Owl Cyber Defense
Data Diode Specialist

The Owl Advantage

Features, Technologies,

& Design Elements of Owl


The Owl Advantage series highlights the unique features, benefits, technologies, and design elements that contribute to the overall value and ROI of the Owl product line, and set it apart from competitors. Specific traits and capabilities are identified and explained in detail to help decision makers and technical specialists understand how the product works and the specific benefits it can provide to their organization.



As is normal in commercial markets, competition arose and along with it some confusion about what a data diode is, how it works and what distinguishes one from another. This document identifies and clarifies some of the typical points of confusion between an Owl data diode and other products on the market such as a unidirectional gateway. By way of introduction, the fundamental difference between Owl products and others is the one-way design implemented from the ground up, true single box format, exclusive use of intentional one-way techniques (not disabled or broken two-way methods), hardware based solution, very high reliability, super low latency and very long expected life span (11+ years).


The power grid and its associated bulk electric systems represent millions of disparate systems connected in networks that range from a single building to thousands of square miles. From substations and transmission equipment, to new microgrids and small scale power generation, these systems all face the growing threat of cyberattack from increasingly sophisticated adversaries. Beyond the regulations put in place by NERC CIP, the US Department of Homeland Security (DHS), in collaboration with the FBI and the NSA, put together a list of seven concrete steps that grid operators can take to create a layered, defense in depth architecture and mitigate cyber incidents.


Owl is always focused on the future. Our data diode cybersecurity products for network segmentation and one-way data transfer are built far beyond any comparable products in the industry. Designed from the ground up to be one-way, we feature unmatched reliability, data transfer and replication capabilities, and architectural ingenuity. In fact, the mean time before failure (MTBF) on Owl products averages over 11 years, which means your investment in Owl will serve you for a long time. Unlike other products with short refresh cycles, our customers continue to secure their networks with a single solution, even as their needs change.



Remote monitoring is most often thought of as users at remote locations (HQ, support & service center, engineering, etc.), accessing information stored within a secured network; inferring that remote monitoring requires remote access. At Owl we are changing the paradigm. While the information generated in these secured networks is necessary for remote personnel to perform their job duties, users no longer need to access the network to access the data. Remote monitoring without remote access is a method by which information is transmitted one-way out of a network to an offsite data repository (typically either a corporate IT network or the cloud) where it can be then monitored remotely by users. This one-way-only transfer of data is vital to reduce risk to the secured network, while preserving data sharing.


One of the tools critical infrastructure providers are using to improve their cybersecurity posture is network segmentation via data diodes. Data diodes segment and protect networks from cyber threats while allowing data to securely flow out of them. Owl data diodes feature optional software for historian replication and transfer out of an operational technology (OT) network, into the IT network or the cloud. It enables end-users outside the secure plant or facility to access historian data in real time without introducing a potential threat vector to the OT network.


The Internet of Things (IoT) is enabled by the connectivity of millions, and eventually billions, of devices and systems to allow information to be shared and used across them, as well as aggregated and analyzed by end-users. These devices could be industrial and manufacturing sensors or actuators, medical and healthcare equipment, smart meters, automobile control systems, robotic systems, smart printers and the list continues. However, as is typical in the IT space, the creation of new connections to these devices is far outpacing their security.


Virtually all major facilities involved in the North American bulk electric system (BES), including non-nuclear electricity generation, distribution and transmission, are subject to regulation by the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) plan. The essence of NERC CIP is in identifying and protecting those connected Cyber Assets which, if compromised, would have a negative impact on the BES. Table R1 in Section 005 of CIP layouts out a number of requirements to ensure the protection of the Cyber Assets including: creating a strong Electronic Security Perimeter (ESP), disconnecting BES Cyber Systems from external connections, limiting or eliminating the use of routable protocols (which expose IP information within the ESP, are bi-directional, and are susceptible to hacking), and forcing all traffic through a protected Electronic Access Point (EAP).


Databases are keystones of the modern enterprise, utilized across almost every industry for data storage and analytics, and critical to business operations. Due to their importance, these databases are particularly vulnerable to threats initiated against the networks they reside on. While most organizations protect their databases through some sort of role-based access control or at-rest encryption, none of these methods fully protects the systems from threats such as ransomware or other malware infections. This is why organizations also tend to back up their databases, often offsite, in case such an attack were to breach their systems, or their data was lost by other means. Owl data diodes and specialized software provide a means to both mitigate network cyber threats and securely replicate and transfer partial or complete databases one-way, to another network or the cloud, for redundancy or data sharing.