data between two security domains at all layers.

Cross-Domain Security Solutions for the toughest and most sensitive environments

The Secure Domain Transition (SDoT) product family allows controlled unidirectional or bi-directional exchange of data between networks/systems of different sensitivity level as well as the creation of NATO STANAG 4774/8 compliant and tamper proof security labels. The SDoT product family offers the most comprehensive cross-domain solutions on the market for network security and data leakage prevention (DLP). SDoT products enable digitization in sensitive or extremely critical areas, as data is exchanged and made available in a controlled manner while sensitive data remains protected.


Defence & Public Sector

  • Database replication / updates
  • Transfer of sensor data (e.g., Radar, ELINT, Satellite)
  • Lawful interception
  • Video / Audio streaming
  • Remote Screen View / Website mirror
  • Patch management and malware signatures
  • Logging and backup
  • Secure printing

Critical Infrastructure

  • Database / Server replication (e.g. OPC, Modbus, Historian)
  • Transfer of OT data
  • IT service management
  • Managed security services (SIEM to SOC)
  • Video / Audio streaming
  • Remote Screen View
  • Patch management and malware signatures
  • Logging and backup
  • Secure printing

Key Features

  • L4 Mikrokern OS with Secure Boot
  • Hardened HSM
  • Hardware Separation
  • DoS Mitigation
  • Secure Administration
  • EAL4+ Level
  • All Climate Zones
  • Dust Protection
  • Shock Resistance
Enquire Now