Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


File Security Gets All Cryptic

Vendors target file-level encryption and key management in an attempt to lock down users' data

Storage security vendors looked to boost encryption today as both Decru and PGP are unveiling new technologies designed to tackle file-level security.

This morning PGP takes the wraps off its new NetShare software, which extends the firm's 128-bit encryption from instant messaging and email to file servers. "Virtually every big customer that we speak to is asking for this," explains Andrew Krcik, the vendor's vice president of marketing. "You have thousands and thousands of people accessing tens of thousands of files on file servers."

The software, which sits on top of client devices, such as laptops and desktops, can work with all types of local and network storage devices, including Windows servers, NAS devices, and SAN boxes, according to PGP.

NetShare, priced at $149 per user, will be available in the fourth quarter of this year. PGP execs, however, tell Dark Reading that the vendor has volume discounts that apply to "most enterprises."

Decru is also making a move into the file security space this morning, revealing a partnership with content management specialist FileNet. The two firms have embarked on a reference selling initiative centered on FileNet's P8 software and Decru's DataFort encryption device.

By linking FileNet's software and DataFort hardware, Kevin Brown, Decru's vice president of marketing, says his firm can tighten its file encryption story. "FileNet lets us encrypt per [individual] file," he says, as opposed to previously, when Decru would target, for example, entire Windows drives. "With FileNet, we can drill down into each of the specific drives."

The list price for Decru's DataFort devices starts at $15,000, although FileNet would not reveal its P8 list price.

The major difference between Decru and PGP is that the latter takes a largely software-based approach to encryption, whereas Decru opts for a hardware-based strategy, centered on the DataFort devices. Both approaches have their pluses and minuses. "Hardware encryption can be faster, more powerful, and more secure, but it can be more costly," says Dan Tanner, a member of the Storage Networking User Group of New England (SNUGNE) and founder of consulting firm ProgresSmart.

For some users, however, those plus-points are critical. Directory services provider Qsent, for example, shifted from software-based encryption to hardware from NeoScale. (See Records Firm Not Risking Tape.)

Tanner acknowledges that file-level encryption is important, although he warns that users need not go crazy with the technology. "There's only certain types of files that ought to be encrypted in transit, others should be encrypted at rest." Encryption, he adds, can impair application performance, the ability to compress files, and the overall cost of doing business.

These sentiments were echoed by Robert Amatruda, research manager at IDC. "At the end of the day, not all data is created equally," he says, adding that encryption is most appropriate for highly critical data, such as financial filings and personnel data.

Jon Oltsik, senior analyst at the Enterprise Strategy Group, says that it is hard to pick a clear front-runner in the storage encryption space, with PGP and Decru vying with the likes of NeoScale. "Right now, it's anyone's game," he says. "It's too early to tell who has the advantage at this time."

Certainly, the encryption market is still maturing, as demonstrated last week by the demise of publicly traded vendor Kasten Chase, which ceased operations after months of financial difficulty. (See End of the Road for Kasten Chase, Kasten Chase Goes Under, and Kasten Chase Reports Financials.)

Decru also unveils its new 2U Lifetime Key Management appliance today, which the vendor says can support over 100 DataFort devices and manage more than 100 million keys. IDC's Amatruda says this type of technology is critical to users. "The real crux of the issue around encryption is key management and being able to manage the keys over a long period of time," he says.

Encryption specialists, however, are not the only security vendors unveiling new technology today. Startup Imperva, for example, is taking the wraps off its one-rack-unit-high SecureSphere Database Monitoring Gateway, which examines network traffic accessing database servers.

Unlike the startup's existing Database Security Gateway, which also contains IPS features, the monitoring gateway is aimed squarely at the auditing market. The new device, priced at $35,000, is also $10,000 cheaper than the security gateway. It will be available on June 19.

Another security vendor, iPolicy Networks, also fills out its product line today, with the launch of its 6410 device, containing URL filtering, content protection, and anti-virus and IDS technology. The 2U-high 6410 is priced at $60,000 and available immediately.

— James Rogers, Senior Editor, Byte and Switch. Special to Dark Reading

Organizations mentioned in this article:

  • Decru Inc.
  • The Enterprise Strategy Group (ESG)
  • FileNet Corp. (Nasdaq: FILE)
  • IDC
  • Imperva Inc.
  • iPolicy Networks
  • Kasten Chase Applied Research Ltd.
  • NeoScale Systems Inc.
  • PGP Corp.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/25/2020
    Hacking Yourself: Marie Moe and Pacemaker Security
    Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
    Startup Aims to Map and Track All the IT and Security Things
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
    PUBLISHED: 2020-09-25
    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
    PUBLISHED: 2020-09-25
    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...