Capability Domains met by Thales Trusted Cyber Technologies (TCT)

Thales Products for Access Control

Thales Transparent Encryption, Data Security Manager, Luna Hardware Security Modules, High Speed Encryption, and Authentication products help organizations address the Access Control capability domain.

Thales Transparent Encryption Agents

Thales Transparent Encryption Agents installed on hosts intercept every attempt made to access protected data based upon a set of rules that will either permit or deny the access attempt. Each security rule evaluates who, what, when, and how protected data is accessed and, if these criteria match, the agent will permit or deny access.

Thales Data Security Manager

Thales Data Security Manager (DSM) is a hardened appliance for optimum security and comprises a policy engine and a central key and policy manager. The set of rules is defined in a policy is configured on the Thales DSM and downloaded to the agent through a secure SSL network connection. It provides separation of duties between data owners, administrators, key managers, and security managers.

One of the functions of the Thales DSM is the notion of domain administration. A Domain is logical entry that is used to separate administrators and the data they access from other administrators, and can be applied internally to a program, a fixed number of programs, or externally to an entire enclave.

The credentials of each of these domains can be integrated into Active Directory or LDAP groups, and monitors number of logins, login attempts, previous logons, and will lock each role out after 15 minutes of inactivity. The use of these domains and the protection of data through the use of Thales “guard points” enforces Least Privilege that is defined in an Information System’s Security Plan, Concept of Operation, and proven through testing.

Luna HSMs

Luna HSMs can also be separated into cryptographically isolated partitions, with each partition acting as if it was an independent HSM This provides a tremendous amount of scalability and flexibility, as a single HSM can protect the cryptographic keys of several independent applications. Luna Network HSM partitions are designed with independent access controls and key storage, allowing use in multi-tenant environments.

Safeguard Data in Motion

Safeguard data in motion with high speed network encryption, proven to meet network performance demands for real time low latency and near-zero overhead, providing security without compromise for data traversing networks across data centers and the cloud.

Preferred by the world’s most secure organizations, the tamper resistant HSEs are certified to Common Criteria and FIPS 140-2 Level 3 requirements and supports standards based, end-to-end authenticated encryption and client-side key management. Advanced security features include traffic flow security, support for a wide range of elliptic curves (Safe Curves, Brainpool, NIST). VLAN based encryption provides unique key pairs in hub and spoke environments to protect against mis-configured traffic. For high-assurance environments, the encryptors also nested encryption.

Thales TCT's Smart Card 650

Thales TCT’s Smart Card 650 (SC650) is the most secure, certificate-based smart card available today. It supports numerous algorithms, X.509 digital certificates, the SC650 enables strong two-factor authentication and proof-positive user identification in all Public Key Infrastructure (PKI) environments. The SC650 securely stores the user’s credentials, such as digitally signed certificates, private keys, and network login credentials and seamlessly supports secure key generation, secure key storage, encryption/decryption, and digital signature processing (sign and verify).