Skip to main content


Secure Information Exchange Experts

Proprietary cross-domain technology

Defense and





First Spanish manufacturer of cross-domain solutions. Proprietary Common Criteria certified, cybersecurity product technology. Our challenge is to ensure that systems that handle classified information in the public or private sectors are fully protected.

Our Products

We offer two product lines which allow the controlled data transfer between different security domains.

Our high-assurance cross-domain boundary protection products provide two main security functions: network separation and filtering.

A family of application level, high-assurance guards which allow controlled data transfer in both directions independently (bidirectional scenarios), guaranteeing the impossibility of any type of traffic between the two networks, other than that transferred by the system itself.

Hardware data diode that allows the transfer of information only in one direction with physical guarantee of one-way transmission.

Based on the PSTdiode ATKDDL® one-way communication device developed by Autek and certified Common Criteria EAL 4+ (AVA_VAN.5, ALC_FLR.3).

Certifications and approvals

CC to EAL4+

Included in the NIAPC

Reference cross-domain technology partner

Leading companies in the aerospace, defence and security sectors.


We actively participate in the Security Committee and the Cybersecurity Group.


Network segmentation, secure gateways, data diodes.

Why is network segmentation necessary?

Network segmentation is an effective tool to prevent unauthorised access to certain assets of the organization by allowing different security services to be defined for each network segment. This allows for more control over network traffic and a substantial improvement in security.

Segmentation allows network administrators to control the flow of data between subnets according to detailed policies.

‘Strong’ segmentation consists of isolating certain networks from others (security domains). No TCP/IP access between domains will be allowed.

What is cross-domain?

Cross-domain arises when information needs to be transferred between security domains.

A security domain is a collection of assets usually located on a network and subjected to the same policy. Networks with different levels of classification or managed by different operational authorities or simply kept isolated for security reasons are considered as different security domains.

Is a firewall enough?

A firewall is a device that, depending of its configuration, allows or blocks packets and connections. When networks are nor physically separated (sub-networks) a firewall may be sufficient because packets routing and connections are allowed between them.

For the exchange of information between security domains (cross-domain), it is necessary to use other types of devices with a higher level of security: High assurance-guards or data diodes.

These devices do not allow routing of packets neither connections between domains and provide a complete break in the protocol stack.

What types of cross-domain devices are there?

Devices that perform the filtering of data flows are known as ‘guards’.
Depending on the risks of the interconnection (different levels of data classification, trust between authorities, existing security measures, etc.) the general security requirements will be higher or lower.
In high-assurance scenarios where very high security is needed, physical separation of the networks is additionally required.

Devices that provide this separation can be:

  • Unidirectional (diodes)
  • Bidirectional (high-assurance guards or gateways).

Which cross-domain device is appropriate for a maximum-security network?

In interconnections where very high security is required or physical separation of the networks is mandatory, devices that provide this separation can be used and can be either unidirectional (diodes) o bidirectional (high-assurance guards or gateways).

Such interconnections have many additional security requirements that are usually implemented by standard IT security products (firewalls, anti-malware, etc.), but the fundamental requirement is that data flows are defined and controlled.

Cross-domain perimeter protection devices are the central components of an interconnection between different security domains. The level of control applied to the flows is very use case dependent.

How do I transfer information one-way?

To transfer information between two networks in one direction only, a data diode is used.

Although most of them are hardware-based, hardware data diodes are those in which the guarantee that the information transfer is one-way is provided by a certified hardware element, i.e. it would be necessary mechanical manipulation (with physical access) to subvert the mechanism.

On the other hand, those known as software data diodes base the one-way transmission guarantee on some software mechanism like virtual machines or microkernels that could potentially be subverted remotely.

How do I transfer information in both directions in a secure way?

To transfer information securely, in both directions (bidirectional scenarios) between two separate security domains, an application security gateway is required.

They typically provide the functionalities of data flow filtering (‘guard’) and network separation. Filtering can include format control, content control and even requiring data authorisation through digital signatures. Network separation can be of greater or lesser strength depending on whether it is performed by hardware or software.

Join the Autek team

A team that works with the objective of growing together doing what we like and facing the challenge of improving at every step.