When working with sensitive data, organizations need more than just advanced technology: they need the confidence that they can share sensitive information across networks with that technology. The Nexor GuarDiode File Edition 4 brings that peace of mind. By combining an unidirectional data flow with advanced data cleansing software, organizations remain in control of their data. We speak to Peter Austin, Portfolio Manager at Nexor, about the launch of the new GuarDiode.
Exchanging information is not without risks
Nexor is a secure information exchange specialist offering high assurance threat and risk mitigation expertise and solutions into complex and sensitive networks globally. The company mainly works with governmental and public service organizations, which have to adhere to strict standards. And not without reason: exchanging information, especially sensitive data, remains a risky undertaking in today’s digital world.
“Organizations should worry about zero-day attacks and DDoS attacks,” Peter says. A zero-day attack exploits a software vulnerability that is unknown to the software vendor or developers. Since the vulnerability hasn't been patched, attackers can take advantage of it before it’s discovered and fixed. In a DDoS attack, the attackers exploit previously unknown security vulnerabilities in systems, networks, or applications by overloading these with data. This sudden flood of traffic from multiple sources renders targeted services or websites unavailable.
Peter adds: “People need to be very cautious in admitting data into their networks. Attackers can deploy malicious code through transferring documentation and software updates, exploiting vulnerabilities within the organization’s supply chain.”
A secure solution
So how do organizations go about data transfers in a secure manner? A secure cross-domain solution has two functions: to stop your sensitive data leaking out, and to stop the bad stuff from getting in. The Fox DataDiode is a hardware solution that ensures a unidirectional data flow at the highest security level. By blocking any data from moving from your secure environment via reverse data paths, you can prevent any external threats from extracting valuable data. The Nexor GuarDiode adds another security level to this solution by scanning and cleansing any incoming data. This way, you can securely bring data into your network, even from sources you might not fully trust.
Not all data is created equal: some files require extra care to ensure they’re safe to use. For example, code can be smuggled in through spreadsheets which can then be used to launch an attack,” Peter says. “There's all sorts of ways of manipulating text, manipulating fonts, manipulating images, which are hard to spot through manual checks. For example, you can put white text on a white background, or send background data through low-contrast images.”
Checking, cleansing, and filtering data
To tackle these issues, the GuarDiode includes advanced filtering, such as the Content Disarm and Reconstruct (CDR) function. This automatically removes potential threats like macros, links, and other unwanted content. This means that every file you receive is not only safe but also ready for immediate use, without the need for manual checks or adjustments – making collaboration a lot more efficient within networks and organizations.
“Going from manual to automated resolution of document-based threats will make a huge difference for organizations,” Peter says. “Addressing the problem of safe data transfers is on the requirements lists of many organizations’ security policies. The GuarDiode fits perfectly in enforcing that policy. At the same time, it will also lead to significant cost savings by taking out the manual element.”
Preventing sensitive data leakage
The solution also enables organizations to customize filters to block or redact sensitive details, hereby only sharing what’s necessary with lower trust areas. “Nexor provides the overall workflow software and integrates filters into the workflow as defined by the customer’s security policy. These filters are updated to mitigate the changing threats,” Peter explains. “In this scenario, the Fox DataDiode would block any malicious code attempting to use the data export channel as a backdoor into the high-trust area."
Helping organizations move forward
Does this mean that you can buy the GuarDiode to sit back and relax? “In a way, yes, because you can be sure that your sensitive information is protected. But at the end of the day, it’s all about balancing risk,” Peter says. “We help organizations understand what the risks are and how they can mitigate them. But at the same time, risks are constantly changing, and businesses are constantly changing. We want to get to a level where organizations and businesses proactively manage the risks with their information transfer policies enforced in GuarDiode in order to have the confidence to say: yes, we’re able to transfer data in order to function, while still preserving the security of our company.”
Peter concludes: “If we can help our customers move forward by becoming more interconnected in a secure manner, our mission is successful.”