Cross Domain Solutions
The Owl Cross Domain Solution (OCDS) product line supports the needs of the United States military, intelligence agencies, and other government entities that require the specific capabilities of a cross domain solution (CDS).
At a high level, CDSs transfer data one-way, across the boundaries of networks operating at different security classifications (i.e. unclassified to Secret) without the possibility of data “leaking” out of the target network. For example, unclassified weather data (satellite images, temperatures, precipitation rates, forecasts, streaming video, etc.) generated by 100’s of NOAA facilities could be transferred by a CDS to a higher security level network (i.e. SIPRNET) for Air Force mission planners. At the same time, the CDS prevents data from leaking out of SIPRNET to any other network.
Owl CDS products are comprised of patented hardware and software components that include data verification methods (filters, checksums, etc.) and have been tailored to meet specific mission requirements. At the heart of each solution is our proprietary data diode design which provides a hardware based, deterministic one-way only transfer of data. All Owl CDS products have been accredited and validated for operational use, with a number of products appearing on the NCDSMO baseline.
Over 1,000 deployments globally use Owl CDS solutions, including Communication Card kits, which operate in enterprise class servers, and our all-in-one, 19” 1U rack-mount solutions which meet low SWaP (size, weight and power) requirements. Our products are the fastest in the market, supporting bandwidth requirements from 10 Mbps all the way up to 10 Gbps.
For over 17 years, Owl has been providing cybersecurity solutions for US government agencies, the military, and the intelligence community. We have both the technology and expertise necessary to help you select the ideal solution to meet your mission specific requirements and quickly get it approved for deployment.
OWL SCOWT ™
Rugged and Robust Protection for Mission Dataflows
Our mobile/tactical Scowt platforms are Raise-the-Bar (RTB) Ready ruggedized hardware that host Owl’s CDS MPP software.
The mobile/tactical product family comes in 3 three configurations: Scowt – air cooled, rack mounted, Scowt – conduction cooled, frame or shelf mounted, and Scowt Compact – conduction cooled, frame or shelf mounted. These configurations are based on reduced size, weight, and power (SWaP) dual-node platforms that support dataflows from 10 Mbps to 1 Gbps. These dual-node platforms include two processing environments separated by an Owl-patented hardware-enforced, one-way transfer diode. Owl Scowt-Compact is based on the Owl 010 diode and is Owl’s smallest footprint mobile/tactical platform that hosts Owl’s MPP CDS software. Owl’s MPP CDS software is also available on Owl’s 1U, 2U, and multi-server product lines, which provides customers with consistent CDS capabilities across their entire infrastructure. The Scowt product MPP software is based on a STIG compliant, CLIP enforced, EAL4+ Red Hat Enterprise Linux (RHEL) foundation. It’s capable of scanning and file validation filtering to ensure only authorized content is transferred by the dataflows. The product line’s dual-node platform includes two processing environments separated by Owl’s patented hardware-enforced, one-way transfer diodes. These combined technologies provide dataflow protection at the highest threat environment connections.
Latency -3ms to 8ms depending on filter
UDP-based data streaming and TCP-based file transfers or data streams (future file transfer capabilities)
Up to four dataflow types: Filtered files, non-filtered TCP streams,
UDP unicast streams, UDP multicast streams, UDP broadcast, FTP, SFTP, and FTP/S
Coalition team sharing
Streaming Transfer Solutions
Owl Cross Domain Solution (OCDS-ST06)
* NCDSMO Baseline Solution
The OCDS-ST06, an all-in-one Cross-Domain Solution, is NCDSMO baseline-listed and received its ATO (Authorization to Operate) in February, 2015. Designed to stream UDP traffic Unclassified networks to Secret network domains, OCDS-ST06 transfers UDP packets containing MPEG-TS video. Installed at a ground station, OCDS-ST06 receives multiple inbound UDP video streams from UAVs supporting ISR activities, and transfers them across network boundaries to the Secret network.
Remotely collected Unclassified video and the corresponding meta data is first filtered by OCDS-ST06. The Owl MPEG data filters explicitly check MPEG-TS packet framing, MPEG-TS protocol, and KLV metadata conformance to MISB standards. The incoming full-motion video UPD streams are then multiplexed into one stream for transfer across the domain boundaries to the Secret enclave.
Available in an all-in-one 1U (1.75 inches high) rack-mountable chassis, OCDS-ST06 delivers total network isolation and discrete domain separation at bandwidth rates from 26 Mbps to 155 Mbps. Providing an ideal CDS solution when smaller size, weight and power (SWaP) is necessary.
File Transfer SOLUTIONS
OWL CLOUD-TO-CLOUD (C2C)
Cloud environments are extremely efficient in storing, organizing, and accessing vast amounts of information. However, until now, moving massive amounts of data from one cloud to another cloud of different security classification or replicating entire cloud environments has been an arduous, often substantially manual process. The Owl Cloud-to-Cloud (C2C) solution provides a highly reliable and secure mechanism for the high-speed transfer of multiple terabytes of data per hour. This transfer can occur between public or private clouds (or storage repositories), that exist inside or outside of the originating organization.
The Owl Cloud-to-Cloud (C2C) cross domain solution is a proprietary, data diode-based cybersecurity solution, designed for extremely high-volume, high-bandwidth, secure file transfers from one cloud environment to another. C2C operates on a two-server platform, with embedded Owl communication cards and specialized software. Utilizing a parallel processing system with a sophisticated traffic management and threading mechanism, the C2C has been tested and verified to transfer data at a sustained rate of multiple terabytes per hour.
Enterprise Cross Domain Solution (ECDS-FT01)
* Owl Uses a Pair (2) of Dell PowerEdge Servers
* NCDSMO Baseline Solution
The Owl ECDS-FT01 is an enterprise-scale Cross Domain Solution that is on the Validated Products (Baseline) List of the National Cross Domain Services Management Office (NCDSMO). It was primarily designed to transfer a variety of file types from low-to-higher security network enclaves, and to meet Secret-and-Below Interoperability (SABI) Process requirements. A primary application is bulk file transfer, with the deployed version rated at a transfer rate of 50,000 files per hour.
ECDS-FT01 is a two-server, enterprise solution, using a dedicated send-only server and a dedicated receive only server. Both servers run policy-hardened Linux operating systems following the Security Technical Implementation Guides (STIGS) generated by the Defense Information Systems Agency (DISA). Files that are transfer candidates are moved from the source network to the send server. Candidate files are vetted with ClamAV and ASCII filters before transfer. After transfer, the flexible architecture of the ECDS-FT01 allows additional data security policies/checks to be performed on the receive server if the mission warrants it.
Owl Cross Domain Solution (OCDS-FT01)
* Owl Uses a Pair (2) of Dell PowerEdge Servers
* NCDSMO Baseline Solution
The Owl OCDS-FT01 is a server based Cross Domain Solution that is on the Validated Products (Baseline) List of the National Cross Domain Services Management Office (NCDSMO). It was primarily designed to transfer a variety of file types from low-to-higher security network enclaves. With a configurable architecture, OCDS-FT01 provides a certifiable one-way solution with a base set of capabilities that can be enabled or disabled, as dictated by changing mission and security requirements; leading to re-use among programs that require similar capabilities.
To offer the most flexibility, the OCDS-FT01 offers a base set of security features that are certifiable, modular, and configurable. Based on proprietary Owl DualDiode Technology™ – OCDS-FT01 uses Owl 155 Communication Cards to enforce an unconditional one-way data transfer security policy. By default, antivirus scanning software and a file type checking methods, designed to block the transfer of malware and executable code can be applied to authenticated files as they are transferred from the source network to the destination network. However, since data type and data filter requirements are largely determined by program and site requirements, a modular application programming interface (API) is also available to accommodate third party data filter software applications.
Owl Cross Domain Solution (OCDS-FT15)
The OCDS-FT15 is a certified and accredited Cross Domain Solution as a Tailored Variant of OCDS-FT01 (a NCDSMO Validated Product); it is operational and serving DoD missions. It was designed as a one-way data transfer solution moving files from Unclassified domains to Top Secret networks. Unlike FT01 which is deployed on two separate enterprise servers, FT15 is packaged in the Owl 1U rackmount enclosure. The 1U enclosure includes two independent servers separated by our data diode based, proprietary DualDiode Technology™.
The OCDS-FT15 presents a modular design that facilitates further tailoring to satisfy changing mission requirements and expedited delta-certification (regression testing) processes. The 1U hardware architecture features two internal servers that satisfy requirements for small size, low weight, and low power consumption (SWaP). While the software architecture includes a STIG-compliant, Certifiable Linux Integration Platform (CLIP) operating system based on CentOS/RHEL 5. This defense-in-depth solution includes security features mapped to the NCDSMOICD-503 (which includes NIST SP 800-53) and to DCID 6/3 (legacy).
OCDS-FT15 supports absolute channel capacity of up to 155 Mbps and is authorized for 71 file types that include .txt, .xml, .csv and .sql. Content for all files is restricted to 7-bit printable ASCII characters, and it is equipped with additional data filters.
Packet Transfer Solutions
Enterprise Cross Domain Solution (ECDS-PT01)
* Owl Uses a Pair (2) of Dell PowerEdge Servers
The Owl ECDS-PT01 is a 10 Gbps, enterprise-scale Cross Domain Solution that is certified, accredited and serving DoD missions. It was specifically designed for extremely high performance data transfers of Ethernet packets from Unclassified networks to Secret network domains. Serving as a network traffic collection device, ECDS-PT01 transfers all Ethernet network traffic from the source network to an isolated destination network for real-time analysis.
ECDS-PT01 is a two-server, enterprise solution, using a dedicated send-only server and a dedicated receive only server. The servers are connected with Owl’s proprietary DualDiode Technology™ to create a deterministic one-way only data transfer path.
To support the maximum throughput of a 10 Gbps network, the ECDS-PT01 operates two DualDiode pairs running in parallel serving a single internal data transfer channel. All Ethernet frames are ingested from the source network and relayed to the destination network unchanged. To achieve the stated objective of the mission, no filtering is done. This defense-in-depth solution includes security features mapped to the NCDSMO ICD-503 (which includes NIST SP 800-53), and to the Risk Decision Authority Criteria (RDAC), and to the DCID 6/3. Both servers run a STIG-compliant Certifiable Linux Integration Platform (CLIP) operating system based on CentOS/RHEL 5.
Miniaturized & Small Form Factor Solutions
Owl Cross Domain Solution - MULTI-PURPOSE (OCDS-MP)
The OCDS-MP is designed to deliver robust one-way transfer functionality in an all-in-one, small form-factor integrated package. Featuring low size, weight and power (SWaP) requirements, this 1U, single box solution is capable of transferring data between networks of varying security levels and security policies. Whether the CDS requirement is for an enterprise data center, a field-forward combat position or perhaps even in a mobile vehicle, the OCDS-MP offers the flexibility to meet each of these needs.
The OCDS-MP is a one-way data transfer solution, supporting multiple data types, formats and data streams concurrently across a single rack-mountable chassis. Within the 1U chassis is the proprietary Owl DualDiode Technology™. Designed to provide deterministic one-way only data transfers, the DualDiode has fully integrated Send-only and Receive-only communication cards connected via an internal fiber optic link operating at speeds of 26 Mbps – 155 Mbps
Owl Cross Domain Solution - 1000 (OCDS-1000)
The OCDS-1000 is a high performance cross domain solution in an all-in-one, 1U form factor, designed for real-time one-way data transfers. This single box solution is capable of transferring multiple concurrent data streams or file transfers between networks of higher or lower security levels, including Secret and Top Secret networks. Whether deployed at a data center, ground station, or even in a field-forward mobile vehicle or UAV, the OCDS-1000 offers the power and versatility to meet the even the most demanding electronic warfare requirements.
Featuring proprietary DualDiode Technology™, the OCDS-1000 includes fully integrated Send-only and Receive-only communication cards connected via an internal fiber optic link. It is designed to provide deterministic, high throughput one-way data transfers at speeds of 104 Mbps up to 1,000 Mbps (1 Gbps), and features easy bandwidth upgrades through a simple software license key mechanism. The OCDS-1000 is capable of transferring real-time streaming data, such as UDP sensor data or video, and files of nearly any type or size, and can transfer through multiple independent channels simultaneously.
Miniaturized Cross Domain Solution (MCDS)
The MCDS product line was developed to provide the robust capabilities of Owl’s cross domain solutions in a miniaturized form factor. With the full capability to isolate networks, transfer data and connect Unclassified networks to Secret networks, the miniaturized solutions are designed to satisfy the requirements of highly mobile, tactical missions. Their small size, weight and power (SWaP) profile make them perfect for dismounted soldiers, embedded vehicle computers or any other environments where size and weight considerations are critical.
Due to the broad acceptance of Android devices, with their potential value in field-forward scenarios, Owl has responded with support for handhelds and tablets running various versions of the Android™ platform operating system. Tailored from Owl's accredited full-sized cross domain solutions, our game-changing mobile solutions are readily deployable. Our USB-DualDiode technology permits the direct connection of mobile devices (laptops, tablets, smartphones) to highly sensitive networks. And with solutions the “size of a quarter”, the Owl MCDS is the most portable CDS on the market.
Multi-Level Data RetrievAL Solution (MDRS)
The patented Owl Multi-Level Data Retrieval Service (MDRS) provides a way for analysts to quickly and seamlessly access files in other domains without having to wait for data requisitions to be completed. Analysts are able to “reach down” to files housed at different security levels and retrieve portions of very large files or access files residing in the cloud or other domains. MDRS maintains secure and isolated domains while requesting and accessing files through a transparent and secure implementation of the Network File Sharing (NFS) protocol.
MDRS modifies the traditional two way communication path used by NFS and separates it, via data diodes, into two discrete, single direction paths (request & response). Each path passes through a distinct data diode which protects the integrity of each network while allowing files to be exchanged between them.
MDRS supports both high-to-low (H2L) and low-to-high (L2H) scenarios. In a H2L "browse-down" scenario, users can manipulate elements of very large files in other domains without having to transfer the entire file into the user enclave. In a L2H example, users can "browse-up" to unclassified non-standard imagery stored in a high security environment, without affecting the integrity of its storage status in the higher security space.