Cyber War – is attack the best defence?
Posted on 2. March 2020
To build a defence in depth is a well-known military concept that can be mirrored one to one in your strategy for protecting your data and separated network. At Arbit we do not claim that one single action, like implementing diodes, will do the job but we do help customers set up their cyber defence more effectively with diodes in the frontline and other measures/technologies in depth. As we have implemented solutions for many high security networks used by armed forces, police, intelligence services and large corporations we are able to advise you how to set up your Cyber border perimeter protection that will match your needs.
Looking across the solutions we have implemented, in most cases it starts with a segmentation or an air gap between the “internet connected network” and the network containing classified or sensitive data. In this news article we will take you through the most obvious steps in the process – and how to overcome the problems associated with it.
Defence line One: Separation
Step one – to separate or segment your network, is a crucial step as it stops any communication and transfer of data to and from the network. To reestablish this function and transfer data from for instance the internet (low) to the protected network (high), an Arbit data diode is an obvious choice. The diode is capable of data transfer in one direction only (Certified according to Common Criteria) which ensures that you have eliminated attempts to actively hack your network with this first step as a potential attack usually begins with an intense port scan to analyze and identify an attack vector.
Defence line Two: Malware protection
We normally divide the dataflow via the diode into three independent flows: Files, E-mail and streaming. As the diode ensures transfer of data from low to high, all files must as a minimum be scanned for malware and put into quarantine if infected. In regard to files, this is a rather easy operation with either a single malware detection software or, as we recommend, a multi scanning software like OPSWAT MetaDefender (MD). Emails are a bit more complicated compared to files when it comes to scanning as both email and attachments might contain different types of attack vectors that need more than just scanning.
Defence line Three: Content Disarmament and Reconstruction (CDR)
For both files and mails, CDR is a valuable tool that offers a number of features like Data Leak Prevention (DLP), heuristic analysis, deactivation of links and more. Together with the diode it ensures that infected data does not enter your network and that “the talk back” is effectively cut by the diode.
Defence line Four: SANDBOX technology
Just another step that will ensure a “second opinion” on the above measures.
Data release / data export
The above are feasible, preventive steps to secure your data import and the beauty is that they can all be, and should be, reused during data release. However, one essential feature must be added: The Right-to- Release feature.
The Right-to-Release and to whom it should be given is an organizational decision – who in the organization has the authority to release data? Technically, there are several ways to ensure this Right-to-Release, like only appointed releasers may sign data, releasers are checked against the Active Directory etc. and the Arbit Data Diode supports this The Arbit data diode also supports the use of customized filtering via an open API as we do not deliver “a black box”, – we support integration of third party software .
NOTE: This release procedure – using one release diode – is what we recommend releasing data from RESTRICTED or equal networks. In order to release data from SECRET and TOP SECRET networks please take a look at our Arbit Trust Gateway.
Cross Domain Print
Posted on 29. January 2020
Cross Domain Print
Print via a data diode
Standard security regulations require printer pools for each separated network. Separated networks are normally implemented to ensure data Integrity https://en.wikipedia.org/wiki/Data_integrity or to ensure network separation between networks of different classifications like SECRET (HIGH) and UNCLASSIFIED (LOW). The Arbit Data Diode is accredited – and NATO listed – to connect networks from UNCLASSIFIED to SECRET and this is what we take advantage of in the print solution. Prints can be initiated from “LOW” using printers on “HIGH” and standard options like selection of different printers is offered. From a user perspective our solution is very similar to a standard print job and will require very little training – a short standard mail instruction will do.
Our print solution can be combined with a third party Follow The Print solution – but please consult us for further information.
Feedback from customers is that this is a perfect example for a “return on investment analysis” – but of course the size of organization and number of printer pools matters.
What we do!
Posted on 25. November 2019
What we do!
The short answer
When people meet our business the first time, the question we are asked most often is “What is it that you do, exactly?”.
In our line of business we speak of security, control and air-gapped networks, and make references to military, police, security and intelligence agencies. We borrow words like pitchers and catchers from the world of sports and use a seemingly endless list of tech-words like data diodes and unidirectional gateways. The terminology makes sense among specialists, but at a first glance or for people with a different focus, the dense language tends to have the psychological effect of making our work seem more incomprehensible than it is.
In essence, however, it is easily explained what we do: “We build data diodes which employ the laws of physics to ensure one-way data flows. And we are very good at it.”
Connection control is key
This obviously leads to asking “Why one-way data flows?”. Even in tech circles, the usefulness of strict unidirectional data flows may not always be immediately obvious. Consider, however, these basic facts:
- Everything digital is made of data
- Digital value creation requires the data to move
- Moving data requires data connections
When networks intersect, connections can be exploited by hackers or data thieves, or be the cause of unintentional data leaks. Preventing this requires effective control the flow of data across connections. This requires that the data only flows one way within a connection.
Unidirectional gateways enable security
Data diodes are deployed like one-way gates in the fence around secure data environments. They physically only allow data to flow in one direction, empowering network managers to maintain complete control over the data flow by way of separation: One diode regulates what can get in, and another what can get out.
Bottom line; “We protect sensitive data and the value it represents, by delivering data diodes which enable full data flow control”. What this means for your business or organization specifically depends on your situation, but we are ready to answer that.
Defence and Security Equipment International (DSEI) 2019
Posted on 02. October 2019
We at Arbit Cyber Defence Systems are delighted and proud to be able to call ourselves “Børsen Gazelle 2019”
“Hurray and big congratulations – your company is a Børsen Gazelle 2019”
“The requirements to become a Børsen Gazelle are tough. A gazelle business is continuously growing and, as a minimum, doubles its revenue or gross profit over a period of four fiscal years, while maintaining positive growth each year. It is impressive that you have been able to live up to this, so a big congratulations on your great growth and the title as a Børsens Gazelle 2019.”
Defence and Security Equipment International (DSEI) 2019
Posted on 10. September 2019
Products & Innovation
With over 1,600 exhibitors from 69 countries, DSEI is the world’s leading event for the defence and security industry. Here, stakeholders from around the world get together to share news, discuss the latest issues and technologies and learn from each other.
It connects governments, national armed forces, industry thought leaders and the global defence & security supply chain on an unrivalled scale.
Come and Meet Our Team
CSO, Søren Elnegaard Petersen and CTO, Jens Jeppesen from Arbit are ready to welcome visitors interested in how Arbit helps protect high-security networks against cyber-attacks. At our stand N3-300 you have the opportunity to see both the Arbit RUGGEDIZED C4ISR Gateway and the Arbit Data Diode on display.
Homeland Security Conference 2019
Posted on 28. August 2019
On August 28 and 29, the 6th Homeland Security Conference was held in Frederica organized by CenSec – Center for Defence, Space & Security.
Homeland Security Conference is an innovation and technology conference focusing on bringing together representatives from the cyber security community, industry decision makers, governmental authorities and academics.
Søren Elnegaard Petersen from Arbit was selected to give a pitch about Cross Domain Solutions and how unidirectional security gateways improve efficiency in isolated networks without compromising security.
Page at LinkedIn
FMI Industry Day 2019
Posted on 22. August 2019
On August 22, 2019, Arbit participated in the FMI Industry Day 2019 organized by the Danish Defence Acquisition and Logistics Organization
It is a large “open house” event where staff from FMI and the Armed Forces have the opportunity to meet with over 180 companies from the industry.
Our booth was well attended with both the Arbit RUGGEDIZED C4ISR Gateway and the Arbit Data Diode on display.
Our CSO Søren Elnegaard Petersen was on site and had a busy day welcoming visitors interested in how Arbit helps protect high-security networks against cyber attacks.
Thanks to both organizers and participants for a great day!
Growth requires space…
Posted on 21. June 2019
Arbit has grown out of its present premises at Symbion. That’s why we are moving to new – and larger – premises within the Greater Copenhagen Area.
Our new domicile not only offers fresh and spacious offices but also complies fully with the strict requirements applying to our line of business.
Located only 20 minutes by car from Copenhagen Airport, it is only a short 3 minute walk from Roedovre Station.
The new address is:
Link to Google Maps
OPSWAT – Arbit Seminar
Posted on 30. January 2019
Vi vil gerne invitere dig til at komme og høre om de mange nye produkter og muligheder i OPSWATs portefølge.
Dagen byder på briefing om OPSWAT Metadefender Multi Scanning Engine, Data Sanitization, Data Loss Prevention, Vulnerability Engine, KIOSK og en lang række andre løsninger. Dertil vil integration med Arbit Data Diode og Gateway blive kort gennemgået.OPSWAT løsninger understøttes nu både som on-site, Air Gap og Cloud løsninger og kører på både Windows og Linux.
OPSWAT vil være repræsenteret ved Keith Christie-Smith, Country Director, UK and Nordic Region og George Chereches, Sales Engineer, og udover en bred gennemgang af produkter har vi afsat tid til at diskutere netop din organisations behov også set fra et teknisk perspektiv.
Vi glæder os til at byde dig velkommen!
Seminaret afholdes onsdag d. 13. februar 1300 – 1600 på:
Symbion Fruebjergvej 3 2100 København
Kongsberg Defence and Aerospace
Posted on 4. January 2019
Some quick example text to build on the card title and make up the bulk of the card’s content.
Often we deploy our solutions to organizations like governments, military – and intelligence services and for obvious reasons they do not like to be quoted or referenced. Our recent major customer in Norway didn’t mind:
”KONGSBERG DEFENCE & AEROSPACE has implemented the Cross Domain Solutions developed by Arbit, which has improved our network security without impairing work process efficiency. Both the Arbit Data Diode and the Arbit Trust Gateway meets all of KONGSBERGs strict requirements for speed, security, stability and manageability.”
– CIO, Jan Helge Strøm, KONGSBERG
This really made our day at Arbit….
Arbit Data Diode is now listed in NATO Information Assurance Product Catalogue
Posted on 17. December 2018
The NATO Information Assurance Product Catalogue (NIAPC) provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.
Let’s Get In Touch!
Ready to start your next project with us? That’s great! Give us a call or send us an email and we will get back to you as soon as possible!