Three Domain Seperation

Homepage / Three Domain Seperation

Key features

A true paradigm shift in VPN management, Three Domain Separation, was pioneered to address the potential insider threat from rogue administrative staff within the government, armed forces and intelligence organisations.

Eliminates insider threat

Eliminates the risk of unauthorised disclosure of classified information by rogue administrative staff, by separating classified information and transport networks from device administration. This is achieved by introducing a third domain, administration domain, in addition to the traditional Red/Black domains.

Secure outsourcing enabler

An aspect often overlooked in outsourcing to Managed Security Service Provider is the risk of letting the supplier manage personal information or other business sensitive information. The trust between the customer and supplier depends upon the concept of signing legal agreements that define the liability for the information being protected. Instead of relying solely on NDAs and agreements you can eliminate the risk “by design” with Three Domain Separation.

Patented disruptive technology

The technology is a unique innovation that prevents IT administrators from accessing sensitive information. Three Domain Separation is a high assurance technology that guarantees separation between the sensitive data traffic and system administration.

Three Domain Separation

Groundbreaking cybersecurity innovation

The cost of managing VPN deployments grows exponentially without central management possibilities. The obvious benefit of central management is the possibility to rationalise the deployment, monitoring and management of VPN installations.

Central management will greatly reduce the total cost of ownership (TCO) and improve the return on investment (ROI). However, traditional central management has severe drawbacks when it comes to information privacy and information leakage. The root of the problem lies in the two domain separation. In traditional solutions, red and black domains are used to describe the transportation of user information between the secure plaintext side (RED domain) and the untrusted encrypted side (BLACK domain) of a VPN device. Traditional central management uses two domain separation where administrative personnel can access sensitive information on the protected network (RED domain) from the management site.

Three Domain Separation, a true paradigm shift in VPN management

Advenicas patented innovation, Three Domain Separation, is a true paradigm shift in VPN management. It is the only technology that eliminates the threat of unauthorized disclosure of sensitive information by a VPN administrator or a Managed Security Service Provider (MSSP).

The Three Domain Separation technology is based on extending the traditional two domain separation with an administration domain. By adding a third domain, Advenicas solution provides system administrators with a tool that allows management and control of VPN devices from a central location. At the same time, administrators cannot under any circumstances access user information that passes through a VPN device or information stored inside the secure network. Users of the VPN system are thus provided increased security:

  • No unauthorised access to user information in transit over an unprotected network (encrypted traffic in the VPN tunnel)
  • No administrative personnel can access any information other than what is required for device management.

Three Domain Separation is a truly groundbreaking innovation that prevents IT administrators from accessing sensitive information.

It provides unique assurance and protection against data leakage, which is crucial for Managed Security Service Providers and for customers who manage their own cybersecurity systems.