GUARDS

Validating data to enable secure information exchange

SIXA Technology - GuardsGuards can provide the Validate component in our Secure Information eXchange Architecture (SIXA). They ensure the content (and in some cases protocol) conforms to the security policy.

The importance of validation

The Validate component, or Guard, ensures that the data being transferred conforms to a specified security policy. The Guard reduces the risk of malware getting into a network; of sensitive data leaking out; and ensures that appropriate controls are in place for the data to be released between the networks.

In order to do this, the Guard has to be able to provide detailed inspection of the data being transferred. The checks that a Guard could perform can be split into three categories:

  • Format checks;
  • Syntax checks;
  • Semantic checks.

Format Checks

Data can claim to be of a given format in different ways, from the extension of a filename to parameters in encapsulating data (e.g. MIME types in an email). Format checks will verify that the data conforms to the format that it claims or appears to be.

The type that the data claims to be is important since this will determine the end application that opens and renders it. Data can masquerade as different types to fool an end application into opening it.

The format checks need to be designed to ensure that the end applications get the data that they can safely open. In order to achieve this, the end applications need to be known and thus they need to form an integral part of the overall secure information exchange solution.

Syntax Checks

In most scenarios, the checks need to go beyond verifying that the data is of the type it claims to be.

Additional checks should validate that the data conforms to the configured security policy so that an administrator can ban fields or portions of data formats that could potentially carry threats such as malware or hidden data leakage.

Equally, checks should ensure that all mandatory fields are present to ensure that end applications processing the data have everything that they expect.

Semantic Policy Checks

Knowing that the data is of a format that is acceptable and that the data conforms to a specified schema for that format will reduce the risk of incorrectly or maliciously formatted data from compromising applications in the destination system.

In addition to this, Semantic checks ensure that the information transferred in the data conforms to the policy defined. Semantic checks ensure that the content of the data whilst valid structurally, is also allowed.

Examples of these types of checks are:

  • prohibited word checking;
  • security label checks;
  • and release authority decisions.

Complexity versus Assurance

In order to get a high degree of confidence that the Guard can perform these detailed checks, it is advisable to limit the degree of complexity of the data being transferred through the Guard. In this way, the checks can still be comprehensive, but are simpler to evaluate.

The Transform component, or Gateway, in our Secure Information eXchange Architecture (SIXA) can be used to transform more complex data into something that can be guarded with high assurance.

Nexor Guards

Nexor Guardian is a data guard providing a highly secure, high-throughput content checking capability that enables the sharing of information between networks with different levels of trust.

Nexor Sentinel is a high assurance email guard, evaluated to Common Criteria EAL4+ and is listed on NATO’s NIAPC catalogue. It has been designed to protect organisations by validating that in-bound and out-bound electronic messages conform to the security policy of the protected domain.

REQUEST A CALLBACK

If you would like to talk to us directly, you can request a call back.

Request Call back
Sending

We value your privacy >

TALK TO ONE OF OUR EXPERTS

Talk To One Of Our Experts
Sending

We value your privacy

Information Exchange Gateways: The Evolving Story White Paper

FEATURED WHITE PAPER

Information Exchange Gateways: The Evolving Story - This White Paper brings the Information Exchange Gateway story up-to-date. It looks at the changing context in which Information Exchange Gateways are being used; recent experiences in deploying them; and what the future holds. MORE DETAILS

Guarding Military Messages case study image

FEATURED CASE STUDY

Guarding Military Messages (A European Navy) - No matter how good your policies and protocols are, human error can mean a message is accidentally sent somewhere (and seen by someone) inappropriate. MORE DETAILS

Our Accreditations; Investors in people; ISO 9001; Cyber Essentials; ISO 27001; TickIT Plus; HM Government.

Be the first to know about developments in secure information exchange

Share This