Complete security, privacy and control of your data begins with SPxSHARC® II Highlights
The “Protect Everything” Security Strategy
• Manage encryption and policy enforcement across your entire enterprise from a single point
Organizations suffer every day from sophisticated cyber attacks, insider threats, and employee errors and omissions. These attack vectors, when successful, cost up to hundreds of millions of dollars to remediate.
• Easily design and administer data access policies with customer-defined roles at the user and group levels
Maintaining control of critical data is the only way to minimize exposure in the event of breach, and a data-centric management strategy must be employed across the enterprise to ensure your most sensitive data is protected.
• Protect sensitive data with sophisticated cryptographic splitting technology • Leverage integrated, transparent key management that conforms to regulatory requirements • Be audit ready with user access and activity logs that seamlessly integrate into existing Security Information and Event Management (SIEM) systems
The ideal data protection solution needs to encrypt data, but it also must provide robust access control capabilities across an entire infrastructure. The solution must be easy to deploy, administer and manage, and needs to scale quickly as the enterprise grows. SPxSHARC II focuses on these critical aspects of data protection and makes it easier to implement and manage a “protect everything” security strategy. A breadth of enhanced features covering data access management, integrated key management, and sophisticated encryption combine to deliver comprehensive protection, control, and integration to protect even the most sensitive workloads across the enterprise.
Figure 1
Key Features
Regulatory Compliance
Built-in Key Management
Policy-based Access Control
SPxSHARC II Central Management Console
Data Privacy
securityfirstcorp.com
Access Logging for Audit
Protect Data Anywhere
888-884-7152
SPxSHARC II Overview
ACHIEVE OPERATIONAL EFFICIENCY SPxSHARC II allows you to manage the entire data protection process across local, private, public, and cloud infrastructures – from a single vantage point. Its easy-to-use, agent-based deployment model protects sensitive data on servers (physical or virtual), no matter where it resides. SPxSHARC II seamlessly integrates with existing directory services and Security and Information Event Manager (SIEM) systems to offer a cohesive protection strategy across your enterprise.
Single Pane of Glass Management
Scalable to Your Environment
The SPxSHARC II centralized virtual management console provides you with a single source to provision, deploy, and manage all instances of the encryption agents across your enterprise. It is easily deployed as a virtual appliance into any virtualized environment across one or more data centers. SPxSHARC II agents are deployable to any virtual or physical server running a supported Operating System (OS). The management server can be hosted wherever you choose, including on-premises. This keeps your keys out of the cloud while managing your data encryption remotely.
No matter your industry or business size, SPxSHARC II can be tailored to your specific requirements, with scalability features independent of your data storage environment. Whether you are a SMB looking to protect select data, a large enterprise looking to protect vast amounts of data, or wanting to make the move to the cloud – SPxSHARC II is the perfect solution.
The SPxSHARC II console gives you a holistic view of your data protection and complete cryptographic control over policy enforcement and user data access across your data center environment. From the console, you also define and manage access policies, create and manage keys and aggregate access logs.
Agile and Easy to Use SPxSHARC II can scale to protect large enterprise workloads and easily integrates into existing or new multi-cloud architectures. The management console can be made highly available in any environment to assure access to your data when needed, and it can be distributed across your data centers to support disaster recovery (DR) architectures. It supports all cloud or data center environments (figure 2).
Figure 2
RESTful API Enabled SPxSHARC II uses a RESTful API so that automation can be easily applied. All management console functions are available via the API. Large scale deployments can be managed using the API and basic scripting, facilitating significant resource and cost savings.
Transparent to the End User SPxSHARC II agents operate at the kernel level of the servers they are deployed on for optimal performance. Data is protected transparently during the process of writing files to disk without end user interaction or a noticeable impact in performance.
Integrated Key Management With its unique integrated and transparent built-in key management, all phases of key lifecycle management stay in your control, streamlining the key management process. Key creation, rotation, and revocation/shred conform to industry compliance requirements. Security keys can be stored locally by the SPxSHARC II management console or exported using the Key Management Interoperability Protocol (KMIP) to a compliant external keystore. This approach provides flexible options to control where your keys are stored, while also preventing cloud vendor access.
MAINTAIN COMPLETE MANAGEMENT OVER YOUR DATA NO MATTER WHERE IT RESIDES - LOCAL, REMOTE, HYBRID OR CLOUD
securityfirstcorp.com
888-884-7152
SPxSHARC II Overview
MITIGATE RISK & MANAGE COMPLIANCE Powerful features in SPxSHARC II reduce risk of data exposure and aid in meeting compliance mandates, whether regulated or voluntary, as part of your overall information security process. You can easily manage who, what, when, where and how data is accessed.
Role-Based Data Access Controls Working with your existing directory services, SPxSHARC II’s robust role-based access controls allow an administrator to define a second layer of data access control policies that are based upon roles and job functions. This additional policy is used to specify which filesystem functions are authorized (read/write/etc.) and the level of data access logging desired. By limiting access to only who you designate, SPxSHARC II ensures your data is always secure and always private.
multi-Security Administrator approval process. The number of Security Administrator approvals required can be set based upon business needs.
These access policies start with the default concept of Least Privileged Access (LPA) to control access rights for users, groups or processes. SPxSHARC II automatically uses LPA to deny access to all users unless they have been specifically granted access permissions through the policy. SPxSHARC II works in conjunction with a directory service (e.g. Lightweight Directory Access Protocol (LDAP), Active Directory), and the user must be granted rights in both systems to access and view decrypted data.
SPxSHARC II supports several standard output formats such as Log Event Extended Format (LEEF), Common Event Format (CEF) and Cloud Auditing Data Federation (CADF) for easy integration with existing products. This combination of SPxSHARC II and SIEM products can make it possible to shorten the detection cycle on nefarious activities, reducing the risk of data compromise.
Privileged Access Management (PAM) PAM restrictions can be enforced via policy eliminating system administrators and root users from seeing clear text data. This allows privileged users to still do their job without concerns about them accessing or stealing private data, giving you complete control over your data privacy and ensuring confidentiality even when entrusting your data to a cloud service provider.
Know Who is Accessing Your Critical Data SPxSHARC II can easily record all data access requests by user as “approved” or “denied” with real time logging. The reliable event capture feature flags data access information that can be forwarded to event management systems for analysis.
Compliance Enablement No matter the industry, SPxSHARC II addresses the most stringent compliance requirements with built-in data protection, data access processes, cryptographic policy enforcement, auditing and reporting capabilities, and integrated key management. SPxSHARC II can help you meet your key regulatory requirements for HIPAA, HITECH, FISMA, SarbanesOxley, PCI, as well as other global requirements.
Always on Data Protection, Powered by SPx™ Strong and Distinct Separation of Duties By default, SPxSHARC II creates two distinct roles – Product and Security Administrators. The Product Administrator role deploys the software and monitors the general health of the SPxSHARC II system and agents through system event logs. This role has no visibility into policy definitions, agent configurations, deployments or policy logs. The Security Administrator role determines and approves data access rights, manages keys, defines policies, deploys agents, sets logging parameters, and creates the
securityfirstcorp.com
SPxSHARC II’s unique cryptographic splitting technology assures confidentiality, data privacy and protection against brute force attacks. The SPx core which combines AES-256 certified encryption, cryptographic splitting and internal key management has received the National Institute of Standards and Technology (NIST) FIPS 140-2 validation. SPxSHARC II also takes full advantage of the AES-NI hardware acceleration available in most current processors for optimal performance. In addition, because it used certified algorithms, no “skeleton key” or “backdoor” exists, even for intelligence or law enforcement agencies.
888-884-7152
SPxSHARC II Overview
Volume and File Level Encryption Capability
Contact Us
Versatility in SPxSHARC II allows customers to deploy agents that encrypt data at the volume-level or for additional granularity, at file-level. The volume encryption agent is a virtual block device that once installed is mounted to look like an attached disk. It encrypts and cryptographically splits all data in the volume prior to physical storage.
For more information or to schedule a product demonstration:
SPxSHARC II’s file encryption agent encrypts at the filelevel based upon fine-grained file or directory level policies. This allows for cryptographic security based upon User, File or Group. SPxSHARC II gives you the flexibility to encrypt above or below the file system, either way ensuring protection from the server to the storage environment.
888-884-7152
[email protected] www.securityfirstcorp.com For information about becoming a Channel Partner:
Jeff Hornberger 888-884-7152, ext. 126
[email protected]
For information about OEM opportunities:
Russ Fulford About Security First Corp.
888-884-7152, ext. 130
Security First Corp. started in 2002 to combat the complex cyber security landscape brought on by the exponential growth of data. Building a new age of data security science, we've perfected it into the most powerful security technology, SPx. Recognized across the industry for its unrivaled capabilities, we're working to make unsurpassable data protection possible for enterprises and governments across the world.
[email protected]
© Security First Corp. 2017. Security First Corp., the Security First Corp. logo, SPx, SPxSHARC II, the SPxSHARC II logo, and securityfirstcorp.com are all trademarks of Security First Corp., registered in many jurisdictions worldwide. Other products and services may be trademarks of Security First Corp. or other companies. This document is current as of the data of publication and may be updated by Security First Corp. at any time. The data discussed and presented herein were derived under specific operating conditions. Actual results may vary. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” AND WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED. Availability of any products included in this document is at the sole discretion of Security First Corp. and may change without notice. Contact us at securityfirstcorp.com to get the latest details. All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of Security First Corp., except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, please contact us at: Security First Corp. 29811 Margarita Parkway, Suite 600, Rancho Santa Margarita, CA 92688 1
“2016 Cost of Data Breach Study: Global Analysis,” Ponemon Institute
16-20150-000 Rev. A0 securityfirstcorp.com
888-884-7152
