Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group, learn more at:
Vormetric Product Line
Vormetric Data Security Platform
The Vormetric Data Security Platform makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirement at the lowest TCO.
- Lower TCO
One platform, centrally managed for delivering comprehensive data security solutions.
- Data Security
Moving security to the data itself is more effective because it minimizes the potential for any surreptitious access.
Platform capabilities such as encryption, access control, audit logs and key management satisfy requirements across many government, industry and corporate mandates.
Vormetric Data Security Manager - centrally manage your organization's encryption keys
- The Vormetric Data Security Manager (DSM) is at the heart of the Thales e-Security product line. The DSM provisions and manages keys for the Vormetric Data Security Platform and manages keys and certificates for third-party devices.
- Unified, Simplified Management
The DSM enables centralized management of data security policies and key management, simplifying training, deployment and operations.
- Flexible Form Factors
The DSM is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware.
- Centralize Key and Policy Management
Provision and manage keys for all Thales e-Security products, and manage keys and certificates for third-party devices.
Vormetric Transparent Encryption
The Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.
Implement data-at-rest encryption and access controls without changes to applications and business processes—significantly reducing the cost of encryption deployment and operation.
Scaling to deployments of 10's of thousands of servers, the Vormetric Transparent Encryption solution is available for Windows, Linux, and Unix platforms, and can be used across physical, cloud, container and big data environments.
- Meet Compliance and Best Practice Requirements
Encryption, access controls and data access logging are basic requirements or recommended best practices for almost all compliance and data privacy standards and mandates, including PCI DSS, HIPAA/Hitech, GDPR and many others.
Live Data Transformation Extension
Deployment and management of data-at-rest encryption can present challenges when transforming clear-text to cipher-text, or when rekeying data that has already been encrypted. Traditionally, these efforts required planned downtime, or they required labor-intensive data cloning and synchronization efforts. Vormetric Transparent Encryption Live Data Transformation eliminates these hurdles, enabling encrypt and rekey with unprecedented uptime and efficiency.
- Improve Security and Data Availability
Encrypting and re-keying data without taking applications offline allows deployment of data security controls to applications along with business continuity and high availability.
- Reduce The Operational Costs of Encryption
In the past, critical applications had to be taken offline for initial encryption of data and encryption maintenance, with substantial operational costs - Not any more.
- Ease Compliance Overhead
Compliance requirements and best practices demand periodic encryption key changes. Now maintaining standards no longer requires downtime - applications and users continue to work as usual during rekey operations.
Vormetric Transparent Encryption for SAP HANA
Vormetric Transparent Encryption provides a proven approach to safeguarding SAP HANA data that meets rigorous security, data governance and compliance requirements. The solution can be quickly deployed, requiring no changes to SAP HANA or the underlying database or hardware infrastructure. With the solution, organizations can encrypt SAP HANA data and log volumes, and establish strong governance and separation of duties.
- Establish Strong Controls
- Encrypt SAP Hana data and log volumes, enabling you to prevent privileged users from gaining unauthorized access to sensitive data. Streamline Encryption Implementation
- Encrypt sensitive assets in SAP Hana environments, without having to make any changes to SAP Hana or associated applications and infrastructure. Retain Control in the Cloud
- Encrypt data in cloud environments and other multi-tenant infrastructures, while retaining custodianship of encryption keys.
Security Intelligence Logs
Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data need to build behavioural patterns required for identification of suspicious usage by authorized users.
- Speed Response
Leverage immediate alerts that fuel the fastest, most efficient response when issues arise.
- Boost Visibility
Produces an auditable trail of permitted and denied access attempts from users and processes.
- Strengthens Data Security
Uncover anomalous process and user access patterns that could point to an APT attack or malicious insider activities.
Vormetric Application Encryption
With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.
- Streamline Encryption Implementations
The application encryption solution simplifies the process of adding encryption to applications. Developers use Java, .NET, or C libraries to facilitate communication between applications and encryption agents
- Secure Cloud and Big Data Environments
With the application encryption solution, you can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.
- Establish Strong Controls
Gain controls you need to stop malicious DBAs, cloud administrators, hackers, and authorities with subpoenas from gaining unauthorized access to valuable data.
Vormetric Protection for Teradata Database
- Simplifies Encryption Deployments
Enables efficient encryption of specific fields and columns in Teradata databases, and can encrypt sensitive records without altering their format or field schemas.
- Centralizes Key and Policy Management
Works seamlessly with the Vormetric Data Security Manager, so you can centrally manage keys and access policies for encryption products from Thales e-Security and other vendors.
- Reduces Development Complexity
Reduces complexity for developers by offering standards-based application programming interfaces (APIs) and user-defined functions (UDFs) that can perform cryptographic and key management operations.
The Vormetric Orchestrator automates Vormetric Data Security Platform product deployment, configuration, management, and monitoring. Organizations can scale encryption implementations across large enterprise data centers and hybrid cloud environments—while dramatically reducing administrative effort and total cost of ownership. Thales Orchestrator automation simplifies operations, helps eliminate errors, and speeds deployments, to help reduce staff resources required to maintain and expand encryption deployments.
- Accelerated Encryption Deployments
Deploy and register thousands of Vormetric Transparent Encryption Agents using API's that work with your IT automation tools and services.
- Efficient Integration
A plug-in architecture enables fast integration with configuration management solutions such as Chef and Ansible. RESTful APIs and CLI make for easy integration and scripting.
- Flexible Deployment Options
- Available as a virtual appliance, you can orchestrate Vormetric Data Security Platform products in your data centers or public or private cloud environments.
Vormetric Tokenization with Dynamic Data MaskingVormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates like PCI DSS. The solution delivers capabilities for database tokenization and dynamic display security. Now you can efficiently address your objectives for securing and anonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.
- Efficiently Reduce PCI DSS Compliance Scope
Remove card holder data from PCI DSS scope with minimal cost and effort and save big on complying with the industry standard.
- Foster Innovation Without Introducing Risk
Tokenize data and maintain control and compliance when moving to the cloud, big data, and outsourced environments.
- Scale Globally
Deploy the solution globally without concerns about token synchronization, performance or uncontrolled costs. The vaultless tokenization approach and pricing model enables easy to manage and affordable scale.
General Purpose HSMs
nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
The nShield Connect series includes nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
- Highly flexible architecture
nShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
- Process more data faster
nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.
- Protect your proprietary applications and data
nShield Solo HSMsnShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.
The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
- Highly flexible architecture
All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
- Process more data faster
nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.
- Protect your proprietary applications and data
nShield EdgeThe nShield Edge is a full-featured, portable HSM designed for low-volume transaction environments. This USB-connected device delivers capabilities for encryption and key protection, and is ideally suited for off-line key generation for certificate authorities (CAs) as well as development environments.
- Ideal for low-volume transaction environments
Suits off-line key generation and development environments, while delivering complete algorithm and API support.
- Highly portable
Small, lightweight design with convenient USB interface supports a wide variety of host platforms, including laptops and other portable devices.
- Cost effective
The most economical HSM in the nShield family, nShield Edge gives you an entry-point HSM, while letting you scale your environment with other nShield models as needed.
Thales enhances security of F5 Big-IP platforms
F5 and Thales provide dedicated SSL termination, offload and acceleration with certified tamper-resistant key generation and management
- Intelligent traffic management delivers speed and high availability
- Network and application analytics provide visibility and control
- Data center and web firewalls protect against Layer 7 DDoS and web application attacks
- FIPS 140-2 Level 3 platform secures keys and certificates
- Easy setup enhances performance and traffic volume
The problem: Growing volumes of security-sensitive internet traffic require protectionIncreasing use of web applications and cloud-based services is driving growth in numbers of secure sockets layer (SSL) connections. Web traffic, including user lDs, login passwords and sensitive account numbers is commonly encrypted and transported using SSL.
The challenge: Increasing SSL connections impact operational performanceHigh volume SSL encryption/decryption is a resource intensive process that impacts web server performance. F5 BIG-IP efficiently manages high volume SSL traffic by terminating connections in a dedicated appliance. BIG-IP optimizes the network infrastructure to deliver high availability and security for critical business applications. Increasing SSL traffic results in higher numbers of keys and certificates. Protecting and managing these critical components represents an additional challenge in traditional software environments where they might be exposed to targeted threats.
The solution: F5 and Thales together deliver high performance and enhanced security
With F5, customers can simultaneously manage high volume SSL connections to deliver secure connectivity while meeting operational demands. Organizations looking to further extend the security of SSL-based operations can deploy F5 BIG-IP with Thales network-based hardware security modules (HSMs) to achieve operational efficiency and high assurance. Thales nShield Connect HSMs safeguard and manage large numbers of critical SSL keys and certificates within a dedicated, hardened device, ensuring that keys are never exposed to unauthorized entities. Regulated customers in government, financial services, healthcare and other industries require high security solutions that are independently certified to internationally recognized security standards. Integration of BIG-IP with nShield Connects provide FIPS 140-2 Level 3 certified protection, which enables organizations to deliver a high security environment and comply with industry best practices. Thales nShield Connects also enable auditable key and certification validation per established security policies, including enforcement of dual controls and separation of duties. Regulated customers are often required to use FIPS-approved HSMs, and Ponemon Institute research shows that auditors recommend the use of HSMs to facilitate audit and regulatory compliance.
Unified Key Management Solutions
Integrated Key ManagementWith Vormetric Key Management, you can centrally manage keys from all Vormetric Data Security Platform products, and securely store and inventory keys and certificates for third-party devices—including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products. By consolidating key management, this product fosters consistent policy implementation across multiple systems and reduces training and maintenance costs.
- Unify Key and Certificate Management
Leverage a single key management platform for managing keys from Vormetric Data Security Platform products and third-party devices—including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
- Securely Vault Keys
Securely store keys in the Vormetric Data Security Manager (DSM), which is available as a virtual appliance and FIPS 140-2 Level 3-certified hardware appliance.
- Prevent Unplanned Downtime
Maximize key availability and redundancy, leveraging secure replication of keys across multiple appliances with automated backups. Automated alerts help prevent unexpected key expiration.
Vormetric Key Management as a ServiceFor virtually every organization today, the adoption of cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With Vormetric Key Management as a Service (KMaaS), your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.
- Gain Strong Key Control
Leverage cloud services, while establishing the separation of duties, compliance reporting, and lifecycle management that meets corporate and auditor requirements.
- Enjoy Fast, Flexible Implementation
Deploy in the cloud or on-premises. Either way, this key management solution features an intuitive, easy-to-use interface, simple implementation, and instant scalability.
- Control Keys Over their Lifecycle
- Leverage the bring your own key (BYOK) APIs provided by cloud vendors to gain full control over the key management lifecycle, including key creation, uploading, updating, storing, revocation, and reporting.
nShield Bring Your Own Key
With nShield BYOK, you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys. Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.
- Safer key management
Backed by FIPS 140-2 Level 2 and 3 nShield HSMs, nShield BYOK helps you adopt safer key management practices that strengthen the security of your sensitive data in the cloud.
- Stronger control over your keys
Use your own nShield HSMs in your own environment to create, store and securely export your keys to the cloud.
- Superior key generation
nShield HSMs use a certified, high-entropy random number generator to create keys of higher quality than typically generated in software.