Thales e-Security is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premise, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and, with the internet of things (IoT), even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property, and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged-user control and high-assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales e-Security is part of Thales Group, learn more at:
Thales e-Security Products
Vormetric Data Security Platform
The Vormetric Data Security Platform makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirement at the lowest TCO.
- Lower TCO
One platform, centrally managed for delivering comprehensive data security solutions.
- Data Security
Moving security to the data itself is more effective because it minimizes the potential for any surreptitious access.
Platform capabilities such as encryption, access control, audit logs and key management satisfy requirements across many government, industry and corporate mandates.
Vormetric Data Security Manager - centrally manage your organization's encryption keys
- The Vormetric Data Security Manager (DSM) is at the heart of the Thales e-Security product line. The DSM provisions and manages keys for the Vormetric Data Security Platform and manages keys and certificates for third-party devices.
- Unified, Simplified Management
- The DSM enables centralized management of data security policies and key management, simplifying training, deployment and operations.
- Flexible Form Factors
The DSM is available in different form factors and FIPS 140-2 levels. Deploy virtual appliances on-premises, in private and public clouds or select high-assurance hardware.
- Centralize Key and Policy Management
Provision and manage keys for all Thales e-Security products, and manage keys and certificates for third-party devices.
Vormetric Transparent Encryption
The Vormetric Transparent Encryption solution protects data with file and volume level data-at-rest encryption, access controls, and data access audit logging without re-engineering applications, databases or infrastructure. Deployment of the transparent file encryption software is simple, scalable and fast, with agents installed above the file system on servers or virtual machines to enforce data security and compliance policies. Policy and encryption key management are provided by the Vormetric Data Security Manager.
Implement data-at-rest encryption and access controls without changes to applications and business processes—significantly reducing the cost of encryption deployment and operation.
Scaling to deployments of 10's of thousands of servers, the Vormetric Transparent Encryption solution is available for Windows, Linux, and Unix platforms, and can be used across physical, cloud, container and big data environments.
- Meet Compliance and Best Practice Requirements
Encryption, access controls and data access logging are basic requirements or recommended best practices for almost all compliance and data privacy standards and mandates, including PCI DSS, HIPAA/Hitech, GDPR and many others.
Live Data Transformation Extension
Deployment and management of data-at-rest encryption can present challenges when transforming clear-text to cipher-text, or when rekeying data that has already been encrypted. Traditionally, these efforts required planned downtime, or they required labor-intensive data cloning and synchronization efforts. Vormetric Transparent Encryption Live Data Transformation eliminates these hurdles, enabling encrypt and rekey with unprecedented uptime and efficiency.
- Improve Security and Data Availability
Encrypting and re-keying data without taking applications offline allows deployment of data security controls to applications along with business continuity and high availability.
- Reduce The Operational Costs of Encryption
In the past, critical applications had to be taken offline for initial encryption of data and encryption maintenance, with substantial operational costs - Not any more.
- Ease Compliance Overhead
Compliance requirements and best practices demand periodic encryption key changes. Now maintaining standards no longer requires downtime - applications and users continue to work as usual during rekey operations.
Vormetric Transparent Encryption for SAP HANA
Vormetric Transparent Encryption provides a proven approach to safeguarding SAP HANA data that meets rigorous security, data governance and compliance requirements. The solution can be quickly deployed, requiring no changes to SAP HANA or the underlying database or hardware infrastructure. With the solution, organizations can encrypt SAP HANA data and log volumes, and establish strong governance and separation of duties.
- Establish Strong Controls
- Encrypt SAP Hana data and log volumes, enabling you to prevent privileged users from gaining unauthorized access to sensitive data. Streamline Encryption Implementation
- Encrypt sensitive assets in SAP Hana environments, without having to make any changes to SAP Hana or associated applications and infrastructure. Retain Control in the Cloud
- Encrypt data in cloud environments and other multi-tenant infrastructures, while retaining custodianship of encryption keys.
Security Intelligence Logs
Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data need to build behavioural patterns required for identification of suspicious usage by authorized users.
- Speed Response
Leverage immediate alerts that fuel the fastest, most efficient response when issues arise.
- Boost Visibility
Produces an auditable trail of permitted and denied access attempts from users and processes.
- Strengthens Data Security
Uncover anomalous process and user access patterns that could point to an APT attack or malicious insider activities.
Vormetric Application Encryption
With Vormetric Application Encryption, you can encrypt specific files or columns in databases, big data nodes, and platform-as-a-service (PaaS) environments. The application encryption solution features a set of documented, standards-based APIs that can be used to perform cryptographic and key management operations. Vormetric Application Encryption eliminates the time, complexity, and risk of developing and implementing an in-house encryption and key management solution.
- Streamline Encryption Implementations
The application encryption solution simplifies the process of adding encryption to applications. Developers use Java, .NET, or C libraries to facilitate communication between applications and encryption agents
- Secure Cloud and Big Data Environments
With the application encryption solution, you can encrypt specific fields at the application layer, securing sensitive data before it is stored in database, big data, or cloud environments.
- Establish Strong Controls
Gain controls you need to stop malicious DBAs, cloud administrators, hackers, and authorities with subpoenas from gaining unauthorized access to valuable data.
Vormetric Protection for Teradata Database
- Simplifies Encryption Deployments
Enables efficient encryption of specific fields and columns in Teradata databases, and can encrypt sensitive records without altering their format or field schemas.
- Centralizes Key and Policy Management
Works seamlessly with the Vormetric Data Security Manager, so you can centrally manage keys and access policies for encryption products from Thales e-Security and other vendors.
- Reduces Development Complexity
Reduces complexity for developers by offering standards-based application programming interfaces (APIs) and user-defined functions (UDFs) that can perform cryptographic and key management operations.
The Vormetric Orchestrator automates Vormetric Data Security Platform product deployment, configuration, management, and monitoring. Organizations can scale encryption implementations across large enterprise data centers and hybrid cloud environments—while dramatically reducing administrative effort and total cost of ownership. Thales Orchestrator automation simplifies operations, helps eliminate errors, and speeds deployments, to help reduce staff resources required to maintain and expand encryption deployments.
- Accelerated Encryption Deployments
Deploy and register thousands of Vormetric Transparent Encryption Agents using API's that work with your IT automation tools and services.
- Efficient Integration
A plug-in architecture enables fast integration with configuration management solutions such as Chef and Ansible. RESTful APIs and CLI make for easy integration and scripting.
- Flexible Deployment Options Available as a virtual appliance, you can orchestrate Vormetric Data Security Platform products in your data centers or public or private cloud environments.
Vormetric Tokenization with Dynamic Data MaskingVormetric Vaultless Tokenization with Dynamic Data Masking dramatically reduces the cost and effort required to comply with security policies and regulatory mandates like PCI DSS. The solution delivers capabilities for database tokenization and dynamic display security. Now you can efficiently address your objectives for securing and anonymizing sensitive assets—whether they reside in data center, big data, container or cloud environments.
- Efficiently Reduce PCI DSS Compliance Scope
Remove card holder data from PCI DSS scope with minimal cost and effort and save big on complying with the industry standard.
- Foster Innovation Without Introducing Risk
Tokenize data and maintain control and compliance when moving to the cloud, big data, and outsourced environments.
- Scale Globally
Deploy the solution globally without concerns about token synchronization, performance or uncontrolled costs. The vaultless tokenization approach and pricing model enables easy to manage and affordable scale.
General Purpose HSMs
nShield Connect HSMs are certified hardware security appliances that deliver cryptographic services to a variety of applications across the network. These hardened, tamper-resistant platforms perform such functions as encryption, digital signing, and key generation and protection. With their comprehensive capabilities, these HSMs can support an extensive range of applications, including certificate authorities, code signing and more.
The nShield Connect series includes nShield Connect+ and the new, high-performance nShield Connect XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
- Highly flexible architecture
nShield Connect HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
- Process more data faster
nShield Connect HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. The nShield Connect XC offers our highest transaction performance rates.
- Protect your proprietary applications and data
nShield Solo HSMsnShield Solo HSMs are low-profile, embedded PCI-Express cards that provide cryptographic services to one or more applications hosted on a single server or appliance. These hardened, tamper-resistant cards perform encryption, digital signing and key generation on behalf of an extensive range of commercial and custom-built applications, including certificate authorities, code signing and more.
The nShield Solo series includes nShield Solo+ and the new high-performance nShield Solo XC, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
- Highly flexible architecture
All nShield HSMs integrate with the unique Security World architecture from Thales. With this proven technology, you can combine different nShield HSM models to build a unified ecosystem that delivers scalability, seamless failover and load balancing.
- Process more data faster
nShield Solo HSMs support some of the highest cryptographic transaction rates in the industry, making them ideal for enterprise retail, IoT and other environments where throughput is critical. The nShield Solo XC offers our highest transaction performance rates and features host-side virtualization support.
- Protect your proprietary applications and data
nShield EdgeThe nShield Edge is a full-featured, portable HSM designed for low-volume transaction environments. This USB-connected device delivers capabilities for encryption and key protection, and is ideally suited for off-line key generation for certificate authorities (CAs) as well as development environments.
- Ideal for low-volume transaction environments
Suits off-line key generation and development environments, while delivering complete algorithm and API support.
- Highly portable
Small, lightweight design with convenient USB interface supports a wide variety of host platforms, including laptops and other portable devices.
- Cost effective
The most economical HSM in the nShield family, nShield Edge gives you an entry-point HSM, while letting you scale your environment with other nShield models as needed.
Unified Key Management Solutions
Integrated Key Management
With Vormetric Key Management, you can centrally manage keys from all Vormetric Data Security Platform products, and securely store and inventory keys and certificates for third-party devices—including IBM Security Guardium Data Encryption, Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products. By consolidating key management, this product fosters consistent policy implementation across multiple systems and reduces training and maintenance costs.
- Unify Key and Certificate Management
Leverage a single key management platform for managing keys from Vormetric Data Security Platform products and third-party devices—including Microsoft SQL TDE, Oracle TDE, and KMIP-compliant encryption products.
- Securely Vault Keys
Securely store keys in the Vormetric Data Security Manager (DSM), which is available as a virtual appliance and FIPS 140-2 Level 3-certified hardware appliance.
- Prevent Unplanned Downtime
Maximize key availability and redundancy, leveraging secure replication of keys across multiple appliances with automated backups. Automated alerts help prevent unexpected key expiration.
Vormetric Key Management as a ServiceFor virtually every organization today, the adoption of cloud services continues to expand—and so does the use of encryption. As the proliferation of encryption continues, so do the number of keys, and the potential risks. With Vormetric Key Management as a Service (KMaaS), your organization can establish strong controls over encryption keys and policies for data encrypted by cloud services.
- Gain Strong Key Control
Leverage cloud services, while establishing the separation of duties, compliance reporting, and lifecycle management that meets corporate and auditor requirements.
- Enjoy Fast, Flexible Implementation
Deploy in the cloud or on-premises. Either way, this key management solution features an intuitive, easy-to-use interface, simple implementation, and instant scalability.
- Control Keys Over their Lifecycle
nShield Bring Your Own Key
With nShield BYOK, you bring your own keys to your cloud applications, whether you’re using Amazon Web Services (AWS), Google Cloud Platform (GCP) or Microsoft Azure. nShield high-assurance HSMs let you continue to benefit from the flexibility and economy of cloud services while you strengthen the security of your key management practices and gain greater control over your keys. Watch our Video to see how nShield BYOK can strengthen your cloud key management practices.
- Safer key management
Backed by FIPS 140-2 Level 2 and 3 nShield HSMs, nShield BYOK helps you adopt safer key management practices that strengthen the security of your sensitive data in the cloud.
- Stronger control over your keys
Use your own nShield HSMs in your own environment to create, store and securely export your keys to the cloud.
- Superior key generation
nShield HSMs use a certified, high-entropy random number generator to create keys of higher quality than typically generated in software.
Data in Motion
Robust, Scalable Encryption of Data in Motion
Thales e-Security delivers data-in-motion encryption hardware that enables businesses and government agencies to establish secure, affordable, and high-performance connectivity. The Datacryptor 5000 Series network data encryption solution provides robust security, low latency, and high performance in Layer 2 and IP networks.
- Gain Strong Safeguards
Utilizing high-assurance encryption methods and state-of-the-art key management techniques, the Datacryptor 5000 delivers maximum protection of sensitive transmissions and assets.
- Maximize Performance
These hardware encryption solutions offer high performance, and significantly lower latency than software encryption capabilities embedded in common network devices, such as switches and routers.
- Ensure Compliance
Utilize the most cost-effective data transport medium available, while also meeting or exceeding business and regulatory requirements for data privacy and confidentiality.
- Designed to meet FIPS 140-2 Level 3 and Common Criteria requirements for network devices.
- Robust system management capabilities, including integrated monitoring of network status and operation, auditing and event logging, remote monitoring, and more.
- Support for strong encryption, including AES-GCM and AES-CBC (256-bit).
- Offers support for key exchange through Diffie-Hellman ECC algorithm (DH-ECKAS)