Cross Domain Solutions – more than a one-way data flow

Key findings:

• Cross Domain Solutions (CDS) enable the secure exchange of data between environments with different classification levels, while protecting data and infrastructure.

• Traditional CDS are insufficient against today’s threats – modular, scalable and configurable solutions are needed.

• SEFs (Security Enforcing Functions) are a key component of CDS – they combine filtering, scanning, transformation and context control.

• New operating models and increased data volumes require a flexible approach that combines hardware with advanced software.

• Solutions OPSWAT offer comprehensive CDS support, integrating Metascan™, Deep CDR™, Adaptive Sandbox and Threat Intelligence technologies.

Table of Contents:

1. What a CDS is and why it matters

2. How CDS protects data in government and defense institutions

3. Regulations and architecture patterns

4. Contemporary challenges of CDS

5. Increased data diversity and volumes

6. Evolving threats and the role of data integrity

7. New operating models and the need for adaptation

8. OPSWAT’s solution for CDS

9. OPSWAT technologies in support of CDS.

10. The most common questions

What a CDS is and why it matters

CDS is a solution that enables controlled communication between domains with different levels of trust or classification. The key objective is to protect higher classification environments while enabling secure data flow.

How CDS protects data in government and defense institutions

CDS minimizes the risk of data manipulation or leakage during import and export. It prevents the transfer of malicious code, enforces proper classification, and enables auditing of each transfer.

Regulations and architecture patterns

Countries such as the UK (NCSC), the US (NCDSMO), and NATO have their own CDS implementation standards. Compliance with these standards is required when building any CDS system.

Contemporary challenges of CDS

CDSs have to deal with more data types, a variety of cloud environments, cross-classification migrations and dynamically changing cyber threats.

Increased data diversity and volumes

Modern CDS must support both user files, system data, geolocation data and custom files – while being scalable.

Evolving threats and the role of data integrity

State-sponsored attacks are increasingly targeting data integrity. CDS must ensure not only confidentiality, but also the correctness of the content. Obfuscation does not mean that the data is correct.

New operating models and the need for adaptation

Isolating data is no longer sufficient – CDS should support analysis and interoperability, enabling exchange between classes with stringent safeguards.

OPSWAT’s solution for CDS

OPSWAT offers a flexible platform with components that can be customized to meet an organization’s needs – from scanning to content control and contextual analysis.

OPSWAT technologies in support of CDS.

• MetaDefender Core – the heart of the CDS system, integrating SEFs.

• Metascan™ – multiscanning of files by multiple AV engines.

• Deep CDR™ – removal of potentially malicious file components.

• Adaptive Sandbox – analysis of file behavior in a controlled environment.

• Threat Intelligence – analysis of country of origin, IoC and file vulnerabilities.

• MetaDefender Kiosk – scanning of external media (13,000+ files/min).

• MetaDefender MFT and MDSS secure data input/output in CDS.

• NetWall – integration of hardware data diodes into the OPSWAT platform.

The most common questions

CDS is a system that enables data exchange between systems with different levels of security, meeting the requirements of standards such as NIST, Raise the Bar and GDPR. Key components include controlled interfaces, data diodes, content filtering, auditing, data transformation and security functions (SEF). CDSs are mainly used in government and defense, but also in energy, finance, telecommunications and aviation.

The advantages of CDS include security, regulatory compliance, internal risk reduction, interoperability and improved inter-institutional cooperation. Solutions OPSWAT support CDS in every aspect – from physical devices to intelligent, configurable software.