Next Gen Solutions


One-way data flow

Data diodes are one-way information transfer devices that control information flow in one direction while preventing information flow in the reverse direction.

We offer two different versions: 

An evaluated version, used in the NGXS Gateway, which employs optical connectivity and signal conversion, including custom circuitry to guarantee that no reverse path is available for data transmission.

The second version, which can be purchased separately, is a passive solution that employs optical connectivity and an optical isolator to ensure unidirectionality.


Secure by design

Defence in depth and diversity of defence are security best practices intended to mitigate potential damage when an individual safeguard is compromised. Defence in depth espouses the use of successive layers of safeguards, while
diversity in defence encourages the use of different safeguard implementations in order to prevent cascading failures.

The NGXS Gateway fully implements both best practices. It is a self-contained, tamper resistant, 1U rack-mounted appliance, equipped with 10Gbps interfaces and capable of reliably transferring data at high speeds.

The NGXS Gateway permits data transfer in only one direction with out-of-the-box support for TCP and UDP streaming, file transfers and XML transfers with schema validation.

Highest Standards

Common Criteria EAL 4+ Certified

Our unidirectional gateway has achieved the prestigious Common Criteria EAL 4+ certification, marking it as one of the most secure solutions available in the cybersecurity market. This globally-recognized certification attests to our product’s capability to meet rigorous international standards for data protection and secure transfer, making it an ideal choice for environments requiring the highest level of security.

The EAL 4+ designation signifies that our gateway has undergone comprehensive testing by an accredited lab, and it confirms the product’s resilience against sophisticated cyber threats.

NGXS Gateway Features

Assured unidirectional transfer

Guarantees unidirectional transfer using optical-electrical-optical signal conversion and connectivity.

Hardened Operating System

By stripping away unnecessary services and functionalities, and enforcing mandatory access control, we significantly reduce the attack surface.

Mandatory Access Control (MAC)

Implements a linear assured pipeline using the Security Enhanced Linux (SELinux) National Security Agency (NSA) Reference Policy.

Supply Chain Protection

Complicates supply chain attacks by using hardware components from multiple vendors.

Secure Boot

Validates the operating system being loaded to ensure that no malware has tampered with the boot process.

Software Diversity

Leverages multiple compilers and XML validation engines in order to prevent a single vulnerability from compromising the device.

Enterprise Ready

10 Gigabits per second (Gbps) interfaces allow the NGXS Gateway to reliably perform high speed data transfer. In addition, each system comes equipped with dual RAIDed hard drives in order to provide continued operation in the event of hard drive failure.

Role-based administration is provided in multiple languages through a custom administrative interface. The interface mandates a two-person approval system (TKPC), ensuring that a minimum of two administrators with distinct roles are needed for major configuration modifications. It also blocks direct access to the operating system shell, which further minimizes potential vulnerabilities.

Head Office

1000 Innovation Drive 5th Floor
Kanata, ON
K2K 3E7


1-888-774-9762 (Head Office)

+44 7921 835031 (UK)

+49 6182 929420 (EU)

Sphyrna Security