Skip to main content

Secure Information Exchange Experts

Proprietary cross-domain technology

Defense and
Security

Administration
Public

Sector
Aerospace

Critical Infrastructures

Environments
Corporate

First Spanish manufacturer of cross-domain solu􏰀ons. Proprietary Common Criteria cer􏰀fied, cybersecurity product technology. Proprietary technology of 'Common Criteria' certified cybersecurity products. Our challenge is to ensure that systems that handle classified informa􏰀on in the public or private sectors are fully protected.

Our Products

We offer two product lines which allow the controlled data transfer between different security domains.

Our high-assurance cross-domain boundaray protec􏰀on products provide two main security func􏰀ons: network separa􏰀on and filtering.

Learn More

A family of application level, high-assurance guards which allow controlled data transfer in both directions independently (bidirectional scenarios), guaranteeing the impossibility of any type of traffic between the two networks, other than that transferred by the system itself.

Learn More

Hardware data diode that allows the transfer of information only in one direction with physical guarantee of one-way transmission.

Based on the PSTdiode ATKDDL® one-way communication device developed by Autek and certified Common Criteria EAL 4+ (AVA_VAN.5, ALC_FLR.3).

Learn More

Certifications and approvals

CC to EAL4+

Included in the NIAPC

Socio tecnológico de referencia en Cross-Domain

Empresas líder en los sectores Aeroespacial, Defensa y Seguridad

Asociaciones

Participamos activamente en la Comisión de Seguridad y en el Grupo de Ciberseguridad.

Interconnections

Network segmentation, Cross-Domain, secure gateways, data diodes.

Contact

Why is network segmentation necessary?

Network segmentation is an effective measure to prevent unauthorized access to certain organizational assets by allowing different security services to be defined for each network segment. This allows more control over network traffic and a substantial improvement in security.
Segmentation allows network administrators to control the flow of data between subnets according to detailed policies.
‘Strong’ segmentation consists of completely isolating certain networks from others (security domains). No TCP/IP access will be allowed.

What is Cross-Domain?

Cross-Domain interconnections arise when it is necessary to transfer information between security domains.

A security domain is a set of assets usually located in a network and subject to the same policy. They may be networks with different classification levels or managed by different operational authorities or simply kept isolated for security reasons.

Is a firewall sufficient?

A firewall is a device that, depending on its configuration, allows or blocks packets and connections. When networks are not physically separated (subnets) a firewall may be sufficient because there is packet routing and/or permitted connections between them.

For the exchange of information between security domains (Cross-Domain), it is necessary to use other types of devices with a higher level of security: secure gateways (High Assurance Guards) or data diodes.

These devices do not allow routing of packets or connections and provide a complete break in the protocol stack.

What types of Cross-Domain devices are there?

Devices that perform filtering of data streams are known as ‘guards’. Depending on the risks of the interconnection (difference in information classification levels of both domains, trust between authorities, existing security measures, etc.) the general requirements will be higher or lower.

In interconnections where very high security is required, physical separation of the networks is additionally required.

Devices that provide this separation can be:

  • Unidirectional (diodes)
  • Bidirectional (gateways)

Which interconnection device is suitable for a maximum security network?

In interconnections where very high security is required, or a physical separation of the networks is necessary, devices that provide this separation can be used and can be unidirectional (diodes) or bidirectional (gateways).

Such interconnections have many additional security requirements that are usually implemented by standard IT security products (firewalls, anti-malware, etc.), but the fundamental requirement is that the data flows are defined in advance and controlled.

Cross-domain perimeter protection devices are the core components of an interconnection between different security domains. Flow control can be guaranteed at different levels of stringency and is highly case-specific.

How do I transfer information in a unidirectional way?

To transfer information between two networks in one direction only, we use a data diode.

Although almost all of them are hardware-based, hardware diodes are those in which the guarantee that the transmission of information is one-way is provided by a hardware element, i.e. mechanical manipulation (with physical access) would be necessary to subvert the mechanism.

On the contrary, those known as software diodes base the one-way transmission guarantee on software (virtual machines, microkernels or other mechanisms) that could potentially be subverted remotely.

How do I transfer information both ways securely?

To securely transfer information in both directions (bidirectional scenarios) between two separate security domains, an application gateway is required.

They typically provide data flow filtering (‘guard’) and network separation functionalities.

Filtering can include format control, content control and even require data authorization through digital signatures. The separation of networks can be of greater or lesser strength depending on whether it is done by hardware or software.

Join the Autek team

A team that works with the objective of growing together doing what we like and facing the challenge of improving at every step.

Join us

Secure Information Exchange Experts

® 2025 Autek

Cookie Policy

Privacy Policy

Legal Notice