Thales e-Security

thales

Overview

Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group, learn more at: 

 

Thales e-Security Products

productVormetric Data Security Platform


The Vormetric Data Security Platform makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirement at the lowest TCO.

  • Lower TCO
    One platform, centrally managed for delivering comprehensive data security solutions.
  • Data Security
    Moving security to the data itself is more effective because it minimizes the potential for any surreptitious access.
  • Compliance
    Platform capabilities such as encryption, access control, audit logs and key management satisfy requirements across many government, industry and corporate mandates.
More Info

Vormetric Data Security Manager - centrally manage your organization's encryption keys

  • The Vormetric Data Security Manager (DSM) is at the heart of the Thales e-Security product line. The DSM provisions and manages keys for the Vormetric Data Security Platform and manages keys and certificates for third-party devices.

    Data Security Manager
  • Unified, Simplified Management
  • The DSM enables centralized management of data security policies and key management, simplifying training, deployment and operations.
  • Flexible Form Factors
    The DSM is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware.
  • Centralize Key and Policy Management
    Provision and manage keys for all Thales e-Security products, and manage keys and certificates for third-party devices.

Vormetric Transparent Encryption

The Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.

vormetric transparent Encription

  • Transparent
    Implement data-at-rest encryption and access controls without changes to applications and business processes—significantly reducing the cost of encryption deployment and operation.
  • Scalable
    Scaling to deployments of 10's of thousands of servers, the Vormetric Transparent Encryption solution is available for Windows, Linux, and Unix platforms, and can be used across physical, cloud, container and big data environments.
  • Meet Compliance and Best Practice Requirements
    Encryption, access controls and data access logging are basic requirements or recommended best practices for almost all compliance and data privacy standards and mandates, including PCI DSS, HIPAA/Hitech, GDPR and many others.

Live Data Transformation Extension


Deployment and management of data-at-rest encryption can present challenges when transforming clear-text to cipher-text, or when rekeying data that has already been encrypted. Traditionally, these efforts required planned downtime, or they required labor-intensive data cloning and synchronization efforts. Vormetric Transparent Encryption Live Data Transformation eliminates these hurdles, enabling encrypt and rekey with unprecedented uptime and efficiency.
Live Data
  • Improve Security and Data Availability
    Encrypting and re-keying data without taking applications offline allows deployment of data security controls to applications along with business continuity and high availability.
  • Reduce The Operational Costs of Encryption
    In the past, critical applications had to be taken offline for initial encryption of data and encryption maintenance, with substantial operational costs - Not any more.
  • Ease Compliance Overhead
    Compliance requirements and best practices demand periodic encryption key changes. Now maintaining standards no longer requires downtime - applications and users continue to work as usual during rekey operations.

Vormetric Transparent Encryption for SAP HANA


Vormetric Transparent Encryption provides a proven approach to safeguarding SAP HANA data that meets rigorous security, data governance and compliance requirements. The solution can be quickly deployed, requiring no changes to SAP HANA or the underlying database or hardware infrastructure. With the solution, organizations can encrypt SAP HANA data and log volumes, and establish strong governance and separation of duties.

  • Establish Strong Controls
  • Encrypt SAP Hana data and log volumes, enabling you to prevent privileged users from gaining unauthorized access to sensitive data. Streamline Encryption Implementation
  • Encrypt sensitive assets in SAP Hana environments, without having to make any changes to SAP Hana or associated applications and infrastructure. Retain Control in the Cloud
  • Encrypt data in cloud environments and other multi-tenant infrastructures, while retaining custodianship of encryption keys.

Security Intelligence Logs

Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data need to build behavioural patterns required for identification of suspicious usage by authorized users.

Security Intelligence Logs

  • Speed Response
    Leverage immediate alerts that fuel the fastest, most efficient response when issues arise.
  • Boost Visibility
    Produces an auditable trail of permitted and denied access attempts from users and processes.
  • Strengthens Data Security
    Uncover anomalous process and user access patterns that could point to an APT attack or malicious insider activities.

Vormetric Application Encryption


With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.
Application Encryption
  • Streamline Encryption Implementations
    The application encryption solution simplifies the process of adding encryption to applications. Developers use Java, .NET, or C libraries to facilitate communication between applications and encryption agents
  • Secure Cloud and Big Data Environments
    With the application encryption solution, you can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.
  • Establish Strong Controls
    Gain controls you need to stop malicious DBAs, cloud administrators, hackers, and authorities with subpoenas from gaining unauthorized access to valuable data.

Vormetric Protection for Teradata Database

By aggregating massive volumes of enterprise data in Teradata database environments, businesses can gain unprecedented insights and strategic value. Unfortunately, this very aggregation of data can also present unprecedented risks. Now, Vormetric enables your organization to guard against these Teradata database security risks. Vormetric Protection for Teradata Database makes it fast and efficient to employ robust data-at-rest security capabilities in your Teradata environments.
 
Teradata Database
  • Simplifies Encryption Deployments
    Enables efficient encryption of specific fields and columns in Teradata databases, and can encrypt sensitive records without altering their format or field schemas.
  • Centralizes Key and Policy Management
    Works seamlessly with the Vormetric Data Security Manager, so you can centrally manage keys and access policies for encryption products from Thales e-Security and other vendors.
  • Reduces Development Complexity
    Reduces complexity for developers by offering standards-based application programming interfaces (APIs) and user-defined functions (UDFs) that can perform cryptographic and key management operations.

Vormetric Orchestrator


The Vormetric Orchestrator automates Vormetric Data Security Platform product deployment, configuration, management, and monitoring. Organizations can scale encryption implementations across large enterprise data centers and hybrid cloud environments—while dramatically reducing administrative effort and total cost of ownership. Thales Orchestrator automation simplifies operations, helps eliminate errors, and speeds deployments, to help reduce staff resources required to maintain and expand encryption deployments.
Vormetric Orchestrator

  • Accelerated Encryption Deployments
    Deploy and register thousands of Vormetric Transparent Encryption Agents using API's that work with your IT automation tools and services.
  • Efficient Integration
    A plug-in architecture enables fast integration with configuration management solutions such as Chef and Ansible. RESTful APIs and CLI make for easy integration and scripting.
  • Flexible Deployment Options Available as a virtual appliance, you can orchestrate Vormetric Data Security Platform products in your data centers or public or private cloud environments.

Vormetric Tokenization with Dynamic Data Masking

Vormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates like PCI DSS. The solution delivers capabilities for database tokenization and dynamic display security. Now you can efficiently address your objectives for securing and anonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.
Dynamic Data Masking

  • Efficiently Reduce PCI DSS Compliance Scope
    Remove card holder data from PCI DSS scope with minimal cost and effort and save big on complying with the industry standard.
  • Foster Innovation Without Introducing Risk
    Tokenize data and maintain control and compliance when moving to the cloud, big data, and outsourced environments.
  • Scale Globally
    Deploy the solution globally without concerns about token synchronization, performance or uncontrolled costs. The vaultless tokenization approach and pricing model enables easy to manage and affordable scale.

General Purpose HSMs

Thales e-Security nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.

nShield Connect


nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.

The nShield Connect series includes nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
nshield
  • Highly flexible architecture
    nShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
  • Process more data faster
    nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.
  • Protect your proprietary applications and data
nShield Connect HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.

More Info

nShield Solo HSMs

nShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.

The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.nShield Solo HSMs
  • Highly flexible architecture
    All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
  • Process more data faster
    nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.
  • Protect your proprietary applications and data
nShield Solo HSMs don’t just protect your sensitive keys and data; they also provide a secure environment for running sensitive applications. The CodeSafe option lets you execute code within nShield boundaries, protecting your applications and the data they process.


nShield Edge

edgeThe nShield Edge is a full-featured, portable HSM designed for low-volume transaction environments. This USB-connected device delivers capabilities for encryption and key protection, and is ideally suited for off-line key generation for certificate authorities (CAs) as well as development environments.
  • Ideal for low-volume transaction environments
    Suits off-line key generation and development environments, while delivering complete algorithm and API support.
  • Highly portable
    Small, lightweight design with convenient USB interface supports a wide variety of host platforms, including laptops and other portable devices.
  • Cost effective
    The most economical HSM in the nShield family, nShield Edge gives you an entry-point HSM, while letting you scale your environment with other nShield models as needed.

Unified Key Management Solutions

Thales e-Security unifies management, centralizes secure storage, and simplifies governance of encryption keys and certificates with FIPS 140-2 certified products.

Integrated Key Management


With Vormetric Key Management, you can centrally manage keys from all Vormetric Data Security Platform products, and securely store and inventory keys and certificates for third-party devices—including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products. By consolidating key management, this product fosters consistent policy implementation across multiple systems and reduces training and maintenance costs.
Integrated Key Management
  • Unify Key and Certificate Management
    Leverage a single key management platform for managing keys from Vormetric Data Security Platform products and third-party devices—including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
  • Securely Vault Keys
    Securely store keys in the Vormetric Data Security Manager (DSM), which is available as a virtual appliance and FIPS 140-2 Level 3-certified hardware appliance.
  • Prevent Unplanned Downtime
    Maximize key availability and redundancy, leveraging secure replication of keys across multiple appliances with automated backups. Automated alerts help prevent unexpected key expiration.

Vormetric Key Management as a Service

For virtually every organization today, the adoption of cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With Vormetric Key Management as a Service (KMaaS), your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.
Vormetric Key Management
  • Gain Strong Key Control
    Leverage cloud services, while establishing the separation of duties, compliance reporting, and lifecycle management that meets corporate and auditor requirements.
  • Enjoy Fast, Flexible Implementation
    Deploy in the cloud or on-premises. Either way, this key management solution features an intuitive, easy-to-use interface, simple implementation, and instant scalability.
  • Control Keys Over their Lifecycle
Leverage the bring your own key (BYOK) APIs provided by cloud vendors to gain full control over the key management lifecycle, including key creation, uploading, updating, storing, revocation, and reporting.


nShield Bring Your Own Key


With nShield BYOK, you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys. Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.

  • Safer key management
    Backed by FIPS 140-2 Level 2 and 3 nShield HSMs, nShield BYOK helps you adopt safer key management practices that strengthen the security of your sensitive data in the cloud.
  • Stronger control over your keys
    Use your own nShield HSMs in your own environment to create, store and securely export your keys to the cloud.
  • Superior key generation
    nShield HSMs use a certified, high-entropy random number generator to create keys of higher quality than typically generated in software.

Data in Motion

Robust, Scalable Encryption of Data in Motion


Thales e-Security delivers data-in-motion encryption hardware that enables businesses and government agencies to establish secure, affordable, and high-performance connectivity. The Datacryptor 5000 Series network data encryption solution provides robust security, low latency, and high performance in Layer 2 and IP networks.

  • Gain Strong Safeguards
    Utilizing high-assurance encryption methods and state-of-the-art key management techniques, the Datacryptor 5000 delivers maximum protection of sensitive transmissions and assets.
  • Maximize Performance
    These hardware encryption solutions offer high performance, and significantly lower latency than software encryption capabilities embedded in common network devices, such as switches and routers.
  • Ensure Compliance
    Utilize the most cost-effective data transport medium available, while also meeting or exceeding business and regulatory requirements for data privacy and confidentiality.
  • Dataryptor
    • Designed to meet FIPS 140-2 Level 3 and Common Criteria requirements for network devices.
    • Robust system management capabilities, including integrated monitoring of network status and operation, auditing and event logging, remote monitoring, and more.
    • Support for strong encryption, including AES-GCM and AES-CBC (256-bit).
    • Offers support for key exchange through Diffie-Hellman ECC algorithm (DH-ECKAS)
Choose from a range of Datacryptor models, so you get the solutions that match your network protocol, speed, certification, and customization requirements.  Datacryptor systems were designed specifically to secure data in motion for business-critical applications.  
 

Videos

Thales Videos

Contact Us

thalesThales e-Security is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premise, in the cloud, in data centers and in big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices.