PostgreSQL Conference Germany 2026

Signando ALG for PostgreSQL is an Application Layer Gateway that inspects, validates, and controls PostgreSQL wire protocol traffic in real time on OSI layer 7. Unlike traditional firewalls that only see IP addresses and ports, our ALG understands the PostgreSQL protocol deeply — it can filter individual queries, block unauthorized commands such as DROP or TRUNCATE, enforce role-based access policies, inspect query results before they reach the client, and log every database interaction for full audit trails.

What makes it unique: Signando ALG is purpose-built for critical infrastructure (KRITIS) environments and serves as the "A" component in BSI-compliant PAP (Paketfilter – ALG – Paketfilter) architectures, enforcing true network isolation between security zones. It is built entirely in Rust for maximum performance and memory safety, sits transparently between clients and PostgreSQL servers without requiring any application changes, and helps organizations meet German BSI-Grundschutz and EU NIS-2 compliance requirements out of the box. No agents, no proxies to configure — just plug it in and protect your databases with a second layer of defense.

At Signando, our mission is to make application-layer security accessible and practical for organizations that operate critical infrastructure. Banks, hospitals, energy providers, and government agencies all rely on PostgreSQL to store their most sensitive data — yet the network path to those databases is often protected by nothing more than a simple packet filter, so every misconfiguration of the database may have fatal consequences.

We believe that every organization handling critical data deserves deep protocol-level protection without the complexity, cost, and vendor lock-in of legacy enterprise gateways. That is why we build lightweight, Rust-based Application Layer Gateways that understand the protocols they protect — including PostgreSQL. Our goal is to close the gap between what compliance frameworks like BSI-Grundschutz and NIS-2 demand and what organizations can realistically deploy, even with limited IT security budgets and small teams.

PostgreSQL already has an excellent track record in regulated industries — banks, hospitals, and government agencies run it in production every day. We expect this adoption to keep growing, especially as organizations move away from proprietary databases and demand open, transparent infrastructure.

Our role is to add a second line of defense around it. Even a well-configured database benefits from an independent layer that inspects traffic at the protocol level — the same way a building with strong locks still benefits from a security gate. Signando ALG adds that gate: it monitors, filters, and logs every PostgreSQL interaction separate from the database.

On top of that, Signando ALG provides network isolation at zone boundaries — something PostgreSQL alone cannot do. When a PostgreSQL instance runs in a high-protection zone and clients connect from a normal-protection zone, our ALG serves as the PAP structure (Paketfilter – ALG – Paketfilter) securing this zone transition. The more PostgreSQL grows into security-sensitive environments, the more organizations need this defense-in-depth.