In critical infrastructure environments and banking architectures, managing data flow between networks exposed to the external world and highly sensitive internal networks is one of the most critical aspects of modern cybersecurity.
Together with our partner Invicta R&D, we bring this technology—long used in defense industries, law enforcement, and military institutions—to organizations that require the highest level of protection for their critical data.
Virtual Air Gap (VAG) is an EAL4+ certified and patented network security solution.
The system consists of two servers and separates incoming data packets into Header and Payload components.
Only the pure data (payload) is written in encrypted and signed form to a Shared Memory unit that has no physical network connection.
The server on the receiving side reads the data, verifies it, and generates a completely new packet before forwarding it to the destination.
This architecture ensures that no direct IP-level communication is ever established between the networks, effectively creating a true Air Gap.
Core Banking Isolation
Between internet-facing systems and the main banking (core) systems.
Web Service Security
Secure data transfer from external services (mobile or internet banking) to internal application servers without direct network access.
Database Synchronization & Backup
Perform database synchronization or backup operations without opening direct network connections and without introducing cyber risks.
Network Segmentation
Secure data flow between networks with different security levels (e.g., Test vs Production, Management vs Staff networks).
Protocol Break
Packets coming from the external network are never transmitted directly to the internal network. Instead, a new packet is recreated on the internal server, preventing TCP/IP-level vulnerabilities from propagating inward.
True Isolation
The system consists of two physically separated hosts. Since there is no network connection between them, lateral movement from one side to the other is technically impossible.
Auditable and Controlled Security
Although there is no physical contact between networks, all data transfers remain fully auditable and controlled. The system supports independent third-party audit logging.
High Performance
Despite its advanced security mechanisms, the solution operates with 0.1 ms latency and up to 7 Gbit/s throughput, ensuring no performance degradation in banking operations.
Contact us via the link below to receive a personalized presentation and demo.