The Vormetric Data Security Platform makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirement at the lowest TCO.
The Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.
Deployment and management of data-at-rest encryption can present challenges when transforming clear-text to cipher-text, or when rekeying data that has already been encrypted. Traditionally, these efforts required planned downtime, or they required labor-intensive data cloning and synchronization efforts. Vormetric Transparent Encryption Live Data Transformation eliminates these hurdles, enabling encrypt and rekey with unprecedented uptime and efficiency.
Vormetric Transparent Encryption provides a proven approach to safeguarding SAP HANA data that meets rigorous security, data governance and compliance requirements. The solution can be quickly deployed, requiring no changes to SAP HANA or the underlying database or hardware infrastructure. With the solution, organizations can encrypt SAP HANA data and log volumes, and establish strong governance and separation of duties.
Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data need to build behavioural patterns required for identification of suspicious usage by authorized users.
With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.
The Vormetric Orchestrator automates Vormetric Data Security Platform product deployment, configuration, management, and monitoring. Organizations can scale encryption implementations across large enterprise data centers and hybrid cloud environments—while dramatically reducing administrative effort and total cost of ownership. Thales Orchestrator automation simplifies operations, helps eliminate errors, and speeds deployments, to help reduce staff resources required to maintain and expand encryption deployments.
Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates like PCI DSS. The solution delivers capabilities for database tokenization and dynamic display security. Now you can efficiently address your objectives for securing and anonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.
Thales e-Security nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.
nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
The nShield Connect series includes nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.
nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.
The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
nShield Solo HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.
The nShield Edge is a full-featured, portable HSM designed for low-volume transaction environments. This USB-connected device delivers capabilities for encryption and key protection, and is ideally suited for off-line key generation for certificate authorities (CAs) as well as development environments.
F5 and Thales provide dedicated SSL termination, offload and acceleration with certified tamper-resistant key generation and management
Intelligent traffic management delivers speed and high availability
Network and application analytics provide visibility and control
Data center and web firewalls protect against Layer 7 DDoS and web application attacks
FIPS 140-2 Level 3 platform secures keys and certificates
Easy setup enhances performance and traffic volume
Increasing use of web applications and cloud-based services is driving growth in numbers of secure sockets layer (SSL) connections. Web traffic, including user lDs, login passwords and sensitive account numbers is commonly encrypted and transported using SSL.
High volume SSL encryption/decryption is a resource intensive process that impacts web server performance. F5 BIG-IP efficiently manages high volume SSL traffic by terminating connections in a dedicated appliance. BIG-IP optimizes the network infrastructure to deliver high availability and security for critical business applications. Increasing SSL traffic results in higher numbers of keys and certificates. Protecting and managing these critical components represents an additional challenge in traditional software environments where they might be exposed to targeted threats.
With F5, customers can simultaneously manage high volume SSL connections to deliver secure connectivity while meeting operational demands. Organizations looking to further extend the security of SSL-based operations can deploy F5 BIG-IP with Thales network-based hardware security modules (HSMs) to achieve operational efficiency and high assurance. Thales nShield Connect HSMs safeguard and manage large numbers of critical SSL keys and certificates within a dedicated, hardened device, ensuring that keys are never exposed to unauthorized entities. Regulated customers in government, financial services, healthcare and other industries require high security solutions that are independently certified to internationally recognized security standards. Integration of BIG-IP with nShield Connects provide FIPS 140-2 Level 3 certified protection, which enables organizations to deliver a high security environment and comply with industry best practices. Thales nShield Connects also enable auditable key and certification validation per established security policies, including enforcement of dual controls and separation of duties. Regulated customers are often required to use FIPS-approved HSMs, and Ponemon Institute research shows that auditors recommend the use of HSMs to facilitate audit and regulatory compliance.
Thales e-Security unifies management, centralizes secure storage, and simplifies governance of encryption keys and certificates with FIPS 140-2 certified products.
With Vormetric Key Management, you can centrally manage keys from all Vormetric Data Security Platform products, and securely store and inventory keys and certificates for third-party devices—including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products. By consolidating key management, this product fosters consistent policy implementation across multiple systems and reduces training and maintenance costs.
For virtually every organization today, the adoption of cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With Vormetric Key Management as a Service (KMaaS), your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.
With nShield BYOK, you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys. Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.
Copyright 2020 Networks Unlimited | The Key to IT Security & Networking Communications.