Skip to content Skip to footer
TerraZone
TerraZone
TerraZone
Close

Home

truePass Gravity

truePass Gravity

OT/SCADA environments and critical infrastructure networks require strict isolation – but operational reality demands connectivity. Traditional solutions like Data Diodes enforce one-way file transfers, leaving organizations unable to support interactive applications, real-time API integrations, or protocol-level access across segmented networks.

truePass Gravity delivers a multi-layered alternative to Data Diodes, providing controlled connectivity between IT and OT environments without opening inbound ports, without expanding network trust, and without compromising operational control.

Built on TerraZone’s patented Reverse Access™ technology, truePass Gravity consolidates file transfer, SMB file sharing, and full application access (RDP, SSH, HTTP) into a single platform – replacing fragmented point solutions with unified, Zero Trust policy enforcement.

Reverse Access™ Architecture – Patented outbound-only HTTPS communication (port 443) eliminates the need for inbound firewall ports entirely.

SMB Proxy with CDR Integration – Controlled file sharing across segmented networks with optional Content Disarm & Reconstruction for sanitized transfers.

SMB Proxy with CDR Integration – Controlled file sharing across segmented networks with optional Content Disarm & Reconstruction for sanitized transfers.

Unified Management & Audit – Single pane of glass for policy management, Syslog/SIEM integration, and end-to-end audit trails across all connectivity layers.

Key Challenges

Data Diodes Limit Operational Flexibility Unidirectional gateways enforce strict one-way data flow, but they are restricted to file transfers and data replication. When organizations need RDP access to an OT machine, SSH to a production server, or connectivity to an internal web application – Data Diodes cannot deliver.

Fragmented Point Solutions Expand the Attack Surface To bridge the gap, organizations layer multiple products: a Data Diode for one-way transfers, a separate SMB proxy for file sharing, a dedicated TCP connector for a single application, and embedded connectors that no one manages. Each additional component introduces new interfaces, scattered logs, and operational complexity – expanding the attack surface with every added solution.

No Unified Identity Enforcement Across OT/IT Boundaries Zero Trust principles are increasingly applied to user access, but they are rarely enforced for machine-to-machine communication across segmented networks. Without a unified platform, there is no consistent visibility into what is actually flowing through the connectivity paths between classified or isolated environments.

Compliance Burden Grows with Architecture Complexity Regulatory frameworks like NIST SP 800-82 and IEC 62443 require segmented architectures with monitored DMZ communications between OT and enterprise networks. When connectivity is managed through multiple vendors with distributed logs, demonstrating compliance becomes a resource-intensive, manual process.

How truePass Gravity Works

Layer 1: Reverse Access™ - Zero Inbound Port Infrastructure

truePass Gravity deploys an Access Gateway in the DMZ and an Access Controller inside the internal network. Both components communicate exclusively over outbound HTTPS (port 443, TLS 1.2/1.3) - no inbound ports are opened at any point. Internal applications remain completely invisible until after identity verification and policy evaluation. This architecture aligns with the Software Defined Perimeter (SDP) model and the Zero Trust principles defined in NIST SP 800-207.

Layer 2: SMB Proxy - Controlled File Services

For file transfer and sharing scenarios between environments, truePass Gravity provides an SMB Proxy that mediates access to SMB/CIFS file shares with full security controls: Kerberos and NTLM authentication, SMB Signing for message integrity and protection against relay and spoofing attacks, SMB Encryption for end-to-end traffic protection, and optional CDR (Content Disarm & Reconstruction) integration for sanitizing file content as part of the transfer process.

Layer 3: Zero Trust Application Access - RDP, SSH, HTTP

This is the layer that sets truePass Gravity apart from every other solution on the market: full interactive application access - not just files. RDP/VDI access with per-session MFA, per-machine hardening policies, clipboard/printer/port redirection controls, and real-time session governance. SSH/SFTP access with additional MFA enforcement per service. HTTP application access with URL-level, IP:Port-level, and Active Directory user/group-level policy definitions. Every access request is governed by per-request Zero Trust policy with least-privilege enforcement. All three layers operate under a unified management console - consolidating policy definition, Active Directory integration, PKI certificate management, Syslog export to any SIEM, and full audit trail generation.

Get started

Replace Multiple Point Solutions

Consolidate Data Diodes, SMB proxies, TCP connectors, and embedded communication components into a single platform with centralized control.

 

Zero Inbound Ports

Patented Reverse Access™ ensures all communication is outbound-only over HTTPS port 443 – internal applications are invisible to external scanning and reconnaissance.

Unified Audit & Compliance Reporting

End-to-end audit trails, Syslog/SIEM integration, and centralized logging across all connectivity layers - enabling fast compliance reporting for NIST SP 800-82, IEC 62443, and organizational security policies.

Full Application Access Beyond File Transfer

Unlike Data Diodes and MFT solutions that are limited to file movement, truePass Gravity provides interactive RDP, SSH, and HTTP access to OT/SCADA resources under full Zero Trust policy control.

Identity-Based Zero Trust Enforcement

Every connection - whether file transfer, SMB share access, or application session - requires Active Directory authentication and policy evaluation before any network path is established.

Book Your Demo

Use Cases

OT/SCADA Secure Connectivity

Enable controlled access from IT networks to OT resources – including SCADA consoles, HMI stations, and industrial controllers – without exposing OT infrastructure through inbound ports or VPN tunnels.

Cross-Network API & Service Integration

Connect web services, real-time APIs, and application integrations between classified or segmented network zones under unified Zero Trust policy, replacing ad-hoc TCP tunnels and embedded connectors.

Third-Party Vendor Access to Isolated Environments

Grant time-limited, role-based access for maintenance vendors and system integrators to access specific applications inside air-gapped or segmented environments – with full session audit and MFA enforcement.

Compliance-Driven Network Segmentation

Meet NIST SP 800-82, IEC 62443, and organizational segmentation requirements by routing all cross-zone communication through a monitored, policy-enforced DMZ architecture with centralized logging and compliance reporting.

    +1-700-700-139
    [email protected]
    +1-700-700-139
    [email protected]

    Fill out the form below,
    and we will be in touch shortly.

    Welcome! Let's start the journey

    AI Personal Consultant

    Chat: AI Chat is not available - token for access to the API for text generation is not specified