Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

4/20/2012
01:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Certes Networks Releases Virtual Security Appliance

Encryption solution protects network traffic inside IaaS clouds and between customer locations

Pittsburgh, PA, April 17, 2012 - Certes Networks, the leader in scalable network encryption solutions, today announced the vCEP (virtual Certes Enforcement Point), the industry’s first scalable network encryption solution for the cloud. The solution will fill a gap in the market for Enterprises and Government organizations that are looking to move to off-premise cloud environments, but view the lack of security as a blocking issue.

“Encryption is seen as a way to protect critical information as it moves from private clouds to public cloud-based services; however, the need to encrypt network traffic among servers in the cloud to protect it from attacks within the cloud is equally important,” said Gartner Analyst Neil MacDonald. “Organizations increasingly realize that in addition to controlling the encryption keys and what is encrypted, they need to authenticate the source of the data and to maintain its integrity as it traverses the shared cloud network.”

The vCEP is a virtual appliance that allows organizations to protect sensitive network traffic among virtual servers and between clouds without using tunnels. It encrypts network traffic from Infrastructure as a Service (IaaS) cloud infrastructures to data centers across the WAN, and from server to server within the cloud.

While the cloud provides a compelling case for cost savings and operational efficiency, the lack of a cloud-compatible security solution has kept IaaS off limits for sensitive and regulated workloads. The Certes Networks vCEP solution promises to open up the benefits of the cloud to all classes of data, allowing companies to adopt these emerging technologies based on cost and efficiency models without the added complexity of regulatory considerations.

Existing solutions typically use tunnel technologies such as IPSec or SSL/TLS to protect network traffic to the edge of the cloud network, but traffic among servers within the cloud network often remains unprotected. Tunnel-based solutions have limited applicability within cloud networks due to issues with scalability, management and performance.

The vCEP is enabled by Certes Networks’ Group Encryption technology, which the company pioneered six years ago and has been proven on hundreds of production customer networks. The solution is ideally suited for network encryption in virtualized and cloud environments due to its elegant scalability, easy management and ability to allow policies and keys to be controlled centrally by the cloud tenant. Group encryption eliminates the need to negotiate keys on a point-to-point basis, which becomes intractable as the number of endpoints grows. The vCEP allows for highly scalable, full-mesh encrypted network protection among servers, no matter where they reside.

“Our group encryption and policy and key management technologies, that enable this exciting breakthrough in cloud security, have been proven in over ten years of deployments in Wide Area Network encryption for government agencies, financial organizations, and global enterprises,” said Thomas Gill, CEO of Certes Networks. “Certes Networks has leveraged these proven technologies to provide a solution that makes the cloud safe for sensitive workloads. Our customers have identified security as an enabling technology for adoption of cloud based infrastructures and we are proud to be able to provide a solution that can both protect data and enable overall reductions in IT costs.”

Certes takes a revolutionary approach to cloud security by protecting network traffic inside and between IaaS clouds. The vCEP solution focuses on four key areas:

Scalable Group Encryption: With TrustNet group encryption, keys are centrally generated and securely distributed to all of the authorized group members (as defined in Certes TrustNet Manager). Each group member can communicate securely with the other members without the performance and maintenance overhead of tunnels. Unlike tunnel-based solutions, group encryption is designed to scale to protect thousands or even tens of thousands of servers. Scalability is an essential consideration when designing cloud security solutions today, as many analysts expect twenty to fifty percent annual growth in the number of servers deployed in IaaS clouds in the coming years.

Encryption without Unprotected Gaps: As a virtual appliance that resides on the same server as the virtual servers that it protects, the vCEP protects sensitive network traffic inside the cloud provider’s network without leaving gaps where the data is not protected.

Secure Isolation from other Cloud Tenants: As part of the Certes TrustNet solution, the vCEP provides persistent authentication to ensure continuous data integrity. The combination of authentication and encryption provide cryptographic isolation among cloud tenants. Cloud providers today typically offer only logical separation that can break down and allow one tenant to attack another due to misconfiguration, unauthorized wiretaps or man-in-the-middle attacks. Data that is encrypted and authenticated using keys managed by the cloud customer is not susceptible to these types of attacks.

Client Control of Encryption Keys: An important benefit of the vCEP is its ability to allow the client to maintain control of their own policies and encryption keys. This is essential for regulatory compliance, and it protects both the data owner and the infrastructure provider. The vCEP provides a safe harbor for most data privacy regulations by leveraging Certes TrustNet standards-based encryption that has been deployed and proven across a broad range of industries to achieve compliance for data privacy including finance, healthcare, government, retail and utilities. Client control of policies and keys also benefits the cloud provider by removing the potential legal burden associated with being in possession of the encryption keys.

The vCEP is interoperable with existing Certes Networks Variable Speed Encryptors (VSEs), which gives customers the choice of using a physical or virtual appliance. New and existing Certes customers can securely adopt or migrate to cloud infrastructures and expand or contract virtual resources seamlessly, without creating security gaps in existing data center and enterprise networks. Using Certes TrustNet Manager security for all networks can be managed from a central web-based management console.

About Certes Networks Certes Networks protects data in motion. The company provides advanced data protection solutions for both physical and virtual networks that enable secure connectivity over any infrastructure without compromising performance or availability. Customers rely on Certes Networks to protect data, decrease risk and reduce the cost of compliance by enabling secure connectivity to critical infrastructures. Learn more about Certes Networks by visiting www.CertesNetworks.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.