Thalesgroup - Thales ESecurity
thalesgroup.comVormetric Data Security PlatformData SheetVormetric Data Security Platform1
Vormetric Data Security PlatformAs security breaches continue to happen with alarmingregularity and data protection compliance mandates getmore stringent, your organization needs to extend dataprotection across more environments, systems, applications,processes and users. With the Vormetric Data SecurityPlatform from Thales, you can effectively manage data-at-restsecurity across your entire organization.The Vormetric Data Security Platform is composed of anintegrated suite of products built on a common, extensibleinfrastructure with efficient, centralized key and policymanagement. As a result, your security teams can addressyour data security policies, compliance mandates and bestpractices, while reducing administration effort and total costof ownership.The platform offers capabilities for protecting and controllingaccess to databases, files and containers—and can secureassets residing in cloud, virtual, big data and physicalenvironments. This scalable, efficient data security platformenables you to address your urgent requirements, and itprepares your organization to nimbly respond when the nextsecurity challenge or compliance requirement arises.Environment and technology support IaaS, PaaS and SaaS: Amazon Web Services,Google Cloud Platform, Microsoft Azure, Salesforce,Microsoft Office365 and PCF: MySQL databases withinPivotal Cloud Foundry OSs: Linux, Windows and Unix Big data: Hadoop, NoSQL, SAP HANA and Teradata Container: Docker, Red Hat OpenShift Database: IBM DB2, Microsoft SQL Server, MongoDB,MySQL, NoSQL, Oracle, Sybase and others Any storage environmentPlatform advantages Centralized data-at-rest security policies Manage keys for Vormetric Data Security Platform andthird-party encryption products Consistent security and compliance across physical,virtual, cloud and big data environments Pre-defined SIEM dashboards deliver granular,actionable file-access intelligence Flexibility and extensibility enable fast support ofadditional use casesCapabilities Integrate with supported HSMs and other third party Application-layer encryption Use supported HSMs as the secure root of trust Transparent encryption for files, databases and containers Tokenizationsources for data encryption keyfor high levels of assurance including FIPS 140-2Level 3 certification Dynamic and static data masking FIPS 140-2, Common Criteria certified key management Cloud Key Management Privileged user access control Access audit logging Batch data encryption and tokenizationVormetric Data Security PlatformCompliance PCI DSS FISMA GDPR PIPA HIPAA/HITECH Regional data residency NIST 800-53and privacy requirements2
FlebleixTransparentEncryptionVormetricData SecurityManagerCloud KeyManagementEnterprise then security and complianceMaximize staff and resource efficiencyBy leveraging these flexible and scalable solutions,security teams can address a broad set of use cases andprotect sensitive data across the organization. The platformdelivers the comprehensive capabilities that enable you toaddress the demands of a range of security and privacymandates, including the Payment Card Industry DataSecurity Standard (PCI DSS), the General Data ProtectionRegulation (GDPR),the Health Insurance Portability and Accountability Act(HIPAA), the Federal Information Security Management Act(FISMA) and regional data protection and privacy laws.The Vormetric Data Security Platform equips organizationswith powerful tools to combat external threats, guardagainst insider abuse and establish persistent controls,even when data is stored in the cloud or any externalprovider’s infrastructure.The Vormetric Data Security Platform makes administrationsimple and efficient, offering an intuitive Web-basedinterface, a command-line interface (CLI) and applicationprogramming interfaces (APIs) including support for REST,Java, .Net, and C. With this solution, you can apply dataat-rest security quickly and consistently, maximizing staffefficiency and productivity. Plus, this high-performancesolution enables efficient use of virtual and physical serverresources, reducing the load on the service deliveryinfrastructure.Vormetric Data Security Platform3
Reduce total cost of ownershipThe Vormetric Data Security Platform makes it simpler and lesscostly to protect data at rest. The platform enables your IT andsecurity organizations to quickly safeguard data across yourorganization in a uniform and repeatable way. Instead ofhaving to use a multitude of isolated products scattered acrossyour organization, you can take a consistent and centralizedapproach with the Vormetric Data Security Platform.Platform productsThe Vormetric Data Security Platform features these products:Vormetric Data Security Manager. The centralizedmanagement environment for all Vormetric Data SecurityPlatform products. Provides policy control as well as securegeneration, management and storage of encryption keys.Includes a Web-based console, CLI, SOAP and REST APIs.Available as FIPS 140-2 and Common Criteria certified virtualand physical appliances.Vormetric Transparent Encryption. Built around a softwareagent that runs on a server to protect data-at-rest in files,volumes or databases on-premises, in the cloud, or inhybrid cloud environments. Features hardware acceleratedencryption, least-privilege access controls and dataaccess audit logging across data center, cloud and hybriddeployments. Features these extensions and additions:Vormetric Tokenization with Dynamic Data Masking.Vormetric Tokenization makes it easy to add random orformat-preserving format-preserving tokenization to protectsensitive fields in databases and policy-based dynamic datamasking for display security.Vormetric Application Encryption. Streamlines the processof adding AES- and format-preserving encryption (FPE) intoexisting applications. Offers standards-based APIs that canbe used to perform high-performance cryptographic and keymanagement operations.Vormetric Batch Data Transformation. Makes it fast andeasy to mask, tokenize or encrypt sensitive column informationin databases. Can be employed before protecting existingsensitive data with Vormetric Tokenization or VormetricApplication Encryption. Delivers static data masking services.Vormetric Key Management. Provides unified keymanagement to centralize management and secure storageof keys for Vormetric Data Security Platform products, TDE,and KMIP-compliant clients as well as securely storingcertificates. Container Security. Establishes controls inside of Docker CipherTrust Cloud Key Manager. Manages encryption keysfor Salesforce, Microsoft Azure and AWS that addressesenterprise needs to meet compliance and best practices formanaging encryption key life cycles outside of their nativeenvironments – and without the need for enterprises tobecome cryptographic experts. Availablefor private cloud or on-premises deployment. Live Data Transformation. Enables encryption andVormetric Protection for Teradata Database. Makes it fastand efficient to employ robust data-at-rest security capabilitiesin your Teradata environments. Offers granular protection,enabling encryption of specific fields and columns in Teradatadatabases.and OpenShift containers, so you can ensure othercontainers and processes and even the host OS can’taccess sensitive data. Provides capabilities you need toapply encryption, access control and data access loggingon a per-or within-container basis.periodic key rotation of files and databases—even whilein use—without disruption to users, applications andbusiness workflows. Vormetric Transparent Encryption for Efficient Storage.Provides a high degree of security for data stored onstorage systems by encrypting data while retainingcritical storage efficiencies, such as deduplication andcompression. Offers the best data protection possible whilemaintaining storage efficiency — an industry first solution!Vormetric Security Intelligence. Produces granular logs thatprovide a detailed, auditable record of file access activities,including root user access. Offers integrationwith security information and event management(SIEM) systems. Delivers pre-packaged dashboardsand reports that streamline compliance reporting andspeed threat detection. Vormetric Transparent Encryption for SAP HANA.Provides advanced data-at-rest encryption, access control,key management and data access audit logging acrossSAP HANA implementations and environmentsVormetric Data Security Platform4
Vormetric Data Security ManagerThe Vormetric Data Security Manager (DSM) centralizesmanagement and policy for all Vormetric Data SecurityPlatform products. The DSM enables organizations toefficiently address compliance requirements, regulatorymandates and industry best practices, and to adapt asdeployments and requirements evolve. The DSM and theproducts it manages are integrated with user and groupidentity management systems such as LDAP, Active Directory,local user databases, Hadoop and container environments—offering best-practice management of security policies anddeployments.Secure, reliable, and FIPS-certified systemTo maximize uptime and security, the DSM features redundantcomponents and the ability to cluster appliances for faulttolerance and high availability. Strong separation-of-dutiespolicies can be enforced to ensure that one administratordoes not have complete control over data security activities,encryption keys or administration. In addition, the DSMsupports two-factor authentication for administrative access.Flexible implementation optionsThe DSM is offered as a FIPS 140-2 Level 1 virtual appliance,as well as two hardware appliances: The V6000, which isFIPS 140-2 Level 2 certified, and the V6100, which is FIPS140-2 Level 3 certified. The virtual appliance is available inVMware, HyperV, KVM, Amazon Web Services, and Azurecompatible formats.Key features Single console for all platform policy andkey management Multi-tenancy support Proven scale to 10,000 agents Clustering for high availability Toolkit and programmatic interface Easy integration with existing authentication infrastructure RESTful API support Multi-factor authentication andinternal HSM Remote AdministrationTechnical specificationsPlatform options: FIPS 140-2 Level 1 virtual appliance (FIPS 140-2 Level 3root of trust available with supported external HSMs) FIPS 140-2 Level 2 hardware appliance (FIPS 140-2Level 3 root of trust available with supported externalHSMs) FIPS 140-2 Level 3 Hardware appliance (Includesinternal HSM) The virtual appliance is available in VMware,HyperV, KVM, Amazon Web Services, and Azurecompatible formatsSupported HSMs can also provide a FIPS 140-2 Level 3 rootof trust for virtual or v6000 hardware Vormetric Data SecurityManagement appliances.Vormetric Data Security Platform5
TransparentEncryptionCipherTrust CloudKey ManagerTokenizationServerKMIPKMIPExternal HSM integrationBig DataEncryptionEnterprise KeyManagementPolicy and Key ManagementImport and use high entropy master keysfrom supported external HSMsBatch DataTransformationApplicationEncryptionPolicy and Key ManagementVormetricData Security ManagerAdvanced CapabilitiesSecure Key ImportBring your own Data Encryptionkeys via RESTUnified management and administration across the hybrid enterpriseThe DSM minimizes capital and expense costs by providing central management of heterogeneous encryption keys, includingkeys generated for Vormetric Data Security Platform products, IBM Security Guardium Data Encryption, Microsoft SQLTDE, Oracle TDE and KMIP-compliant encryption products. The DSM features an intuitive Web-based console and APIs formanaging encryption keys, policies, and auditing across an enterprise. The product also centralizes log collection.Vormetric Data Security Platform6
DSM specificationsHardware SpecificationsChassis 1U rack-mountable; 17” wide x 20.5” long x1.75” high (43.18 cm x 52.07cm x 4.5 cm)Weight V6000: 21.5 lbs (9.8 kg); V6100: 22 lbs (10 kg)Memory 16GBHard Disk Dual SAS RAID 1 configured with FIPS tamper-evident sealsSerial Port 1Ethernet 2x1GbIPMI 1x10/100MbPower Supplies 2 removable 80 certified (100VAC-240VAC/50-60Hz) 400WChassis Intrusion Detection Yes. Also includes FIPS tamper-evident seal on the top cover.Maximum BTU 410 BTU maxOperating Temperature 10 to 35 C (50 to 95 F)Non-Operating Temperature -40 to 70 C (-40 to 158 F)Operating Relative Humidity 8% to 90% (non-condensing)Non-Operating Relative Humidity 5% to 95% (non-condensing)Safety Agency Approval FCC, UL, BIS certificationsV6100 model is equiped with an internal HSMFIPS 140-2 Level 3 FIPS 140-2 Level 3 root of trust available for V6100 and virtual DSMsvia integration with supported HSMsHSM Remote Administration V6100 only; requires optional Remote Administration kitSoftware SpecificationsAdministrative Interfaces Secure Web, CLI, RESTNumber of Management Domains 1,000 API Support PKCS #11, Microsoft Extensible Key Management (EKM), RESTSecurity Authentication Username/Password, RSA multi-factor authentication (optional)Cluster Support YesBackup Manual and scheduled secure backups. M of N key restoration.Network Management SNMP, NTP, Syslog-TCPSyslog Formats CEF, LEEF, RFC 5424Certifications and ValidationsFIPS 140-2 Level 1, FIPS 140-2 Level 2, FIPS 140-2 Level 3Common Criteria (ESM PP PM V2.1)Minimum Virtual Machine Specifications—Recommendation for Virtual ApplianceNumber of CPUs 2RAM (GB) 4Hard Disk (GB) 100GBSupport Thin Provisioning YesVormetric Data Security Platform7
Vormetric Transparent EncryptionVormetric Transparent Encryption delivers data-at-restencryption with centralized key management, privileged useraccess control and detailed data access audit logging thathelps organizations meet compliance reporting and bestpractice requirements for protecting data, wherever it resides.This solution’s transparent approach protects structureddatabases, unstructured files, and linked cloud storageaccessible from systems on-premises, across multiple cloudenvironments, and even within big data and containerimplementations. Designed to meet data security requirementswith minimal disruption, effort, and cost, implementation isseamless – keeping both business and operational processesworking without changes even during deployment and roll out.Meet compliance requirements forencryption and access controlEncryption, access controls and data access logging arebasic requirements or recommended best practices for almostall compliance and data privacy standards and mandates,including PCI DSS, HIPAA/Hitech, GDPR and many others.Vormetric Transparent Encryption delivers the controls requiredwithout operational or business process changes.Scalable encryptionThe Vormetric Transparent Encryption agent runs at the filesystem or volume level on a server. The agent is availablefor a broad selection of Windows, Linux and Unix platforms,and can be used in physical, virtual, cloud, container andbig data environment – regardless of the underlying storagetechnology. Administrators perform all policy and keyadministration through the Vormetric DSM.Encryption takes place on the server, eliminating bottlenecksthat plague legacy, proxy-based solutions. Performance andscalability are further enhanced by leveraging cryptographichardware modules that are built into such modern CPUs, suchas Intel AES-NI and IBM POWER9.Vormetric Data Security PlatformKey benefits Meet compliance and best practice requirements forencryption and access control that scales easily acrossplatforms and environments Easy to deploy: no application customization required Establish strong safeguards against abuse byprivileged insidersKey features Broadest platform support in industry: Windows, Linuxand Unix operating systems High performance encryption: Uses hardwareencryption capabilities built into host CPUs - Intel andAMD AES-NI and POWER9 AES encryption Suite B protocol support Log all permitted, denied and restricted access attemptsfrom users, applications and processes Role-based access policies control who, what, where,when and how data can be accessed Enable privileged users to perform their work withoutaccess to clear-text data Extensions offer added capabilities, including moregranular container support, comprehensive dataprotection while maintaining storage efficiency andzero-downtime data encryption capabilitiesDSMvDSMData Security ManagerBig DataContainersCloudDatabasesOS/File SystemsSecuring Sensitive Data-At-Rest Wherever It ResidesFile-levelEncryptionPrivileged UserAccess ControlLive DataTransformationIntegrationto SIEMVormetric Transparent Encryption secures data wherever it resides8
Granular user access controlsTechnical specificationsApply granular, least-privileged user access policies thatprotect data from external attacks and misuse by privilegedusers. Specific policies can be applied by users andgroups from systems, LDAP/Active Directory, Hadoop andcontainers. Controls also include access by process, filetype, time of day, and other parameters.Encryption Algorithms AES, 3DES, ARIAExtension Licenses Container Security Live Data Transformation Efficient StorageNon-intrusive and easy to deployPlatform SupportVormetric Transparent Encryption agents are deployed onservers at the file system or volume level and include supportfor Linux, Unix, Windows file systems as well as cloud storageenvironments like Amazon S3 and Azure Files. Deploymentrequires no changes to applications, user workflows, businesspractices or operational procedures. Microsoft: Windows Server 2019, 2016 and 2012 Linux: Red Hat Enterprise Linux (RHEL), SuSE LinuxEnterprise Server, Ubuntu, Amazon Linux UNIX: IBM AIX*Database Support IBM DB2, Microsoft SQL Server, Microsoft ExchangeProtect data on-premises or in-cloudKeep control of your data by managing encryption keysand access policies from your local data center for both youron-premises and cloud data, even in hybrid environmentdeployments.Data Availability Group (DAG), MySQL, NoSQL,Oracle, Sybase and othersApplication Support Transparent to all applications, including Documentum,SAP, SharePoint, custom applications and moreBig Data Support Hadoop: Cloudera, Hortonworks, IBMUserVTE AgentAllow/Block Encrypt/DecryptApplicationDatabaseFileSystemsData SecurityManager NoSQL: Couchbase, DataStax, MongoDB SAP HANA TeradataVolumeManagersEncryption Hardware AccelerationStorageServer AMD and Intel AES-NI IBM POWER9 cryptographic ent Certification FIPS 140-2 Level 1Container Support* !@#)(- ” }? %-: John Smith401 MainStreet* !@#)(- ” }? %-: Docker, Red Hat OpenShiftCloud SupportFile-level encryption prevents privileged user abuse AWS: EBS, EFS, S3, S3I, S3 Glacier AZURE: Disk Storage, Azure Files PCF: MySQL databases within Pivotal Cloud Foundry*IBM AIX only supported by Vormetric TransparentEncryption, version 5.3 agentsVormetric Data Security Platform9
Live Data TransformationDeployment and management of data-at-rest encryption canpresent challenges when transforming clear-text to ciphertext, or when rekeying data that has already been encrypted.Traditionally, these efforts either required planned downtimeor labor-intensive data cloning and synchronization efforts.Vormetric Transparent Encryption Live Data TransformationExtension eliminates these hurdles, enabling encryption andrekeying with unprecedented uptime and administrativeefficiency.Zero-downtime encryption andkey rotationLive Data Transformation delivers these key capabilities:Zero-downtime encryption deployments. The solutionenables administrators to encrypt data without downtimeor disruption to users, applications or workflows. Whileencryption is
Vormetric Data Security Platform 2 Capabilities Transparent encryption for files, databases and containers Application-layer encryption Tokenization Dynamic and static data masking FIPS 140-2, Common Criteria certified key management Cloud Key Management Privileged user access control Access audit logging Batch data encryption and tokenization
07 Vormetric Key Management Elements 08 Thales Hardware Security Module Partner Solutions 09 Summary 09 About Thales Contents. Thales Key Management hite aer 3 Executive Summary Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today. ManyFile Size: 822KB
Thales and Pythagoras and a new feminist favorite, Hypatia. Cajori, in his A History of Mathematics, ob-serves that the most reliable information about Thales and Pythagoras is to be found in Proclus, who used as his source a no longer extant history by Eudemus, a pupil of Aristotle. Thales and Pythagoras belong to the sixth century BC, Eude-
This Quick Start Guide (QSG) provides instructions for an initial start-up of the Thales MissionLINK system up to and including making a basic phone call and accessing the Internet. This QSG is only for use on Thales MissionLINK systems that have been successfully installed per the Installation Guide (Document # 84465).
“Common criteria vs. ISO 27001” jean-yves.bernard@thalesgroup.com 10th ICCC, Tromsø, 22-24 September 2009 lørdag 29. august 2009. Thales ITSEF 2009 2 Common criteria vs. ISO 27001 Plan How to use an ISO/IEC 27001:2005 certified Information Security Management System (ISMS) in a common criteria evaluation. Development environment in a CC evaluation (DVS) Developer point of view Evaluator .
for Triple Modular Redundant Architectures Stefan Resch1 , Andreas Steininger2, and Christoph Scherrer1 1 Thales Austria GmbH, Handelskai 92, A-1200 Vienna {stefan.resch, christoph.scherrer}@thalesgroup.com 2 Vienna University of Technology, Embedded Computing Systems Group E182-2, Treitlstr. 3, A-1040 Vienna, steininger@ecs.tuwien .
4_ NIST 800-53 Mapping: Vormetric Data Security Platform . Big Data, database, and file servers. After protecting your sensitive data, least privileged access policies are enforced, preventing privileged insiders and APTs f
virtualization environment. The Vormetric Data Security Manager is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents (VTE). These agents contain a Cryptographic Modu
Business tourism trends Adventure travel Executives are increasingly attracted to the adventure venue business trip, which combines team building and strategic planning needs with adventure travel. One company, for example, designs adventure vacations for organizations designed to boost morale and develop leadership in corporate employees, while providing a "perk" in the way of a rafting trip .
