Showing posts with label Encryption. Show all posts
Showing posts with label Encryption. Show all posts

Sunday, February 10, 2019

Google encrypts Kubernetes secrets with Cloud KMS

Google Cloud, which was already encrypting data at rest by default, including data in Google Kubernetes Engine (GKE), is adding application-layer secrets encryption using the same keys in its hosted Cloud Key Management Service (KMS).

Application-layer secrets encryption, which is now in beta in GKE, protects secrets with envelope encryption: secrets are encrypted locally in AES-CBC mode with a local data encryption key, and the data encryption key is encrypted with a key encryption key managed in Cloud KMS as the root of trust.

Google Cloud said the new capability provides flexibility for specific security models.

https://cloud.google.com/blog/products/containers-kubernetes/exploring-container-security-encrypting-kubernetes-secrets-with-cloud-kms


Tuesday, May 15, 2018

ADVA intros virtualized encryption for the cloud

ADVA Optical Networking introduced its ConnectGuard Cloud technology for delivering virtualized encryption in hybrid and multi-cloud environments. The software is positioned as an alternative to costly and inflexible IPSec-focused appliances.

ADVA's ConnectGuard provides military-grade encryption and can be deployed on any COTS server or in a public cloud infrastructure. ConnectGuard Cloud is powered by Senetas' transport-independent encryption engine that supports dynamic software encryption at multiple layers, enabling customers to apply encryption based on the needs of the application and the type of networking available at remote sites.

ADVA's Ensemble Connector's zero touch provisioning capabilities enables roll out of secure cloud connectivity to thousands of endpoints within minutes. The company said ConnectGuard is currently in multiple trials with enterprises and service providers across the globe.   

"The security of our customers' data is something we've focused on for over two decades. Our team is intent on making sure that their data is safe wherever it is in the network," said Christoph Glingener, CTO, COO, ADVA. "That's why today marks a breakthrough. We've expanded our ConnectGuard(TM) security platform from protecting optical transport and Ethernet traffic to now safeguarding the cloud. With our ConnectGuard(TM) suite, we're securing data across Layers 1, 2, 3 and 4. This is something that no one else in the industry can offer. More than this, when customers use ConnectGuard(TM) Cloud, they benefit from all the unique capabilities of Ensemble Connector. With this solution, we can help customers safely migrate their applications to the cloud and we can even support a multi-cloud deployment model. This is a major step forward."

Tuesday, September 19, 2017

Level 3 introduces encrypted wavelength service

Level 3 Communications has launched an encrypted wavelength service to help global enterprises secure their optical connections from unlawful interception and fiber tapping.

The encrypted waves service, which uses AES 256-bit encryption, provides enterprises with a single network view. Customers maintain complete control over their encryption keys via the MyLevel3 portal and a Level 3-provided key management system.

Unlike with cloud-based encryption schemes, Level 3 says its optical layer service does not incur a performance penalty, ultra-low latency is preserved and there is no throughput degredation. In addition, customers do not need to invest in in additional encryption equipment to leverage encrypted waves between key customer locations.

"Every element of a critical network today has to be hardened against security attacks. Level 3 encrypted waves offer enterprises peace of mind by addressing security threats such as unlawful interception and fiber tapping, without sacrificing network performance. Unlike other optical encryption solutions on the market today, our solution provides greater direct customer control with built-in encryption key management through our portal. This is just one example of how Level 3 continues to deliver a truly customer-defined adaptive networking experience," stated Paul Savill, SVP of Core Products for Level 3.

Sunday, September 17, 2017

Toshiba's Cambridge Research Lab Sets Quantum Encryption record

Quantum cyptography is postulated to be unbreakable. However, the quantum key must be held by the receiving party for the encrypted message to be deciphered. Until now, the speed at which a quantum key can be distributed has been limited to 1.9 Mbps.

Toshiba Research Europe Limited’s Cambridge Research Laboratory in the UK has just announced a new data distribution speed record of 13.7 Mbps - seven times the previous record, which was also achieved by Toshiba last year. The transmission spanned 10km over an optical fiber.

The details of the new device will be announced at the QCrypt 2017 conference, which will be held at the University of Cambridge from September 18-22.

Toshiba says it is already applying quantum encrption to secure genomic data in Japan.

Friday, March 10, 2017

ECI introduces Layer 1 optical encryption as-a-service solution supporting 200 Gbit/s

ECI, a global provider of Elastic Network solutions for service providers, critical infrastructure and data centre operators, has announced the introduction of its first optical encryption as-a-service solution, which supports per-service encryption at rates up to 100 Gbit/s and line rates of up to 200 Gbit/s.

The new ECI optical encryption service is designed to meet interoperability, scalability and flexibility requirements and targets service providers, the financial sector, medical and government institutions. The company noted that optical encryption provides no information about underlying services to a potential hacker, introduces minimal latency and can be used to encrypt any type of service.

ECI's solution offers encryption on a per-service basis at up to 200 Gbit/s, which is claimed to make it one of the fastest encryption solutions available. The solution also enables service providers and other institutions to offer Layer 1 encryption as-a-service. The new offering expands ECI's security portfolio for service providers that was launched earlier in 2017.

ECI noted that its encryption method is certified FIPS 140-2 Security Level 2. Additionally, the Layer 1 encryption can be delivered as an alien lambda over other optical networks, thereby providing a more flexible and economical solution.

In February, ECI announced enhancements to its LightSEC cyber security solution that enable service providers to utilise their infrastructure to deliver managed security services to customers, in addition to consolidating their security and connectivity operations. The NFV-based cybersecurity suite LightSEC, featuring technology from partner Check Point Software Technologies, was launched in 2014.

Also in February this year, ECI introduced LightCARE, a proactive network maintenance app, to its LightAPPS family of applications. LightCARE continuously and proactively monitors the health of the network and is designed to pre-empt potential failures and ensure network reliability.

http://www.ecitele.com

Sunday, February 12, 2017

Gigamon Brings Enhanced Visibility into Encrypted Data-in-Motion

Gigamon added new inline capabilities to its GigaSECURE SSL/TLS Decryption solution for addressing use cases such as monitoring accesses to Internet-based services for risk/compliance violations, detecting malicious activities such as command and control (C&C) communications, decrypting TLS sessions that use modern cipher suites and above all, creating an efficient framework to manage encrypted traffic at scale.

The Gigamon SSL Decryption solution now offers a new GigaSMART traffic intelligence application that supports both inline and out-of-band decryption. The new set of supported ciphers include Diffie-Hellman (DH), Diffie-Hellman Ephemeral (DHE), Perfect Forward Secrecy (PFS) and Elliptic Curve, and operates in networks that range from 1Gb to 100Gb.

Gigamon said its new SSL Decryption solution automatically identifies all SSL/TLS traffic across any port or application by establishing a “decrypt once and feed to multiple tools” design for improved scale and resiliency. A key enabler of this solution is an advanced set of traffic selection and distribution capabilities in the Gigamon Visibility Platform that simplifies deployment of SSL decryption at scale. Furthermore, advanced policies enable traffic filtering and selective decryption based on URL categorization using the market-leading Webroot BrightCloud® Web Classification Service, domain names, and whitelist/blacklist policies, in order to meet data privacy and compliance requirements.

“Inline SSL decryption represents a strategic technology evolution that further expands the benefits of the Gigamon Security Delivery Platform,” said Ananda Rajagopal, vice president of products at Gigamon. “By offering SSL decryption as a service in the Security Delivery Platform complemented by strong policy enforcement, organizations can create a centralized ‘decryption zone’, enabling them to more easily see and manage their growing SSL/TLS traffic volumes, while enabling their security tools with newfound visibility into formerly encrypted traffic and threats.”

http://www.gigamon.com

Monday, January 16, 2017

Ericsson and Telstra Demo Encryption over 10Gbps Transpacific Link

Ericsson and Telstra demonstrated the ability to encrypt data securely while in transit between Los Angeles and Melbourne at 10Gbps. The tests used Ciena's ultra-low latency 10G wire-speed encryption solution.

The companies said the trial demonstrates the advanced security that can be delivered while data is "in transit".

Darrin Webb, Executive Director of International Operations and Services, Telstra, says: "Our market-leading subsea cable network is the largest in the Asia-Pacific region and this innovation continues our commitment to providing customers with a world-class network experience. The outcome of this test shows that data can now be encrypted while in transit across a long distance, while maintaining the speed and reliability our customers have come to expect from our international network. We will continue to work with Ericsson and Ciena to take this trial to the next level with a 100Gbps encryption test."

http://www.telstra.com
http://www.ericsson.com

Tuesday, August 30, 2016

A10: Malware Hidden in SSL Traffic Poses Growing Threat

Nearly half of cyber attacks used malware hidden in encrypted traffic to evade detection, according to a new report from A10 Networks based on a survey conducted in partnership with Ponemon Institute of 1,023 IT and IT security practitioners in North America and Europe. A full 80% of organizations were victims of cyber attacks during the past year.

The problem of malware hidden in SSL traffic poses a serious threat to organization who are increasingly relying on encrypted traffic to protect their workflows. SSL hides data from both potential attackers and from common security tools.

A10 Networks said many network managers mistakenly believe that there will be a performance penalty for inspecting inbound and outbound SSL traffic.

“IT decision makers need to think more strategically,” said Dr. Chase Cunningham, director of cyber operations at A10 Networks. “The bad guys are looking for ROI just like the good guys, and they don’t want to work too hard to get it. Instead of focusing on doing everything right 100 percent of the time, IT leaders can be more effective by doing a few things very strategically with the best technology available. It’s the cyber security equivalent of the zombie marathon — as long as you can avoid being the slowest in outrunning the zombies, you minimize risk.”

Some highlights of the survey:


  • Almost half of respondents (47 percent) cited a lack of enabling security tools as the primary reason for not inspecting decrypted web traffic—closely followed by insufficient resources and degradation of network performance (both 45 percent). 
  • 80 percent of survey respondents say their organizations have been victims of a cyber attack or malicious insider during the past year. And nearly half say that the attackers used encryption to evade detection.
  • Although 75 percent of survey respondents say their networks are at risk from malware hidden inside encrypted traffic, roughly two-thirds admit that their company is unprepared to detect malicious SSL traffic.

“The Hidden Threats in Encrypted Traffic study sheds light on important facts about the malicious threats lurking in today’s corporate networks,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Our goal is to help organizations better understand the risks to help them better address vulnerabilities in their networks.”

https://www.a10networks.com/

Tuesday, August 16, 2016

Viasat Announces 100 Gbps Ethernet Encryptor

ViaSat introduced a 100 Gbps Type 1 Ethernet encryptor for its satellite service.

The solution is targeted at government users for cloud computing and real-time data transport across the battlespace.

"When it comes to secure networking, ViaSat has a clear competitive advantage in providing innovative and network-efficient 'edge to cloud' encryption solutions to the U.S. government," said Jerry Goodwin, chief operating officer, Government Systems Division, ViaSat. "We are committed to lead the market with our Type 1 network encryptors, enabling warfighters to securely access classified communications across the entire battlespace. From the KG-142 to the KG-250XS to our Type 1 embeddable security modules, we are providing best-in-class solutions that meet the evolving communications needs of our forces."

ViaSat said its 100 Gbps encryptor broadens its 'edge to cloud' network encryption portfolio, coming on the heels of the recently announced NSA-certified KG-250XS, which is the lowest size, weight, and power (SWaP), rugged HAIPE IS v4.1 network encryptor, and is compatible with ViaSat's family of field-proven Type 1 HAIPE devices.

http://www.viasat.com

Tuesday, July 19, 2016

Zayo Introduces Encryption as a Service

Zayo Group Holdings announced an Encryption-as-a-Service offering over its fiber network.

Zayo’s Encryption as a Service, which leverages Ciena’s WaveLogic Encryption solution, provides managed wavelength services configured with 10G wire speed encryption at Layer 1, with additional higher speed options in progress.

Zayo’s initial customers include a leading global bank using the service to encrypt credit card transaction data, enabling them to maintain compliance with international security standards.

“Data security continues to be one of the top concerns for global industries, an issue that’s been intensified by recent high-profile attacks in healthcare, retail, banks, hospitality and entertainment,” said Dennis Kyle, senior vice president of Strategic Marketing and Alliances at Zayo. “Our encryption solution is quick and easy to provision and provides high levels of protection without sacrificing network performance. It’s another way we are providing a critical layer of security to protect our customers.”

http://www.zayo.com

Thursday, February 4, 2016

Box Offers Encryption Key Management with AWS

Box introduced new solutions for customer managed encryption, ensuring independent control of encryption keys.

Box KeySafe is available in two offerings.  The first combines Amazon Web Services (AWS) and a dedicated hardware storage module (HSM) to protect keys used to encrypt sensitive data. The second integrates with AWS Key Management Service but doesn't require dedicated HSMs.

“Businesses of every size across even the most regulated of industries can now take full control of their data in the cloud with Box KeySafe,” said Aaron Levie, co-founder and CEO of Box. “Today, we’re making customer-managed encryption easier to deploy and more cost-effective than ever before, further raising the bar for security in the cloud.”

http://www.box.com

Wednesday, January 20, 2016

Ciena Announces WaveLogic Encryption

Ciena introduced its WaveLogic Encryption solution for delivering optical-layer encryption to match high capacity infrastructure needs – from 10G to 100G, 200G and beyond, from metro to ultra-long haul distances.

Ciena said its WaveLogic Encryption solution is FIPS-certified and meets the highest security standards recognized globally in the industry. Powered by Ciena’s WaveLogic 3 Extreme chipset, the solution provides software programmable modulation to enable both 100G encryption with QPSK modulation and 200G encryption with 16QAM modulation. WaveLogic Encryption is protocol agnostic, meaning it simultaneously encrypts any traffic type coming into the network, including Ethernet, Fibre Channel, OTN, IP, SONET, and SDH. It encrypts the entire wavelength before the data leaves the building or data center, and transports it transparently with virtually no added latency, making efficient use of network resources and maintaining quality of end-customer experience.

Additionally, Ciena’s software-based MyCryptoTool features a dedicated management user portal that provides full control to the end enterprise user or security officer to manage all security parameters.

“Safeguarding critical data has become a major priority in today’s web-scale world. Previous infrastructure solutions have been cumbersome to manage and burdened by separate boxes, impacting throughput and latency. Our new WaveLogic Encryption solution is simple to deploy and provides a strong and effective defense with an additional level of protection to enable end-to-end security,” stated Francois Locoh-Donou, Senior Vice President and Chief Operating Officer, Ciena.

The solution will be generally available in the first calendar quarter of 2016.

http://www.ciena.com

Sunday, September 20, 2015

NTT and University of Tokyo Cite Progress in Quantum Cryptography

Nippon Telegraph and Telephone(NTT) and The University of Tokyo reported progress in developing a quantum cryptography scheme that can assure security without monitoring the error rate of photon transmission.

In an article in the UK science journal “Nature Photonics”, the researchers describe a quantum key distribution (QKD) experiment based on a novel QKD scheme called the round-robin differential phase shift (RRDPS) protocol.

NTT said the experiment is the first demonstration of QKD based on “wave function collapse”, which is distinguished from previous QKD schemes whose security is based on Heisenberg’s uncertainty principle. A major finding is that QKD that does not require error rate monitoring between the sender and receiver.  This could lead to simple and efficient quantum cryptographic systems.

http://www.ntt.co.jp/news2015/1509e/150914a.html

Researchers at NTT Envision Quantum Repeaters in Future Photonic Networks



Researchers at Nippon Telegraph and Telephone Corporation (NTT) and the University of Toronto are proposing all-photonic quantum repeaters for long-distance quantum communication.  If achieved, such devices would disprove the necessity of matter quantum memories in long distance quantum communications, which is seen by many as the ultimate future of optical communications. In a paper published this week by the journal Nature Communications,...


Advancements in Semiconductor Quantum Dots with Single-atom Precision



Nippon Telegraph and Telephone Corp. (NTT), the Paul-Drude-Institute (PDI; Germany), and the Naval Research Laboratory (NRL: USA) have cooperatively developed a novel quantum dot (artificial atom) and used it to crate artificial molecules with single-atom precision. The achievement was achieved using a clean surface of semiconductor single crystal thin film manufactured by Molecular Beam Epitaxy (MBE) by using a low-temperature, Scanning Tunneling...


NTT Develops Long-lived Quantum Memory



NTT, in partnership with Japan's National Institute of Informatics and Osaka University, announced a new approach in the development of a long-lived quantum memory that could be used in quantum computing. The research involves a superconductor diamond quantum hybrid system in which a dark state was shown to be 150 ns, an order of magnitude longer than previous attempts to hold state. By using a gap-tunable superconducting flux qubit, the researchers...


NTT Creates Quantum Buffer in Optical Waveguide



Researchers at NTT have developed a quantum buffer on an optical waveguide that takes advantage of the "slow light effect:, where the propagation speed of a pulsed light in a special optical waveguide slows significantly compared with the speed of light in vacuum. The company said this innovation facilitates the precise synchronization of photons, thereby creating a buffer that could be used to create quantum computers.  Experiments have shown...


Tuesday, May 5, 2015

Cloudera and Intel Accelerate Big Data Encryption by 2.5X

Cloudera and Intel have been able to achieve a 2.5X improvement in encryption off-load performance, enabling an entire Hadoop data set to be encrypted with a system overhead that ranges from only 1% to 4% depending on the workload.

The gains are made by optimizing Cloudera’s distribution, including Apache Hadoop, with the latest Intel Xeon processor with embedded Intel AES New Instructions (Intel AES-NI) has enabled more robust protection of critical enterprise data. As a result, full database encryption is now possible with minimal impact to system performance so that processing resources can run Hadoop jobs at a faster rate, and perform additional Hadoop jobs to accelerate business insights.

Cloudera also disclosed that following Intel’s $740M investment last year, its annual recurring subscription software revenue grew 100 percent year-over-year and enterprise subscription software customers grew by more than 85 percent.

http://www.cloudera.com/

Tuesday, April 21, 2015

Cavium's LiquidSecurity Targets Cryto-as-a-Service

Cavium introduced its "LiquidSecurity" Hardware Security Module (HSM) Family that provides a FIPS 140-2 level 2 and 3 partitioned, centralized and elastic key management solution with the highest transaction/sec performance.

Cavium's LiquidSecurity Solution, which is available as a PCIe adapter family as well as an appliance, addresses the high performance security requirements for private key management and administration while also addressing elastic performance per virtual / network domain for the virtualized cloud environment. Major applications for this product family include Key Management as-a-Service, Database as-a-Service, Crypto as-a-service, Secure DNS, SaaS Applications, Virtual Private Clouds in the Public Cloud and Payment systems.

Feature Highlights
  • SSL handshake offloads for 32 domains – LiquidSecurity family has 32 FIPS 140-2 Level 3 Partitions.  Each partition functions as an independent and fully secure HSM.  
  • Dual FIPS boundary - With the appliance version of the family a dual FIPS 140-2 boundary is also available that provides an added layer of security.
  • Storage for up to 1M keys is supported with multiple appliances in a scalable manner.
  • Tens of Thousands of 2048 bit RSA Ops/sec – LiquidSecurity HSM family provides market leading performance to meet the needs of multiple domains or virtual appliances.  This performance is at least 10 times higher than any other solution on the HSM market today.  This product family also supports 10 Gbps bulk encryption. In addition, multiple LiquidSecurity HSM modules can be pooled together to offer highest performance for mega data centers.
  • Hardware support for 2048 bit RSA key pair generation –robust key generation within the FIPS boundary is a critical component of the overall security this product family provides.
  • Scalability – For the most demanding applications up to 20 LiquidSecurity HSM appliances can be seamlessly connected through the native 10 Gigabit Ethernet ports.

http://www.cavium.com/newsevents-Cavium-Introduces-LiquidSecurity.html

Thursday, April 16, 2015

Certes Networks Launches CryptoFlow for Encrypting Application Flows

Certes Networks introduced its new CryptoFlow App, a software-defined security product for encrypting data in motion thereby safeguarding applications from data breaches.

CryptoFlow App is a user-aware and application-aware solution for protecting sensitive data traffic. It enables IT managers to automatically crypto-segment application flows across networks inside or outside the enterprise and grant access to these CryptoFlows based on a user’s security profile. Sensitive applications are isolated and controlled end-to-end, from the application server to the user’s end-point devices, regardless of where they are.

CryptoFlow App solution sets include:

CryptoFlow LAN - Providing strong crypto-segmentation of internal enterprise application flows based on user roles, blocking the top attack vector used in data breaches around the world. CryptoFlow LAN provides automatic security to users connected on the LAN, isolates sensitive applications to only authorized users, and protects applications when hackers get past firewalls.

CryptoFlow B2B - Enabling enterprises to safely extend internal applications to external partners, including contractors, suppliers, trading partners and others beyond the enterprise perimeter. CryptoFlow B2B limits authorized business partners to only the applications they need, protecting the most sensitive applications even when business partners have been compromised.

CryptoFlow Mobile - Securing application traffic to mobile devices, smartphones and tablets, including personal BYOD end-points. Now enterprise IT and security managers can automatically extend enterprise apps to mobile devices with end-to-end security and a single point of control across a wide range of mobile devices inside or outside the enterprise.

The new solution is an extension of Certes’ CryptoFlow security products.  The company claims a perfect 15-year track record of 7,000 product deployments in 70 countries without a single hack of any protected application.

“Today’s enterprise applications are borderless and easily shared, but the security architecture has not kept pace with this evolution,” said John Lochow, CEO of Certes. “In every major data breach of the past two years, hackers exploited inadequate security of networked applications and cut through the firewalls with ease. Our CryptoFlow App solutions are the first products to directly address this major gap. As thousands of product deployments have shown, our customers are protected even when the rest of the security architecture fails.”

http://certesnetworks.com

ADVA Intros ConnectGuard Encryption for DCI and Ethernet Links

ADVA Optical Networking introduced its ConnectGuard security solution for service providers and enterprises. Two variants are offered:
  • ConnectGuard Optical for the ADVA FSP 3000 provides robust transport layer security and is ideal for data center interconnection applications that need advanced protection for the transportation of enormous data volumes. It provides a transparent, wire-speed service for securing mission-critical data and incorporates a strictly separated encryption domain manager to ensure compliance with the most stringent regulatory demands. With a protocol-agnostic approach, ADVA ConnectGuard™ Optical can transport all storage area network protocols, including Ethernet, Fibre Channel and InfiniBand with line speeds of up to 100 Gbps. As part of the ADVA FSP 3000, it eliminates the need for stand-alone security equipment, simplifying network operations and reducing the overall cost of data protection.
  • ConnectGuard Ethernet for the ADVA FSP 150 delivers Ethernet layer security and is critical for protecting data as it travels across third-party packet networks. It enables scalable and secure Ethernet connectivity between locations on top of unprotected Carrier Ethernet networks. 

“Today’s networks are more vulnerable than ever before. The frequency of attacks has never been higher and the ease of data interception has never been simpler,” said Christoph Glingener, CTO, ADVA Optical Networking. “By encrypting data in motion we’re providing the strongest protection possible. Make no mistake, ConnectGuard is a line in the sand for network protection.”

http://www.advaoptical.com/en/newsroom/press-releases-english/20150416-adva-optical-networking-launches-connectguard-for-ultimate-data-protection

Tuesday, February 10, 2015

HP to Acquire Voltage Security for Cloud Data Encryption

HP agreed to acquire Voltage Security, a provider of data-centric encryption, tokenization and key management solutions.  Financial terms were not disclosed.

Voltage Security holds core patents for Identity-Based Encryption (IBE) and Format-Preserving Encryption (FPE). Voltage uses these to enable end-to-end protection of payments systems, from card swipe to back-end tokenization, serving six of the largest payment processors in the U.S. today. Voltage’s solutions allow enterprises to use protected data in applications without having to re-architect their applications or adopt fragmented frameworks. This capability extends from the data center to cloud and Hadoop environments, all under a single framework. Voltage Security is based in Cupertino, California.

HP said Voltage’s proven data-centric encryption and tokenization technology will complement its own HP Atalla information security and encryption business. The company notes that the HP Atalla business currently protects 70% of U.S. payment card transactions.

http://www8.hp.com/hpnext/posts/hp-acquire-voltage-security-expand-data-encryption-security-solutions-cloud-and-big-data#.VNrmGvm-2-0
http://www.voltage.com/company/

  • Voltage Security was co-founded by Matt Pauker, Guido Appenzeller, and Rishi Kacker in 2002 out of a Stanford University dorm room. Co-founders also included Dr. Dan Boneh, a Professor of Computer Science at Stanford. Sathvik Krishnamurthy has served as the company's CEO since 2003.

Monday, February 2, 2015

Brocade Adds Inline MACsec Encryption to Routers

Brocade introduced native port-based encryption functionality for its family of MLXe modular routers.

The new security functionality added to the Brocade MLXe routers includes both 256-bit IPsec encryption and 128-bit MACsec encryption for ensuring end-to-end data protection. Both of these security protocols can be enabled at wire speed for up to 44 Gbps (IPsec) or 200 Gbps (MACsec) throughput per module, meeting the highest levels of network performance requirements. The encryption is interoperable with third-party IPsec Suite B-capable platforms, and it complements MACsec functionality available in the Brocade ICX family of switches.

Brocade said this update eliminates the need for expensive specialized switch/router encryption services blades or third-party security appliances, while also eradicating performance-inhibiting latency and complex operations that are inherent with these types of add-on devices. Adding encryption and decryption natively to the I/O modules of the router enables the network to ensure the privacy of all data that moves across it, without compromise, for the first time. By bringing wire-speed encryption into the router, customers can enable pervasive data privacy across their New IP initiatives while offloading their appliances, improving performance, and increasing their overall IT security profile.

IPsec interoperability with the Brocade Vyatta vRouter is targeted for a future release.

"With data breaches making headlines around the world, securing confidential information is top of mind for every organization. As customers tackle the data privacy challenge, they need security everywhere in their infrastructure, but especially for data-in-flight over the WAN. Historically, performance and cost have been key barriers to broad adoption of network encryption technology," said Jason Nolet, senior vice president Switching, Routing, and Analytics Products, at Brocade. "By utilizing innovative, I/O-based encryption in Brocade MLXe routers, organizations can now deploy up to 44 Gbps of wire-speed IPsec encryption per trunk and over 1 Tbps per router, achieving five times the performance at a third of the cost -- and without the operational complexity -- of comparable solutions."

"In a recent survey of IT professionals across North America, respondents stated they experienced a 75 percent decline in network performance when security appliance capabilities are enabled such as firewall, anti-virus, deep packet inspection, and encryption," said Zeus Kerravala, founder, ZK Research. "Additionally, 44 percent cited trade-offs being required between network performance and security, with nearly 40 percent of respondents stating they either decline to enable, or completely turn off, functions in their security devices to avoid impacting networking performance."

Hardware modules that support up to 200 Gbps of wire-speed MACsec encryption are priced starting at $90,000. A module that supports both IPsec and MACsec at up to 44 Gbps wire-speed performance is priced at $120,000.

http://newsroom.brocade.com/press-releases/brocade-enables-pervasive-data-privacy-across-publ-nasdaq-brcd-1171720#.VNAp0f6-2-0

Tuesday, December 9, 2014

Nutanix Adds Data-at-Rest Encryption

Nutanix, which offers a converged appliance that combines compute/storage/networking for scale-out applications, announced a number of new security capabilities for its Virtual Computing Platform, including data-at-rest encryption.

The new security capabilities are available with Nutanix Operating System (NOS) 4.1 software, and help IT security teams meet stringent standards like HIPAA, PCI DSS and SOX. Nutanix hardware platforms now meet a number of certification standards including FIPS 140-2, NSA Suite B support (to Top Secret), Common Criteria EAL2+, NIST-SP800-131A and others.

Security features available in this release include:

  • Self-encrypting drives to secure data at rest, compliant with FIPS 140-2 Level 2 standards
  • Strong two-factor authentication, including the use of client certificates, to prevent unauthorized administrator log-ins
  • Nutanix Cluster Shield to limit administrator access in security-conscious environments by restricting shell logins.

“Security is required across the entire data center architecture, including server and storage systems. Unfortunately, legacy infrastructure components often lack the necessary controls and fail to meet common certification requirements,” said Simon Mijolovic, Senior Security Solutions Architect at Nutanix.

http://www.nutanix.com

  • In August, Nutanix, a start-up based in San Jose, California, announced a $140 million Series E funding round at over a $2 billion valuation.


See also