Thales e-security Financial and Operational Benefits of using Datacryptor R4.02 in your network

Similar documents
Thales e-security Key Isolation for Enterprises and Managed Service Providers

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

ncipher modules Integration Guide for Microsoft Windows Server 2008 Active Directory Certificate Services Windows Server bit and 64-bit

nshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2.

ncipher Modules Integration Guide for Axway Validation Authority Server 4.11 (Responder)

Accessing and sending data securely across security domains

Voice and Data Convergence

Integration Guide Microsoft Internet Information Services (IIS) 7.5 Windows Server 2008 R2

TrustWay: the high security solution

ethernet services for multi-site connectivity security, performance, ip transparency

Building a better branch office.

Thales ncipher modules. Version: 1.2. Date: 22 December Copyright 2009 ncipher Corporation Ltd. All rights reserved.

ncipher Modules Integration Guide for Apache HTTP Server

Upgrading and Improving the Trust of Microsoft Windows Certificate Authorities

Virtual Private LAN Service (VPLS)

Cisco Wireless Security Gateway R2

SingTel MPLS. The Great Multi Protocol Label Switching (MPLS) Migration

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

BT Connect Networks that think

Video Conferencing and Security

secure For the ultimate in Cyber Defence TRL Technology

1.1. Abstract VPN Overview

Secure SSL, Fast SSL

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

Network Services Internet VPN

UNIFIED PERFORMANCE MANAGEMENT

An Introduction to SIP

Encrypting ATM Firewall

Mesh VPN Link Sharing (MVLS) Solutions

Cisco IP Telephony. Presented By Alastair Brand NETintellect

June Palo Alto Networks 3300 Olcott Street Santa Clara, CA

Site2Site VPN Optimization Solutions

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

BT Hosted IPT (VoIP)

Managed Service For IP VPN Networks

SafeEnterprise SSL igate Managing Central Access to Resources with VPX Technology

Network Security. Chapter 9 Integrating Security Services into Communication Architectures

CDW PARTNER REVIEW GUIDE WIRELESS INFRASTRUCTURE

Transforming public services in Scotland Value Added Services

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

Limitation of Riverbed s Quality of Service (QoS)

CYBER SECURITY Audit, Test & Compliance

Solution Brief. Migrating to Next Generation WANs. Secure, Virtualized Solutions with IPSec and MPLS

Preparing Your IP Network for High Definition Video Conferencing

EXINDA NETWORKS. Deployment Topologies

WAN Migration Techniques

How to choose the right IP gateway for your VoIP migration strategy. Deployment note

FatPipe Networks

WAN Optimization in MPLS Networks- the Transparency Challenge!

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

White paper. Reliable and Scalable TETRA networks

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

CISCO METRO ETHERNET SERVICES AND SUPPORT

CUTTING THROUGH THE HYPE: WHAT IS TRUE NEXT GENERATION SECURITY?

SDN. Expectations. February Independent Market Research Commissioned by

NZQA Expiring unit standard 6857 version 4 Page 1 of 5. Demonstrate an understanding of local and wide area computer networks

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Executive summary. Introduction Trade off between user experience and TCO payoff

Release the full potential of your Cisco Call Manager with Ingate Systems

CLOUD COMPUTING IN PRIVATE DEFENCE NETWORKS

OKTOBER 2010 CONSOLIDATING MULTIPLE NETWORK APPLIANCES

Network Assessment Services

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

High Level Overview of IPSec and MPLS IPVPNs

3 Steps to Transform your Business with Next-Generation Networking

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Consolidating Multiple Network Appliances

WAN Traffic Management with PowerLink Pro100

Converged Private Networks. Supporting voice and business-critical applications across multiple sites

IP Trading Solutions

Microsoft SharePoint 2013 with Citrix NetScaler

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

The evolution of data connectivity

Secure Network Design: Designing a DMZ & VPN

IP Video Surveillance

Agilent N2X Layer 2 MPLS VPN Emulation Software

Australian Bank Improves File Services and Software Deployment for its Branch Offices

Security and the Mitel Teleworker Solution

DeltaV Remote Client. DeltaV Remote Client. Introduction. DeltaV Product Data Sheet. Remote engineering and operator consoles

Exchange 2010 migration guide

Cyber Security Management for Utility Operations by Dennis K. Holstein (Opus Publishing) and Jose Diaz (Thales esecurity)

Understanding Video Conferencing. BCS Global Video Conferencing Guide

Transcription:

www.thales-esecurity.com Thales e-security Financial and Operational Benefits of using Datacryptor R4.02 in your network

How do you currently manage your key updates for your crypto networks? How much time and money are you spending on managing, distributing and installing certificates? Would you benefit from remote re-keying without the need for a trained operative out in the field? How can you increase your security posture and reduce the risk of compromise?

www.thales-esecurity.com Reduce the through life costs of securing your network Datacryptor R4.02 software enables a network administrator to reduce the through life costs of securing their networks because it offers the ability to remotely re-key the devices using a feature called Self Keying. Self Keying enables high level certificates to be held securely at a networks central management facility and then used to control and manage the certificates used by the Datacryptor AP devices in the network. This reduces the resources and time needed to produce, manage, distribute and install certificates, which in turn reduces the through life cost of securing your network and the time needed to respond to changes. Ensure your network is using the latest standards As Datacryptor R4.02 application software uses elliptic curve Cryptography, your network will be using the latest encryption standards. For comparable key lengths, elliptic curve provides increased security against previous modes and is therefore able to offer greater efficiency and peace of mind. For those needing interoperability with previous encryption modes to support an incremental role out, our team is very happy to discuss this on a case by case basis. Builds on features already within the Datacryptor Datacryptor R4.02 builds on and enhances the features already within the Datacryptor AP software. This ability to build on the already feature rich software is a benefit of using Datacryptor devices to secure your network. The release of R4.02 provides evidence of the commitment Thales makes to deliver continued benefit to their customers, in particular to those that choose to secure their networks using the Datacryptor family of products. With a Datacryptor at each node, the central facility can remotely control the node without input from a local operator.

Key benefits: Ability to remotely re-key devices Supports Elliptic Curve Cryptography Reduces through life costs of security Security function becomes more agile Self Keying Self Keying is the process that allows Unit Certificates to be created within a Closed User Group instead of receiving them from a Key Production Authority. It also allows the Network Manager to key the unit every year instead of loading many years of key material and sending it out to a remote location; this makes the unit less vulnerable. The Unit Certificates are certified by a Datacryptor Remote Management Certificate Authority (DCRM-CA) before they can be used. As well as day to day and operational benefits, Self Keying will bring significant financial benefits. For example, when taking into account the cost of procuring new keys from a Key Production Authority, travel, and in some cases accommodation costs, add to that the labour time in securely distributing and loading new keys the costs soon mount up. Centralised Remote management Datacryptor AP devices can be centrally remotely managed; so your network can be controlled at the networks central management facility in a timely and cost effective way. Management can be achieved to each device, either in or out of bandwidth. Multiple Security Associations Datacryptor is able to support up to 400 security associations simultaneously. This makes meshing your network easy and effective. Migration from existing infrastructure Using Datacryptor AP enables a controlled migration from legacy data connectivity options such as ISDN onto more widely available and cheaper modern provisions such as ADSL. The following table provides an illustrated example of the typical types of savings that can be achieved when using DCAP R4.02. Even with a relatively small local deployment there is a considerable benefit to using DCAP R4.02 compared with some alternatives. Take our online Self Keying Calculator to establish how much you could save with your particular deployment www.thales-calculator.co.uk

www.thales-esecurity.com Annual Cost Legacy Annual Saving R4.02 Saving Per Unit over 3 years Small Network 5 units. Campus or Town Small Network 5 units. County Medium Network 35 units. County Medium Network 35 units. Country Large Network 90 units. Country Large Network 90 units. International 2,657 2,376 1,426 3,865 3,585 2,151 27,055 25,093 2,151 44,555 42,593 3,651 114,570 109,526 3,651 177,570 176,526 5,751 *Assumptions have been made to travel and accommodation costs as well as time required to install and commission unit

Additional benefits Reverse tunnelling Datacryptor AP is approved for use to provide reverse tunnelling. An encryption tunnel usually serves to protect sensitive information passing between trusted hosts over an untrusted network. However, benefits can sometimes be derived from doing the reverse i.e. tunnelling less sensitive information over a more highly classified network. Often the need arises for remote, lower assurance or untrusted hosts (or domains) at government sites to inter communicate. Being lower assurance, they are not allowed to connect to the classified LAN s and there is often no practical way for them to directly access the existing WAN (which is usually dedicated to the encrypted tunnels). Rather than building a new, parallel WAN infrastructure for the lower assurance traffic, the answer here is to use reverse tunnelling between the lower assurance or untrusted hosts (or domains) using the existing secure WAN infrastructure. Encrypting the traffic in this case is not done to protect the traffic itself, but to prevent the leakage of sensitive information from the more highly classified network it is traversing. The main benefit of reverse tunnelling is that it allows spare, existing (i.e. paid for) bandwidth to be used, rather than having to put in a new, separate network to carry the lower classification traffic. This makes the deployment of the solution very quick, easy and cost effective. By utilising the existing network infrastructure, reverse tunnelling is simpler and more efficient than alternative solutions and provides many benefits: Reduced deployment costs re-uses existing network infrastructure Reduced maintenance costs minimal additional hardware, no extra networks Timely deployment quick and easy to overlay on existing network Low risk no changes required to core network Reduced bandwidth costs shares available network bandwidth

QoS pass through Datacryptor AP allows Quality of Service (QoS) pass through which assists with network control and administration because it allows networks to use QoS, yet still remain secure. Low handling Even when keyed Datacryptor AP has low handling requirements, which reduces the costs and resources required to administrate your network. Datacryptor AP can be left in situ, ready to work, without the need for any additional complicated security procedures or protection mechanisms. Preconfigured for easy deployment Datacryptor AP can be securely transported in a preconfigured state. If configured at the central facility this enables Datacryptor AP to be simply plugged in when they reach the far end. Certificate based key material The use of certificate based key material means that Datacryptor AP devices are able to respond quickly to changes in your network topography. Protected investment Datacryptor AP is designed to be flexible and programmable so that software can be upgraded to respond to threat or need. Therefore as your network evolves, Datacryptor evolves with it. Off the shelf product As an off the shelf product Datacryptor AP is trusted for use on all sensitivities of network, from commercial through to highly sensitive governmental networks, whilst still retaining the ability to be transported and imported around the world. Solution specification Datacryptor R4.02 is available for use in IP, Frame Relay or Link networks Additional hardware is required to provide the Self Keying service Datacryptor AP is managed securely using Element Manager and a CryptoManager. Range of procurement options Our team are happy to discuss the competitive range of procurement options for Datacryptor devices. For more information please contact one of our team: UK Mark Eaton Mark.Eaton@thales-esecurity.com US Scott Hawke scott.hawke@thales-esecurity.com Europe Chris Woods chris.woods@thales-esecurity.com Australasia Geoff James geoff.james@thales-esecurity.com

www.thales-esecurity.com About Thales e-security Thales e-security is a leading global provider of data encryption and cyber security solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 80 percent of worldwide payment transactions. Thales e-security has offices in Australia, France, Hong Kong, Norway, United Kingdom and United States. For more information, visit www.thales-esecurity.com Follow us on: Thales e-security December 2012 LH0931 Americas Thales e-security Inc. 900 South Pine Island Road, Suite 710, Plantation, FL 33324 USA Tel:+1 888 744 4976 or +1 954 888 6200 Fax:+1 954 888 6211 E-mail: sales@thalesesec.com Asia Pacific Unit 4101 41/F 248, Queen s Road East, Wanchai, Hong Kong, PRC Tel:+852 2815 8633 Fax:+852 2815 8141 E-mail: asia.sales@thales-esecurity.com Europe, Middle East, Africa Meadow View House, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ Tel:+44 (0)1844 201800 Fax:+44 (0)1844 208550 E-mail: emea.sales@thales-esecurity.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information