Perimeter
6/18/2012
02:52 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Vormetric Prevents Big Data Toxic Leaks

Vormetric Encryption secures structured and unstructured information stored in Big Data platforms

SAN JOSE, Calif. - June 12, 2012 -Vormetric, Inc., the leader in enterprise encryption and key management, today announced that Vormetric Encryption secures structured and unstructured information stored in Big Data platforms including Hadoop, Cassandra and MongoDB. Unlike relational databases, these new platforms, which are used to store and analyze huge volumes of data from social networks, customer behavior, sensors, IT systems, and other sources, lack basic security controls. Vormetric ensures data in these platforms is protected against unauthorized disclosure and removes custodial risk associated with infrastructure providers and administrators.

According to Forrester Research, "It is imperative, however, that users of the data understand that these massive data stores contain significant amounts of 'toxic' data. Toxic data is any data that could be damaging to an organization if it leaves that organization's control. Typically, toxic data includes custodial data - such as credit card numbers, personally identifiable information (PII) like Social Security Numbers, and personal health information (PHI) - and sensitive intellectual property, including business plans and product designs."

Vormetric Encryption enables enterprises to transparently encrypt and control access to Big Data. These repositories introduce a new and very large target for malicious parties seeking to compromise private data. If hackers compromise an organization's perimeter defenses, they can gain unrestricted access to a jackpot of data that is stored in one place. Vormetric Encryption places controls on the data itself to establish a comprehensive last line of security.

Protecting sensitive data in Big Data environments augments Vormetric Data Security's existing ability to protect structured and unstructured data in Linux, Unix and Windows environments. With Vormetric, enterprises can unify encryption policy and key management for Big Data across physical, virtual and cloud infrastructures using a single system.

"Enterprises are placing a tremendous amount of accumulated data and new data in single huge repositories using Big Data tools in order to turn it into actionable business intelligence," said Ashvin Kamaraju, vice president of product development and technology strategy at Vormetric.

"Much of this data is sensitive in nature and would trigger regulatory consequences if it were compromised, yet it is being housed in non-relational data stores with virtually no controls," he added.

"Vormetric Data Security allows enterprises to implement and extract business value from Big Data deployments without sacrificing data security or violating privacy and regulatory compliance requirements," he concluded.

Availability Vormetric Encryption with support for Hadoop, Cassandra and MongoDB is available immediately.

About Vormetric Vormetric (@Vormetric) is the leader in enterprise encryption. The Vormetric Data Security product line provides a single, manageable and scalable solution to manage any key and encrypt any file, any database, any application, anywhere it resides- without sacrificing application performance and avoiding key management complexity. Some of the largest and most security conscious organizations and government agencies in the world, including 15 of the Fortune 25, have standardized on Vormetric to provide strong, easily manageable data security. Vormetric technology has previously been selected by IBM as the database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows; and by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option. For more information, visit www.vormetric.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.