600 likes | 853 Views
Data Protection Portfolio. Chris Harris Northern European Pre-Sales Manager. SafeNet Data Protection Portfolio. High Speed Encryption. Authentication - Identity Protection . Hardware Security Modules. DataSecure - Encryption and Control.
E N D
Data Protection Portfolio Chris Harris Northern European Pre-Sales Manager
SafeNet Data Protection Portfolio High Speed Encryption Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control • Offering the broadest range of authentication, from HW smartcard tokens to mobile phone auth all managed from a single platform • The market leader in certificate based token authentication • Industry only unified authentication platform offering customers the freedom to adapt • Unique technology offerings with clienteles tokens ,high assurance offerings and more • The fastest, most secure, and easiest to integrate application & transaction security solution for enterprise and government • The market leader in enterprise-grade HSM • Industry Innovator in Payment HSM • Widest portfolio of platforms and solutions • SafeNet Delivered its 75,000th HSM — sets Industry Milestone • World’s first and only unified platform that delivers intelligent data protection and control for ALL information assets • Centralized policy, key management, logging and auditing • Data centric, persistent protection across datacenters, endpoints and into the cloud • Integrated perimeter data leakage prevention • Appliance based, Proven scalability and high performance • SafeNet high-speed Encryptors combine the highest performance with the easiest integration and management. • Unparalleled leverage across classified and COTS communication protection (FIPS 140-2 Level 3) • Best-in-class Security Management Center • Solutions for Ethernet, SONET up to 10Gb • Zero bandwidth loss, low- latency Encryption REV 0.1 2
Authentication - Identity Protection Token Management System Smartcard USB Tokens SmartCards SafeNet’s strong authentication solutions help our customers meet organizational and end user needs enable business growth and achieve compliance Hybrid (OTP/SC/Storage) Tokens OTP tokens Software / mobile Authenticators REV 0.1 4
24x7 secure access to sensitive business information Digital signing of transactions Strong Authentication – The Need • Passwords are: • Often easy to crack and easy to guess • Easy to steal: keystroke loggers, phishing attacks • Difficult to remember and use • The cause of high help-desk costs Secure PCs and laptops
The Authentication Portfolio • SafeWord's seamless integration with an Microsoft infrastructure makes it simple to deploy two-factor authentication for VPNs, Citrix applications, Web applications, Webmail, and Outlook Web Access • Token assignment, enrollment, revocation, update, replacement • Password reset/change • Auditing, Reporting • Self-service options • Integrated with AD/LDAP
HSM - Transaction & Identity Protection Luna SA / SP ProtectHost EFT Luna XML Luna SX SafeNet’s Hardware Security Modules are the fastest, most secure, and easiest to integrate solution for protecting identities, applications and transactions CA4 Luna PCM ProtectServer Gold Luna PCI REV 0.1 9
What is a HSM, Why use one? • Security • Sensitive cryptographic keys and processes are stored, managed and protected by dedicated hardware • Performance • Processing bottlenecks are eliminated with hardware cryptographic acceleration • Auditability • Dedicated hardware provides a clear audit trail for all key materials
Introducing the Product Line • SafeNet brings together the HSM technology of three leading companies to deliver an array of customer choice with regard to features, certifications, performance and connectivity.
HSM Product Portfolio Luna CA4 Luna PCI Luna PCM Luna SA • High assurance enterprise-grade HSM • 5,500+ ops/s • Certifications: FIPS 140-2 Level 3, CC EAL 4+ • Full platform support • Secure remote administration • 10/100 Ethernet interface • Extensive algorithm support • Supports partitioning • Hardware secured remote administration • Root key HSM for true hardware key management • FIPS 140-2 Level 3 certified • Extensive algorithm support • Supports two-factor trusted path authentication • Supports common certificate authorities (Microsoft, Entrust, Verisign, RSA, etc.) • Fast, high-assurancePCI HSM card forhardware key management and crypto acceleration • 7,000 ops/s • FIPS 140-2 Level 3 • Supports two-factor trusted path authentication • Extensive Algorithm support • Portable, cost-effective PCMCIA HSM card for hardware key management and crypto acceleration • Versions for document signing, key export for registration of tokens, and signing and back up of key material to a token • FIPS 140-2 Level 2 • Extensive algorithm support
HSM Product Portfolio ProtectServer Gold ProtectHost EFT Luna SP Luna XML • High assurance HSM for financial payment systems • PIN generation & verification • Supports global payment processing, EMV, and Card Issuance APIs • 1,200 Visa PIN Verify operations / sec • Certifications: FIPS 140-2 Level 3, CC • Easy GUI-based administration • Protected Application Execution Environment • 5,500+ ops/s • Certifications: FIPS 140-2 Level 3 • Executes sensitive application processing tasks. • Web service interface to application clients. • Signed code prevents unauthorised execution • Leverages tried and trusted Java security model • Hardware secured remote administration • High assurance enterprise-grade HSM for XML environments • XML interface (WSDL) encapsulates crypto functions, enabling rapid integration development • FIPS 140-2 Level 3 • Extensive algorithm support • No client required • 2,200 ops/sec • OS independent • Secure remote administration • 10/100/1000 Ethernet interface • Cost-effective high-assurance PCI HSM card for customizable hardware key management • Up to 600 ops/s • Easy GUI-based administration • Customizable interface • FIPS 140-2 Level 3 • Extensive algorithm support • Secure remote administration
SafeNet HSM Product Range Overview ProtectServer Internal ProtectServer External ProtectHost EFT Luna CA3/CA4 Luna PCI Luna PCM Luna SA Luna SP Server Network Network Network Embedded Embedded Embedded Server/ Network FIPS 140 Level 2 and Level 3 CCEAL 4+ (CA3) CCEAL 4+ CCEAL 4+ PKCS 11, Java, CAPI PPO PPO PPO 27/sec 600/sec 7000/sec 27/sec 4500+/sec 4500+/sec 450/sec 1200/sec Symmetric and Asymmetric 20 x partitions, SSL acceleration EFT Command Sets
Principles of Best Practice http://www.safenet-inc.com/library/
DataSecure Platform File, Folder & Field Encryption
DataSecure – Data Encryption & Control DataSecure i450 and i150 Application/dB Connector Software • DataSecure is the industry’s most trusted platform to provide intelligent data protection for ALL information assets—both structured and unstructured from the Datacenter to the endpoint and into the cloud • . Centralized Policy and Key Management Full Disk Encryption File/Folder Protection REV 0.1 18
DataSecure – Data Encryption & Control Web/App Servers Mainframes DataSecure Platform ProtectApp ProtectDB ProtectFile ProtectFile Mobile ProtectDrive ProtectDB ProtectFile ProtectApp File Servers Endpoint Devices REV 0.1 19
DataSecure Application Integration • Software Libraries • Microsoft .NET, CAPI • JCE (Java) • PKCS#11 (C/C++) • SafeNet ICAPI (C/C++) • z/OS (Cobol, Assembler, etc.) • XML • Support for virtually all application and web server environments DataSecure Platform E-Commerce Application Reporting Application Customer Database
DataSecure Database Integration • Database Connectors • Oracle 8i, 9i, 10g, 11g • IBM DB2 version 8, 9 • IBM UDB version 8, 9 • Microsoft SQL Server 2000, 2005, 2008 • Teradata 12 • Application changes not required • Batch processing tools for managing large data sets • Vendor Transparent Database Integration • SQL Server 2008 • Oracle 11g DataSecure Platform Customer Database
DataSecure Token Manager DataSecure Tokenization • DataSecure—acts as the “vault” for sensitive data values and token by protecting with strong encryption and key management • Token Manager—replaces sensitive data with format-preserving tokenization via: • Secure Message Layer - SOA-based interface, callable from anywhere • Protected Zone - host of the Secure Message Layer, handles calling DataSecure and generating tokens Secure Message Layer DataSecure Protected Zone
Tokenization: Store Sensitive Value client application protected zone datasecure token service ProtectApp Connector ssl token manager vault SQL SERVER SSL JDBC SOA SSL token generator ORACLE JVM
Tokenization: Retrieve Sensitive Value client application protected zone datasecure token service ProtectApp Connector ssl token manager vault SQL SERVER SSL JDBC SOA SSL token generator ORACLE JVM
DataSecure – Data Encryption & Control Web/App Servers Mainframes DataSecure Platform ProtectApp ProtectDB ProtectFile ProtectFile Mobile ProtectDrive ProtectDB ProtectFile ProtectApp File Servers Endpoint Devices REV 0.1 27
ProtectFile Architecture Endpoint Protection with Centralized Key & Policy Management • ProtectFile PC • Granular folder and file-level encryption • Independent, password-based or token-based user access control • Key and policy management on DataSecure for end-user transparency • Encrypted files stored locally or on shared file servers • ProtectFile Server • Granular folder- and • file-level encryption • Client users use • Native windows • access control • Key and policy mgmt • on DataSecure for end user transparency Corporate File Server End User Laptop Network Shares • DataSecure Platform • Centralized key and policy management • Comprehensive logging and reporting • Enterprise scalability and redundancy • FIPS and CC certified
ProtectFile Sample Policies • Create policies that align to lines of business • Granular policies can be defined to control access to authorized users Call center reps can encrypt credit card numbers for phone orders Finance Managers – gets full access to confidential financial spreadsheets Customer contracts sent to the call center are saved to a shared file server by the Call Center reps where they are automatically encrypted and strict access control is applied. Outside Auditors – get access to sensitive files remotely and offline, but need to get re-authorized by IT every 30 days to regain access. (Policy can be configured based on any set amount of time.) Market analysts are able to access and share their competitive analysis on seasonal opportunities in the Finance folder, but only see cipher text if they try to click on the spreadsheet with analyst salary information. IT Administrators – they get access to perform routine maintenance, but cannot see any files that have been encrypted (IT sees only cipher text).
DataSecure – Data Encryption & Control Web/App Servers Mainframes DataSecure Platform ProtectApp ProtectDB ProtectFile ProtectFile Mobile ProtectDrive ProtectDB ProtectFile ProtectApp File Servers Endpoint Devices REV 0.1 31
SafeNet ProtectDrive The world’s highest rated and most cost-effective full disk and removable media encryption solution. Protects sensitive data and ensures compliance with the lowest operating costs. Protect Drive Perfect 5 Star Review From SC Magazine
Pre-boot Authentication If smart card and password logon has been enabled user inserts smart card or presses Enter. After inserting his smart card the user only needs to enter his PIN. For password logon the user enters his Windows user credentials.
Broad Platform Support • ProtectDrive: The only disk encryption solution with a track record of successfully protecting servers, including RAID arrays, as well as laptops and workstations. • Smart Phone Support – ProtectMobile supports Windows Mobile today, with 1H 2010 additional support of Apple iPhone, Symbian, Palm
AD/ADAM Management Leverage what your organization already knows — Active Directory — to speed-up deployments and reduce ongoing management costs.Other solutions merely link to AD, whereas ProtectDrive integrates with AD/ADAM.
Token / Smart Card Support • Tokens: • SafeNet eToken Pro • eToken Pro Anywhere • NG-FLASH • NG-OTP • SafeNet iKey 2032 • SafeNet iKey 1000 • SafeNet iKey 4000 • RSA SID800 • Cards: • SafeNet • CAC/PIVII • ActivIdentity • CardOs cards • Schlumberger • Cyberflex • SafeNet SC330; SC 400 • And MANY others • SafeNet is the only vendor providing tokens/smart cards and disk/file encryption, ensuring long term support and compatibility. • No integration worries; no vendor finger-pointing over issues; one contact point for ongoing support • Passwords are less secure than two-factor authentication • At pre-boot, token/smart card credentials provide authentication for OS log in • Certificate-based authentication provides non repudiation and other forensic capabilities
Biometric/Smartcard Authentication ProtectDrive also supports match-on-card biometric authentication
SafeNet ProtectDrive • Seamless integration with Active Directory or ADAM • Immediate familiarity • No additional servers/applications to install and manage • 100% hard drive encryption by partition or full disk • All data encrypted, registry, temp files, master file table, partition boot record, ... • Wide operating system support • Windows XP, 2000, 2003, 2008 R2, Windows Vista, Windows 7 • Rapid Recovery • A suite of recovery tools which enable the safe recovery of a ProtectDrive system in as little as three minutes • Token Support • Support a wide range of PKI tokens, including the eToken Pro, eToken Pro Anywhere, NG-FLASH and NG-OTP
SafeNet WAN Encryption • SafeNet offers Layer 2 encryption solutions • Layer 3 solutions (IPSec) are now absorbed into routers • Why layer 2? …
Improved Performance With The Typical Traffic Profile More Than 50% of Bandwidth Can Be Lost Source: Rochester Institute of Technology
Simplified Management This creates the potential for network outages and security vulnerabilities Operations Center Disaster Recovery Location and here!!! Transport and here… Carrier Edge Router Security Policy has to be updated here… IPSec Encryptor Router Every time something changes here… Operations Center LAN
Simplified Management – Layer 2 No administrative burden, no outages and no security policy changes Operations Center Disaster Recovery Location or here!!! Transport or here… Carrier Switch nothing changes here… Layer 2 Encryptor Customer Premise Router When something changes here… Operations Center LAN Company Confidential
Best Fit for Layer 2 Encryption • Ethernet Encryption • SONET Encryption 10/1G • Ethernet Encryption 100/10M
Security Management Center II SMC II Is The Only Truly Enterprise Class Encryptor Management Platform
SafeNet Ethernet Encryptor FIPS 140-2 Level 3 Certified The Only Complete Family of Ethernet Encryptors for All Performance Levels to Secure Ethernet Networks
SafeNet SONET Encryptor FIPS 140-2 Level 3 Certified The SafeNet SONET Encryptor is the Worlds Most Widely Deployed Solution for Protecting SONET and SDH Networks