Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:57 PM
Dark Reading
Dark Reading
Products and Releases

Certes Networks Releases Virtual Security Appliance

Encryption solution protects network traffic inside IaaS clouds and between customer locations

Pittsburgh, PA, April 17, 2012 - Certes Networks, the leader in scalable network encryption solutions, today announced the vCEP (virtual Certes Enforcement Point), the industry’s first scalable network encryption solution for the cloud. The solution will fill a gap in the market for Enterprises and Government organizations that are looking to move to off-premise cloud environments, but view the lack of security as a blocking issue.

“Encryption is seen as a way to protect critical information as it moves from private clouds to public cloud-based services; however, the need to encrypt network traffic among servers in the cloud to protect it from attacks within the cloud is equally important,” said Gartner Analyst Neil MacDonald. “Organizations increasingly realize that in addition to controlling the encryption keys and what is encrypted, they need to authenticate the source of the data and to maintain its integrity as it traverses the shared cloud network.”

The vCEP is a virtual appliance that allows organizations to protect sensitive network traffic among virtual servers and between clouds without using tunnels. It encrypts network traffic from Infrastructure as a Service (IaaS) cloud infrastructures to data centers across the WAN, and from server to server within the cloud.

While the cloud provides a compelling case for cost savings and operational efficiency, the lack of a cloud-compatible security solution has kept IaaS off limits for sensitive and regulated workloads. The Certes Networks vCEP solution promises to open up the benefits of the cloud to all classes of data, allowing companies to adopt these emerging technologies based on cost and efficiency models without the added complexity of regulatory considerations.

Existing solutions typically use tunnel technologies such as IPSec or SSL/TLS to protect network traffic to the edge of the cloud network, but traffic among servers within the cloud network often remains unprotected. Tunnel-based solutions have limited applicability within cloud networks due to issues with scalability, management and performance.

The vCEP is enabled by Certes Networks’ Group Encryption technology, which the company pioneered six years ago and has been proven on hundreds of production customer networks. The solution is ideally suited for network encryption in virtualized and cloud environments due to its elegant scalability, easy management and ability to allow policies and keys to be controlled centrally by the cloud tenant. Group encryption eliminates the need to negotiate keys on a point-to-point basis, which becomes intractable as the number of endpoints grows. The vCEP allows for highly scalable, full-mesh encrypted network protection among servers, no matter where they reside.

“Our group encryption and policy and key management technologies, that enable this exciting breakthrough in cloud security, have been proven in over ten years of deployments in Wide Area Network encryption for government agencies, financial organizations, and global enterprises,” said Thomas Gill, CEO of Certes Networks. “Certes Networks has leveraged these proven technologies to provide a solution that makes the cloud safe for sensitive workloads. Our customers have identified security as an enabling technology for adoption of cloud based infrastructures and we are proud to be able to provide a solution that can both protect data and enable overall reductions in IT costs.”

Certes takes a revolutionary approach to cloud security by protecting network traffic inside and between IaaS clouds. The vCEP solution focuses on four key areas:

Scalable Group Encryption: With TrustNet group encryption, keys are centrally generated and securely distributed to all of the authorized group members (as defined in Certes TrustNet Manager). Each group member can communicate securely with the other members without the performance and maintenance overhead of tunnels. Unlike tunnel-based solutions, group encryption is designed to scale to protect thousands or even tens of thousands of servers. Scalability is an essential consideration when designing cloud security solutions today, as many analysts expect twenty to fifty percent annual growth in the number of servers deployed in IaaS clouds in the coming years.

Encryption without Unprotected Gaps: As a virtual appliance that resides on the same server as the virtual servers that it protects, the vCEP protects sensitive network traffic inside the cloud provider’s network without leaving gaps where the data is not protected.

Secure Isolation from other Cloud Tenants: As part of the Certes TrustNet solution, the vCEP provides persistent authentication to ensure continuous data integrity. The combination of authentication and encryption provide cryptographic isolation among cloud tenants. Cloud providers today typically offer only logical separation that can break down and allow one tenant to attack another due to misconfiguration, unauthorized wiretaps or man-in-the-middle attacks. Data that is encrypted and authenticated using keys managed by the cloud customer is not susceptible to these types of attacks.

Client Control of Encryption Keys: An important benefit of the vCEP is its ability to allow the client to maintain control of their own policies and encryption keys. This is essential for regulatory compliance, and it protects both the data owner and the infrastructure provider. The vCEP provides a safe harbor for most data privacy regulations by leveraging Certes TrustNet standards-based encryption that has been deployed and proven across a broad range of industries to achieve compliance for data privacy including finance, healthcare, government, retail and utilities. Client control of policies and keys also benefits the cloud provider by removing the potential legal burden associated with being in possession of the encryption keys.

The vCEP is interoperable with existing Certes Networks Variable Speed Encryptors (VSEs), which gives customers the choice of using a physical or virtual appliance. New and existing Certes customers can securely adopt or migrate to cloud infrastructures and expand or contract virtual resources seamlessly, without creating security gaps in existing data center and enterprise networks. Using Certes TrustNet Manager security for all networks can be managed from a central web-based management console.

About Certes Networks Certes Networks protects data in motion. The company provides advanced data protection solutions for both physical and virtual networks that enable secure connectivity over any infrastructure without compromising performance or availability. Customers rely on Certes Networks to protect data, decrease risk and reduce the cost of compliance by enabling secure connectivity to critical infrastructures. Learn more about Certes Networks by visiting www.CertesNetworks.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.