Hardware-enforced Unidirectional Communication
Secure Data Transfer
Prevent Data Leakage
Co-confidential
Recent Cyber Attacks
2 | Co-confidential
Cyber Attacks Attack Impact and
Scenarios Consequences
Stolen Information/
Wi-Fi Execution of Malware
Why do organisations
need to protect
Stolen Identity/
their critical Internet Surfing Execution of Malware
information?
Forging of Email/
Email Execution of Malware
Why is unidirectional Creation of
IoT Devices Backdoor Access
data diode more
resilient than firewalls? Forging Data/
ICS/SCADA Manipulation of
Control System
3 | Co-confidential
PLCs/RTUs Loss of Lives
Defeating the Cyber Attack Kill Chain
STEE Data Diode prevents data
leakages from secure networks. Malicious payload grows
exponentially.
A “signature-less” solution is
STEE Secure Files Transfer more enduring.
solutions ensures malicious
payload does not infiltrate the
secured networks.
Vulnerabilities exist at both
Isolation is a better protection hardware and software.
mechanism than detection.
The unidirectional STEE Data
Diode disables all C2
communications.
Degrade, Disrupt, Denial
and Destroy.
4 | Co-confidential
Protecting Industrial Control System /
SCADA Networks
SCADA Server /
Historian Database
Corporate IT
Networks
Power Generation /
Water Treatment
Networks Data Diode
Replicated Server /
Database
6 | Co-confidential
Protecting Sensitive Network
File Cleansing
Internet Controller
Data Diode
File Cleansing
Receiver
Highly
Sensitive
Networks
9 | Co-confidential
Protecting the Big Data Central System
Video Surveillance
Smart Metering Wearable sensors
Autonomous
Transport Payment
Smart Home
Industry 4.0
Data Diode
Big Data
Central
(Analytics)
System
11 | Co-confidential
Integrating Networks Securely
OT Networks Physical Sensors IT Network OSINT
(e.g. Building Mgmt Sys) Security (e.g. radar) activities (e.g. Social Media,
(e.g. CCTV) (e.g. SYSLOG) Dark Web, etc)
Historian Proprietary
Database Video Logs Files
Data
Internet / Intranet
Operation Centers
(NOC/SOC)
Data Diode allows for operational data & logs from different enterprise OT and IT networks to be consolidated at NOC / SOC
for monitoring and analysis, while keeping each network isolated (air-gap) from each other.
12 | Co-confidential
Data Diode Protocols
Data Diode Data Diode
Sending System A Sender Receiver Receiving System B
UDP / TCP / SNMP Data IP Add / Port IP Add / Port Data
SYSLOG / HTTPS
Video VLC VLC
Player Player
Streaming
Files Transfer SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS SFTP / FTPS
Client Server Client Server
(Filezilla, WinSCP) 500
Folders Mirroring SMB / CIFS SMB / CIFS Mbps
(Windows / Linux)
Emails (Domain) (Domain)
(S / MIME)
Client Server Proxy Client Server
SCADA OPC OPC UA OPC UA
OPC Server OPC Client OPC Server OPC Client
DA / UA
13 | Co-confidential
Protecting the Confidentiality, Integrity and
Availability of Critical Systems
Information Assurance by Design
Ensures no data leakage due to hardware-enforced one-way communication
High Throughput & Robust Performance
Configurable for High Availability
Compact Design
Allows all Data Diode functionalities to be encapsulated within a 1U hardware
rack space
Ease of System Integration & Customisation
Supports multiple IT and SCADA/ICS networking protocols and can be
customised to any operational requirement
15 | Co-confidential
Secure Files Transfer Solution
Co-confidential
Files, Files, Files Isolation is the better Protection Mechanism.
Signature-less is the more Enduring solution.
Convert &
Extract
Data Files
Parse & Opcode Detection
Check In Data Files
Data Files
(Need to preserve Content)
True File Type
Detection
Malware
Detection
Machine Learning Traditional Genetic
Binaries
AV Scanner AV Scanner AV Scanner
17 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B
Files Cleansing Controller Engines
• True Files Type Detection
• Files Conversion
• Content Disarm & Reconstruction
• Static Codes Analysis
• Anti-Virus Scanners
• Sandbox Solutions
18 | Co-confidential
Secure Files Transfer Architecture
NAS FCS
DD FCS FCS NAS
A TXC Engines RXC B High Assurance Architecture
• HAG Design – FCS engines
protected by 2 pairs of
FCS FCS FCS data diodes.
TXC
DD Engines RXC
• System Alerts @ FCS RXC
• Active-Active Paths
• Zero-loss feedback loop
DD MXC DD CXC • System Dashboard @ CXC
19 | Co-confidential
Thank You
Co-confidential