The current version 10.0 of the high resistance firewall genugate from security specialist Genua has been certified by the German Federal Office for Information Security (BSI) according to Common Criteria EAL4+ (CC EAL4+). For the first time, the BSI has included a new security component developed by Genua for patch management (ALC_PAM) in the certification. This ensures particularly effective protection of software updates against infiltration attempts, for example with malware. According to the company, only genugate currently has certified patch management worldwide.

Patch management involves development teams coordinating and checking updates to operating systems, platforms or software applications. Among other things, this involves fixing bugs and vulnerabilities with new or updated source code, which is published in the form of software updates. However, these patches also provide attackers with starting points for infiltration attempts, for example with malware.

With the extended assurance component 'ALC_PAM', the security specialist ensures effective protection with three security measures. Firstly, the software used to apply the patches for genugate 10.0 has been extensively tested and checked for vulnerabilities as part of the BSI certification process. The software does more than just provide a cryptographic signature: it checks that the patch is correct, applies it in a cryptographically secure manner and then updates the version database. Secondly, the patch is created using precisely defined processes. These were evaluated by an independent test laboratory accredited by the BSI. And thirdly, the BSI checked the cryptographic procedures used.

The abbreviation CC EAL4+ of the Common Criteria denotes the degree of trustworthiness (Evaluation Assurance Level) in a certified product. The EAL levels defined in the CC standard describe precise requirements for a security test, the scope to be tested, the depth of the test and the test methods.

Other technical innovations in genugate 10.0 include REST API for the automation of administration tasks, web application firewall, improved log evaluation through connection to Elastic Stack, as well as Advanced Web Categories (successor to genublock), which enable the blocking of websites by category.