“The fastest software based Data Diode in the World with a German, EU and NATO SECRET accreditation”
The SDoT Diode is developed and manufactured in Germany following the Security by Design principle.
As an unidirectional security gateway the SDoT Diode allows government, defense and critical infrastructure clients to maintain their confidentiality and integrity requirements for data provision or receipt in digitization and Industry 4.0 projects.
Contrary to firewalls or bi-directional security gateways, data diodes don’t filter data according to policies that require continuous maintenance. Instead a high degree of security is achieved by segmenting systems according to protection levels and enforcing unidiretional data flow.
Features
Since the 1980s data diode design follows the same hardware level separation principle. A fiber optic cable is used to enforce a physical separation between domains and enforce unidirectional data flow. In electronics a diode is a component that only allows current to flow in one direction. A data diode could also be created by cutting copper-leaders in a cable but that could still present a risk as they are not galvanically separated.
Although the old approach to data diodes ensures physical separation of networks without a return channel, it doesn’t meet today’s requirements for bandwidth, reliability, space, project implementation speed or bi-directional protocols.
In contrast, the SDoT Diode, as a next generation data diode, ensures logical separation of networks without a return channel due to its unique and evaluated security architecture. Side channel attacks are prevented through the minimized kernel. The SDoT diode allows fast and high-performance unidirectional data transfer via numerous protocols in a compact form factor between two security domains. It also offers additional functions such as HTTP response status codes.
In the field of critical infrastructures (e.g. factories, oil platforms, power stations, water treatment plants), the opposite is the case. Data from the isolated area with the industrial control systems (OT) are supposed to be made available for unclassified systems or the cloud.
| SDOT DIODE | |
| Housing |  |
| Type | 1 U, 19″ Rack Mount |
| Material | stainless steel (non-magentic optional), powder coated |
| Size | 438 x 573 x 43.6 mm incl. power supply |
| Weight | approx. 9.5 kg / 20,9 lbs |
| Performance | |
| Speed | Up to 9.1 Gbit/s |
| Protocols | TCP, UDP, SMTP/S, HTTP/S (more via proxy server) |
| LAN | Fiber or RJ45 |
| Power supply | 100-240 VCA, 50-60 Hz, 5-3 A |
| Power supply | Active fan |
| Power input | 95 W |
| Other | |
| Temperature | Optimized for complex missions |
| Humidity | Optimized for complex missions |
| Vibration | Yes |
| Shock | Yes |
| Standards | CE, ROHS, REACH, ISO 9001, EAL4 + |
| NATO MSM | BSI-VSA-10340 |
| BSI | BSI-VSA-10340 |
| Standards | German SECRET, NATO SECRET, EU SECRET |
Use-cases
In the public sector especially in defense, intelligence and homeland security, data diodes are generally used to provide data from sensors or unclassified systems (LOW) to a classified system (HIGH). The top priority is to protect classified data in HIGH and prevent it from leaking to LOW under all circumstances.
The reverse is the case in critical infrastructure (e.g. factories, oil & gas platforms, power plants, water treatment plants). Data residing in the mission critical industrial control systems (HIGH) must be made available for IT systmens or the cloud (LOW) through a data diode. This could be machine data for monitoring in a remote supervisory command center or predictive maintenance in a big data analytics solution. The top priority is prevent access from LOW to the industrial control systems (HIGH) under all circumstances.
PUBLIC SECTOR
Database replication / updates Transfer of sensor data (e.g. Radar, ELINT, Satellite) Lawful interception Video / Audio streaming Remote Screen View / Website mirror Patchmanagement and malware signatures Logging and backup Secure printing
CRITICAL INFRASTRUCTURE
Database / Server replication (e.g. OPC, Modbus, Historian) Transfer of OT data IT service management Managed security services (SIEM to SOC) Video / Audio streaming Remote Screen View Patchmanagement and malware signatures Logging and backup Secure printing
