Skip to main content

Gatekeeper Certification

Introduction

This document outlines the comprehensive testing and certification process for the ColorTokens Gatekeeper solution. Our testing methodology ensures maximum reliability and security for mission-critical environments including healthcare facilities, life sciences, and manufacturing environments where uninterrupted operations are essential.

Testing Categories

1. High Availability (HA) Testing - verify following for active/standby and active/active configurations

  • Simulate primary appliance failure to verify automatic failover

  • Verify zero packet loss and no session disruption during failover events

  • Test manual failover procedures

  • Test service continuity during software updates

  • Verify device connectivity status is reported correctly during failover events

  • Verify device traffic information and enforcement work correctly during and after failover events

  • Measure failover time to meet SLA requirements (less than 1 second)

  • Network Resilience Testing

    • Simulate WAN interface failure
    • Simulate LAN interface failure
    • Test power failures, hardware failure events
    • Test recovery from switch failure scenarios
    • Verify redundant path functionality

2. Device Connectivity and Status Reporting

  • IP Assignment Verification
    • Verify correct IP assignment across device types
    • Test IP address persistence across network events
    • Verify IP conflict resolution
  • Device Status Reporting
    • Validate real-time status updates (active, connected, disconnected)
    • Test dashboard accuracy with high device counts (1000+ devices)

3. DHCP Functionality and Redundancy

  • DHCP Server Failover Testing
    • Verify primary to backup DHCP server failover
    • Test lease preservation during failover
    • Measure address allocation delays during failover
  • DHCP Relay Capability
    • Verify relay functionality across multiple VLANs
    • Test relay with various DHCP server configurations
    • Validate option forwarding accuracy

4. Performance and Latency Testing

  • Latency Measurements

    • Measure baseline latency at line rate (1Gbps, 10Gbps)
    • Test with varying packet sizes (64B to 9000B jumbo frames)
    • Measure latency under typical healthcare network loads
    • Verify latency consistency over 72-hour continuous operation

  • Throughput Validation

    • Verify maximum sustained throughput
    • Test mixed traffic patterns common in healthcare environments
    • Validate performance with medical imaging data transfers

5. Upgrade Testing

  • In-place Upgrade Testing
    • Verify seamless software upgrades with no service disruption
    • Test rollback capabilities in case of upgrade failures
    • Verify configuration preservation post-upgrade
    • Validate all services resume correctly after updates
    • Test upgrade paths from multiple previous versions

6. Disaster Recovery Testing

  • Appliance Recovery Testing
    • Verify complete restoration from backup to new hardware
    • Test recovery time objectives (RTO target: less than 5 minutes)
    • Validate configuration and policy integrity after restoration
    • Simulate catastrophic hardware failure scenarios

7. Policy Enforcement Testing

  • Progressive Enforcement Testing

    • Test monitor-only mode accuracy
    • Validate alert-only mode with no traffic blocking
    • Test selective enforcement with critical traffic prioritization
    • Verify full enforcement with zero false positives

  • Policy Application Testing

    • Test application of complex multi-segment policies
    • Verify progressive policy enforcement
    • Test policy conflict resolution
    • Validate condition-based policy activation

8. Device Identification and Integration Testing

  • Device Identification Testing

    • Test identification accuracy for biomedical devices
    • Verify integration with:
      • Claroty
      • Nazomi
      • Armis
      • Siemens security solutions
      • CrowdStrike
      • SentinelOne
      • Vulnerability management systems (Rapid7, Nessus, Tenable)

  • Integration Validation

    • Test API compatibility with all integrated systems
    • Verify vulnerability data integration
    • Validate identification consistency across platforms

9. Risk Score Computation Testing

  • Vulnerability Risk Assessment

    • Test risk score accuracy based on CVSS scores
    • Verify vulnerability data integration from multiple sources
    • Test temporal risk score adjustments based on environment

  • Risk Management Workflow Testing

    • Validate mitigation recommendation engine
    • Test risk remediation tracking
    • Verify risk threshold alerting

10. Network Topology Enforcement Testing

  • East-West Traffic Control Testing

    • Test lateral movement prevention between medical devices
    • Verify segmentation between critical and non-critical systems
    • Test microsegmentation effectiveness for similar device types

  • North-South Traffic Control Testing

    • Validate segmentation of external access
    • Test segmentation for remote access
    • Verify segmentation policies for cloud resources

11. Medical Device Protocol Testing

  • Protocol Testing
    • Test DICOM protocol security controls
    • Validate HL7 message inspection and security
    • Test proprietary medical device protocols specific to:
      • Patient monitoring systems
      • Infusion pumps
      • Imaging systems
      • Laboratory equipment
      • Validate protocol-specific rule enforcement

12. Additional Critical Testing Areas

  • Resource Utilization Testing

    • Monitor CPU, memory, and disk usage under peak loads
    • Test system behavior at 95%+ resource utilization
    • Verify graceful degradation under extreme load

  • Logging and Auditing Testing

    • Test comprehensive event logging
    • Verify SIEM integration capabilities
    • Validate compliance with healthcare audit requirements
    • Test log retention and rotation policies

  • Multi-site Deployment Testing

    • Validate micro-segmentation policies across geographically distributed environments and sensor types (agent, gatekeeper, EDR etc)
    • Verify timely deployment of policy changes in distributed environments

  • Security Hardening and Penetration Testing

    • Conduct comprehensive penetration testing of Gatekeeper appliances
    • Verify protection against OWASP Top 10 vulnerabilities
    • Test resistance to network-based attacks including DDoS and packet injection
    • Validate secure configuration according to CIS benchmarks
    • Verify all critical security patches are applied
    • Test for default credential vulnerabilities
    • Conduct privilege escalation testing
    • Verify secure boot and firmware integrity validation
    • Test for secure API implementations and authentication mechanisms
    • Validate encryption of sensitive data both in transit and at rest

Test Environment Specifications

Our test environments replicate typical healthcare network infrastructures, including:

  • Multiple VLANs simulating clinical, administrative, and guest networks
  • Various medical device types and manufacturers
  • Multiple network topologies (hub-and-spoke, distributed, mesh)
  • Simulated WAN conditions including latency, jitter, and packet loss
  • High device density areas simulating operating rooms and intensive care units

Conclusion

The Gatekeeper certification testing process is designed to ensure maximum reliability in critical healthcare environments where patient care depends on network availability and security. Our comprehensive testing validates that Gatekeeper can enforce security policies while maintaining the availability required for life-critical systems, ensuring no disruption to patient care operations.