Showing posts with label Encryption. Show all posts
Showing posts with label Encryption. Show all posts

Monday, February 2, 2015

Brocade Adds Inline MACsec Encryption to Routers

Brocade introduced native port-based encryption functionality for its family of MLXe modular routers.

The new security functionality added to the Brocade MLXe routers includes both 256-bit IPsec encryption and 128-bit MACsec encryption for ensuring end-to-end data protection. Both of these security protocols can be enabled at wire speed for up to 44 Gbps (IPsec) or 200 Gbps (MACsec) throughput per module, meeting the highest levels of network performance requirements. The encryption is interoperable with third-party IPsec Suite B-capable platforms, and it complements MACsec functionality available in the Brocade ICX family of switches.

Brocade said this update eliminates the need for expensive specialized switch/router encryption services blades or third-party security appliances, while also eradicating performance-inhibiting latency and complex operations that are inherent with these types of add-on devices. Adding encryption and decryption natively to the I/O modules of the router enables the network to ensure the privacy of all data that moves across it, without compromise, for the first time. By bringing wire-speed encryption into the router, customers can enable pervasive data privacy across their New IP initiatives while offloading their appliances, improving performance, and increasing their overall IT security profile.

IPsec interoperability with the Brocade Vyatta vRouter is targeted for a future release.

"With data breaches making headlines around the world, securing confidential information is top of mind for every organization. As customers tackle the data privacy challenge, they need security everywhere in their infrastructure, but especially for data-in-flight over the WAN. Historically, performance and cost have been key barriers to broad adoption of network encryption technology," said Jason Nolet, senior vice president Switching, Routing, and Analytics Products, at Brocade. "By utilizing innovative, I/O-based encryption in Brocade MLXe routers, organizations can now deploy up to 44 Gbps of wire-speed IPsec encryption per trunk and over 1 Tbps per router, achieving five times the performance at a third of the cost -- and without the operational complexity -- of comparable solutions."

"In a recent survey of IT professionals across North America, respondents stated they experienced a 75 percent decline in network performance when security appliance capabilities are enabled such as firewall, anti-virus, deep packet inspection, and encryption," said Zeus Kerravala, founder, ZK Research. "Additionally, 44 percent cited trade-offs being required between network performance and security, with nearly 40 percent of respondents stating they either decline to enable, or completely turn off, functions in their security devices to avoid impacting networking performance."

Hardware modules that support up to 200 Gbps of wire-speed MACsec encryption are priced starting at $90,000. A module that supports both IPsec and MACsec at up to 44 Gbps wire-speed performance is priced at $120,000.

Tuesday, December 9, 2014

Nutanix Adds Data-at-Rest Encryption

Nutanix, which offers a converged appliance that combines compute/storage/networking for scale-out applications, announced a number of new security capabilities for its Virtual Computing Platform, including data-at-rest encryption.

The new security capabilities are available with Nutanix Operating System (NOS) 4.1 software, and help IT security teams meet stringent standards like HIPAA, PCI DSS and SOX. Nutanix hardware platforms now meet a number of certification standards including FIPS 140-2, NSA Suite B support (to Top Secret), Common Criteria EAL2+, NIST-SP800-131A and others.

Security features available in this release include:

  • Self-encrypting drives to secure data at rest, compliant with FIPS 140-2 Level 2 standards
  • Strong two-factor authentication, including the use of client certificates, to prevent unauthorized administrator log-ins
  • Nutanix Cluster Shield to limit administrator access in security-conscious environments by restricting shell logins.

“Security is required across the entire data center architecture, including server and storage systems. Unfortunately, legacy infrastructure components often lack the necessary controls and fail to meet common certification requirements,” said Simon Mijolovic, Senior Security Solutions Architect at Nutanix.

  • In August, Nutanix, a start-up based in San Jose, California, announced a $140 million Series E funding round at over a $2 billion valuation.

Thursday, October 16, 2014

Intel Intros Data Protection Tech for Point-of-Sale Terminals

Intel introduced an end-to-end encryption technologyt that can be built into point of sale (POS) platforms powered by Intel silicon, including Intel Core and select Intel Atom processors.  The Intel Data Protection Technology for Transactions, which was developed in collaboration with NCR, adds an extra layer of software to protect the payment process, complementing current retail investments in EMV (Europay, MasterCard and Visa) credit card authorization, tokenization and other data protection technologies.

The software resides and runs on the Intel chipset for enhanced security and helps close the gaps between data transmitted between POS devices and the data center. The client software is available now. The full solution based on Intel Data Protection Technology for Transactions will be available to retailers in the first half of next year.

"It’s never been more important, or more difficult, for retailers to manage and protect data across the payment ecosystem,” said Karen Webster, CEO, Market Platform Dynamics. “Intel’s Data Protection Technology for Transactions security architecture does the obvious thing – it separates transaction processing from the POS – making that data less accessible and therefore more likely to be out of the reach of hackers. That can only help give both retailers and consumers more confidence that their POS experience is secure.”

Wednesday, May 14, 2014

ADVA's 100G Metro Adds On-the-Fly Encryption

ADVA Optical Networking introduced a new 100G Metro solution with built-in on-the-fly encryption and fully integrated with its ADVA FSP 3000 platform.  The card, which is based upon the 4x28G technology of the original ADVA 100G Metro, leverages Advanced Encryption Standard (AES) with a key size of 256 bits. It features a Diffie Hellmann dynamic key exchange with over 60 exchanges per hour.

ADVA said its solution provides encryption at the lowest network layer and is completely agnostic to protocols such as Fibre Channel, InfiniBand and Ethernet. It also supports a wide variety of data rates from 5 Gbps, to 10 Gbps to 40 Gbps and onto 100 Gbps. To ensure compatibility in point-to-point and multi-hop infrastructures, the ADVA 100G Metro with built-in encryption uses optical transport network (OTN) framing. It also adds very little latency to the transmission link – less than 150 nanoseconds – compared to our non-encrypted version. This stands in stark contrast to higher layer encryption technologies that often add significant overhead and multiply the latency of the data stream.

The company also noted that its solution also encrypts the header and checksum of the signal, not just the payload or select bytes in the header, leaving no breadcrumbs that may be intercepted and analyzed.

“The security of data has never been so important; its integrity never so public. We're living in a new era of data awareness,” said Uli Schlegel, director, data center business development, ADVA Optical Networking. “In the wake of Heartbleed and other data security scares, businesses are only too aware of how vulnerable their mission-critical data is. How susceptible it is to theft and malicious use. Data security is now of paramount importance. At the same time, the volume of data has never been so immense. Transporting and protecting this data requires something purpose built, something special. That's what sets our 100G Metro with built-in encryption technology apart. It's the only product on the market capable of securely transporting big data.”

ADVA confirmed that its 100G Metro with built-in encryption has already been deployed by a number of enterprises and service providers.

Wednesday, May 22, 2013

Vitesse Integrates MACSec into GE & 10GE PHYs for End-End Layer 2 Encryption

Vitesse Semiconductor introduced the first PHY transceivers to integrate MACSec technology for end-to-end, Layer 2 network security.

The new Vitesse SynchroPHY Gigabit Ethernet (GE) and 10GE devices enable network-wide Layer 2 MACsec encryption and preserve nanosecond-level IEEE 1588v2 accuracy.

Vitesse said this new paradigm of establishing Layer 2 encryption end-to-end, rather than link-by-link as is now the case, will prove to be especially useful for cloud services, mobile backhaul and other high-value communications. Until now, MACsec PHYs have traditionally been limited to link-based box-to-box applications primarily within cloud service data centers

Key elements of the Vitesse solution include:

VeriTime: the industry’s highest accuracy IEEE 1588v2 Precision Time Protocol

Intellisec: the industry’s first PHY technology to enable IEEE 802.1AE MACsec encryption.  Intellisec offers 256-bit encryption support, versus the 128-bit encryption typically today.

 “Vitesse’s approach enables a paradigm shift in mobile, cloud, and other critical infrastructure networks,” said Richard Interrante, product marketing director at Vitesse. “VeriTime delivers the industry’s de facto highest accuracy IEEE 1588v2 network timing and now we’ve again moved beyond our competitors with this latest generation incorporating Intellisec. Delivering low latency security while preserving network synchronization simply isn’t possible with traditional link-based MACsec technology. Vitesse is first to do this, making network-wide Layer 2 security a realistic and affordable option for carriers and other cloud providers.”

Sampling is underway.

  • GE PHYs with copper and fiber media support 
  • 10GE PHYs
    -  VSC8582-10: 2-port SGMII/QSGMII GE PHY
    -  VSC8584-10: 4-port SGMII/QSGMII GE PHY
    -  VSC8490-10: 2-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10GE PHY
    -  VSC8491-10: 1-port WAN/LAN/Backplane RXAUI/XAUI to SFP+/KR 10GE PHY 


In this video, Vitesse Semiconductor's Martin Nuss discuses Intellisec, a new technology that leverages MACsec protocol to extend security end-to-end.