Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
securityfirstcorp.com 888-884-7152
The “Protect Everything” Security Strategy
• Manage encryption and policy enforcement across your entire enterprise from a single point
• Easily design and administer
data access policies with customer-defined roles at the user and group levels
• Protect sensitive data with
sophisticated cryptographic splitting technology
• Leverage integrated, transparent
key management that conforms to regulatory requirements
• Be audit ready with user access
and activity logs that seamlessly integrate into existing Security Information and Event Management (SIEM) systems
Organizations suffer every day from sophisticated cyber attacks, insider threats, and employee errors and omissions. These attack vectors, when successful, cost up to hundreds of millions of dollars to remediate. Maintaining control of critical data is the only way to minimize exposure in the event of breach, and a data-centric management strategy must be employed across the enterprise to ensure your most sensitive data is protected. The ideal data protection solution needs to encrypt data, but it also must provide robust access control capabilities across an entire infrastructure. The solution must be easy to deploy, administer and manage, and needs to scale quickly as the enterprise grows. SPxSHARC II focuses on these critical aspects of data protection and makes it easier to implement and manage a “protect everything” security strategy. A breadth of enhanced features covering data access management, integrated key management, and sophisticated encryption combine to deliver comprehensive protection, control, and integration to protect even the most sensitive workloads across the enterprise.
Complete security, privacy and control of your data begins with SPxSHARC® II
Key Features
Built-in Key Management
Policy-based Access Control
Regulatory Compliance
Data Privacy
Access Logging for Audit
Protect Data Anywhere
SPxSHARC II Central Management
Console
Figure 1
Highlights
securityfirstcorp.com 888-884-7152
SPxSHARC II Overview
ACHIEVE OPERATIONAL EFFICIENCY SPxSHARC II allows you to manage the entire data protection process across local, private, public, and cloud infrastructures – from a single vantage point. Its easy-to-use, agent-based deployment model protects sensitive data on servers (physical or virtual), no matter where it resides. SPxSHARC II seamlessly integrates with existing directory services and Security and Information Event Manager (SIEM) systems to offer a cohesive protection strategy across your enterprise. Single Pane of Glass Management
The SPxSHARC II centralized virtual management console provides you with a single source to provision, deploy, and
manage all instances of the encryption agents across your enterprise. It is easily deployed as a virtual appliance into any virtualized environment across one or more data centers. SPxSHARC II agents are deployable to any virtual or physical server running a supported Operating System (OS). The management server can be hosted wherever you choose, including on-premises. This keeps your keys out of the cloud while managing your data encryption remotely. The SPxSHARC II console gives you a holistic view of your data protection and complete cryptographic control over policy enforcement and user data access across your data center environment. From the console, you also define and manage access policies, create and manage keys and aggregate access logs. Agile and Easy to Use
SPxSHARC II can scale to protect large enterprise workloads and easily integrates into existing or new multi-cloud architectures. The
management console can be made highly available in any environment to assure access to your data when needed, and it can be distributed across your data centers to support disaster recovery (DR) architectures. It supports all cloud or data center environments (figure 2).
Scalable to Your Environment No matter your industry or business size, SPxSHARC II can be tailored to your specific requirements, with scalability features
independent of your data storage environment. Whether you are a SMB looking to protect select data, a large enterprise looking to protect vast amounts of data, or wanting to make the move to the cloud – SPxSHARC II is the perfect solution. RESTful API Enabled
SPxSHARC II uses a RESTful API so that automation can be easily applied. All management console functions are available via
the API. Large scale deployments can be managed using the API and basic scripting, facilitating significant resource and cost savings. Transparent to the End User
SPxSHARC II agents operate at the kernel level of the servers they are deployed on for optimal performance. Data is protected transparently
during the process of writing files to disk without end user interaction or a noticeable impact in performance. Integrated Key Management
With its unique integrated and transparent built-in key management, all phases of key
lifecycle management stay in your control, streamlining the key management process. Key creation, rotation, and revocation/shred conform to industry compliance requirements. Security keys can be stored locally by the SPxSHARC II management console or exported using the Key Management Interoperability Protocol (KMIP) to a compliant external keystore. This approach provides flexible options to control where your keys are stored, while also preventing cloud vendor access.
Figure 2
MAINTAIN COMPLETE MANAGEMENT OVER YOUR DATA NO MATTER WHERE IT RESIDES - LOCAL, REMOTE, HYBRID OR CLOUD
securityfirstcorp.com 888-884-7152
SPxSHARC II Overview
MITIGATE RISK & MANAGE COMPLIANCE Powerful features in SPxSHARC II reduce risk of data exposure and aid in meeting compliance mandates, whether regulated or voluntary, as part of your overall information security process. You can easily manage who, what, when, where and how data is accessed. Role-Based Data Access Controls
Working with your existing directory services, SPxSHARC II’s robust role-based access controls allow an administrator to define a
second layer of data access control policies that are based upon roles and job functions. This additional policy is used to specify which filesystem functions are authorized (read/write/etc.) and the level of data access logging desired. By limiting access to only who you designate, SPxSHARC II ensures your data is always secure and always private.
These access policies start with the default concept of Least Privileged Access (LPA) to control access rights for users, groups or processes. SPxSHARC II automatically uses LPA to deny access to all users unless they have been specifically granted access permissions through the policy. SPxSHARC II works in conjunction with a directory service (e.g. Lightweight Directory Access Protocol (LDAP), Active Directory), and the user must be granted rights in both systems to access and view decrypted data. Privileged Access Management (PAM)
PAM restrictions can be enforced via policy eliminating system administrators and root users from seeing clear text data. This
allows privileged users to still do their job without concerns about them accessing or stealing private data, giving you complete control over your data privacy and ensuring confidentiality even when entrusting your data to a cloud service provider. Strong and Distinct Separation of Duties
By default, SPxSHARC II creates two distinct roles – Product and Security Administrators.
The Product Administrator role deploys the software and monitors the general health of the SPxSHARC II system and agents through system event logs. This role has no visibility into policy definitions, agent configurations, deployments or policy logs.
The Security Administrator role determines and approves data access rights, manages keys, defines policies, deploys agents, sets logging parameters, and creates the
multi-Security Administrator approval process. The number of Security Administrator approvals required can be set based upon business needs. Know Who is Accessing Your Critical Data
SPxSHARC II can easily record all data access requests by user as “approved” or “denied” with real time logging. The reliable event
capture feature flags data access information that can be forwarded to event management systems for analysis.
SPxSHARC II supports several standard output formats such as Log Event Extended Format (LEEF), Common Event Format (CEF) and Cloud Auditing Data Federation (CADF) for easy integration with existing products. This combination of SPxSHARC II and SIEM products can make it possible to shorten the detection cycle on nefarious activities, reducing the risk of data compromise. Compliance Enablement
No matter the industry, SPxSHARC II addresses the most stringent compliance requirements with built-in data protection, data access processes,
cryptographic policy enforcement, auditing and reporting capabilities, and integrated key management.
SPxSHARC II can help you meet your key regulatory requirements for HIPAA, HITECH, FISMA, Sarbanes-Oxley, PCI, as well as other global requirements. Always on Data Protection, Powered by SPx™
SPxSHARC II’s unique cryptographic splitting technology assures confidentiality, data privacy and protection against brute force attacks. The SPx core which combines AES-256 certified
encryption, cryptographic splitting and internal key management has received the National Institute of Standards and Technology (NIST) FIPS 140-2 validation. SPxSHARC II also takes full advantage of the AES-NI hardware acceleration available in most current processors for optimal performance. In addition, because it used certified algorithms, no “skeleton key” or “backdoor” exists, even for intelligence or law enforcement agencies.
securityfirstcorp.com 888-884-7152
SPxSHARC II Overview
Volume and File Level Encryption Capability Versatility in SPxSHARC II allows customers to deploy agents that encrypt data at the volume-level or for additional granularity, at
file-level. The volume encryption agent is a virtual block device that once installed is mounted to look like an attached disk. It encrypts and cryptographically splits all data in the volume prior to physical storage.
SPxSHARC II’s file encryption agent encrypts at the file-level based upon fine-grained file or directory level policies. This allows for cryptographic security based upon User, File or Group. SPxSHARC II gives you the flexibility to encrypt above or below the file system, either way ensuring protection from the server to the storage environment. About Security First Corp. Security First Corp. started in 2002 to combat the complex cyber security landscape brought on by the exponential growth of data. Building a new age of data security science, we've perfected it into the most powerful security technology, SPx. Recognized across the industry for its unrivaled capabilities, we're working to make unsurpassable data protection possible for enterprises and governments across the world.
Contact Us For more information or to schedule a product demonstration:
888-884-7152
www.securityfirstcorp.com
For information about becoming a Channel Partner:
Jeff Hornberger
888-884-7152, ext. 126
[email protected] For information about OEM opportunities:
Russ Fulford
888-884-7152, ext. 130
© Security First Corp. 2017. Security First Corp., the Security First Corp. logo, SPx, SPxSHARC II, the SPxSHARC II logo, and securityfirstcorp.com are all trademarks of Security First Corp., registered in many jurisdictions worldwide. Other products and services may be trademarks of Security First Corp. or other companies. This document is current as of the data of publication and may be updated by Security First Corp. at any time. The data discussed and presented herein were derived under specific operating conditions. Actual results may vary. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” AND WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED. Availability of any products included in this document is at the sole discretion of Security First Corp. and may change without notice. Contact us at securityfirstcorp.com to get the latest details. All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of Security First Corp., except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, please contact us at: Security First Corp. 29811 Margarita Parkway, Suite 600, Rancho Santa Margarita, CA 92688 1“2016 Cost of Data Breach Study: Global Analysis,” Ponemon Institute 16-20150-000 Rev. A0