CipherTrust Manager offers the industry leading enterprise key management solution enabling organizations to centrally manage encryption keys, provide granular access control and configure security policies. CipherTrust Manager is the central management point for the CipherTrust Data Security Platform. It manages key lifecycle tasks including generation, rotation, destruction, import and export, provides role-based access control to keys and policies, supports robust auditing and reporting, and offers developer friendly REST API.
CipherTrust Manager is available in both virtual and physical form-factors that integrate with FIPS 140-2 validated Thales TCT Luna T-Series and third-party Hardware Security Modules (HSMs) for securely storing master keys with highest root of trust. These appliances can be deployed on-premises in physical or virtualized infrastructures and in public cloud environments to efficiently address compliance requirements, regulatory mandates and industry best practices for data security. With a unified management console, it makes it easy to set policies, discover and classify data, and protect sensitive data wherever it resides using the CipherTrust Data Security Platform products.
- Centralized key management for multiple on-premises data stores and cloud infrastructures
- Reduced risk with unified data discovery, classification and sensitive data protection
- Simplified management with self-service licensing portal and visibility into licenses in use
- Cloud friendly deployment options with support for AWS, Azure, Google Cloud, VMware, Oracle Cloud Infrastructure and more
- Support for superior key control with Thales TCT’s T-Series HSM
- Unparalleled partner ecosystem of integrations with leading enterprise storage, server, database, application and SaaS vendors
FULL KEY LIFECYCLE MANAGEMENT AND AUTOMATED OPERATIONS:
Simplifies management of encryption keys across their entire lifecycle, including secure key generation, backup/restore, clustering, deactivation, and deletion. It makes automated, policy-driven operations easy to perform, and generates alarms for events of interest.
UNIFIED MANAGEMENT CONSOLE
Provides a unified console for discovering and classifying sensitive data integrated with a comprehensive set of CipherTrust Data Protection Connectors to encrypt or tokenize data to reduce risk and satisfy compliance regulations
CENTRALIZED ADMINISTRATION AND ACCESS CONTROL
Unifies key management operations with role-based access controls and provides full audit log review. Authenticates and authorizes administrators and key users using existing AD and LDAP credentials.
MULTI-TENANCY SUPPORT
Provides capabilities required to create multiple domains with separation of duties to support large organizations with distributed locations.
DEVELOPER FRIENDLY REST APIS
Offers new REST interfaces in addition to KMIP and NAE-XML APIs, for developers to simplify deployment of applications integrated with key management capabilities and automate testing and development of administrative operations.
ROBUST AUDITING AND REPORTING
Includes tracking of all key state changes, administrator access, and policy changes in multiple log formats (RFC-5424, CEF, LEEF) for easy integration with SIEM tools.
ROOT OF TRUST
CipherTrust Manager can use Thales TCT’s Luna T- Series HSMs as root of trust. Meeting government mandates for U.S. Supply Chain, the high-assurance, tamper-resistant Luna T-Series HSMs are designed, developed, manufactured, sold, and supported in the United States. CipherTrust k160 uses a removable FIPS 140-2 certified token or high assurance token as a root of trust.
| Virtual Appliances | Physical Appliances | |||
| Features | k170v | k470v | k160 | k570* |
| Administrative Interfaces | Management Console, REST API, kscfg (system configuration), (ksctl (Command Line Interface) | |||
| Network Management | SNMP v1, v2c, v3, NTP, Syslog-TCP | |||
| API Support | REST, NAE-XML, KMIP, PKCS#11, JCE, .NET, MCCAPI, MS CNG | |||
| Security Authentication | Local User , AD, LDAPS, Certificate based authentication, Supports Open ID Connect (OIDC) | |||
| System Formats | RFC-5424, CEF, LEEF | |||
| Supported HSMs for Root of Trust | Luna Network HSM, Luna T-Series Network HSM, Luna Cloud HSM, AWS Cloud HSM, Azure Dedicated HSM, IBM Cloud HSM, IBM Cloud Hyper Protect Crypto Services Cloud HSM | Removable token HSM using either a FIPS 140-2Certified Token or High Assurance Token | Embedded FIPS 140 Level 3 & CNSS approved Luna T-series HSM | |
| Maximum Number of Keys | Tested up to 1M Keys (more possible with appropriately sized virtual environments) | Tested up to 1M Keys (more possible with appropriately sized virtual environments) | Maximum capacity of 10,000 symmetric keys.
Maximum of 100 keys using concurrent connections. |
1 Million Keys |
| Maximum Domains (multi-tenancy) | 100 | 1000 | 100 | 1000 |
CipherTrust Manager Physical Appliance
| k160 | k570 | |
|---|---|---|
| Dimensions | 6.5” x 4.0” x 1.5” (165.1mm x 101.6mm x 38.1mm) | 19” x 21” x 1.725” (482.6mm x 533.4mm x 43.815mm) |
| Hard Drive | 1x 128GB mSATA SSD SE | 1x 2TB SATA SE (Spinning Disk) |
| CPU | Atom E3845 Processor SoC | Xeon E3-1275v6 Processor |
| RAM | 8GB | 16GB |
| NIC Support | 1x 1GB | 4x1GB or 2x10Gb/2x1Gb (NIC Bonding capable) |
| Rack Mount | Standard 1U shelf mount can be optionally purchased (can house up to two k160s) | Standard 1U rack mountable Sliding rails can be optionally purchased |
| Power | External power supply included, locking DC connector | Dual hot swappable power supplies |
| Safety and Compliance | FCC, CE | CSA C-US, FCC, CE, VCCI, C-TICK, KC Mark, BIS |
| Mean Time Between Failure | 170,869 hours | 153,583 hours |
| FIPS Support | Removable FIPS 140-2 Token or High Assurance Token HSM | Embedded FIPS 140 Level 3 & CNSS approved Luna T-series HSM |
CipherTrust Manager Virtual Appliance
| k170v | k470v | |
| System Requirements |
|
|
| Clouds/Hypervisors Supported |
|
|
*Thales TCT can also offer CipherTrust k470 physical appliance. CipherTrust k470 offers the same features and specifications as CipherTrust k570 but does not include an embedded HSM. CipherTrust k470 utilizes an external FIPS Certified Physical or Cloud HSM as secure root of trust.
| Image | Title | Link |
|---|---|---|
 | 90Meter | |
 | Advanced data protection for AWS S3 with CipherTrust Transparent Encryption Solution Brief | |
 | Amazon Web Services (AWS) | |
 | AppViewX | |
| AppViewX and Thales Trusted Cyber Technologies Luna Network HSM Solution Brief | |
 | Avoiding Amazon S3 Data Leaks with Scalable Encryption and Access Controls Solution Brief | |
 | Axway | |
 | Best Security Practices for milCloud Data Migration Solution Brief | |
 | Blue Prism | |
 | CipherTrust Cloud Key Manager Product Brief | |
 | CipherTrust Data Discovery and Classification Walkthrough | |
| CipherTrust Data Protection Gateway Product Brief | |
 | CipherTrust Data Security Platform Data Sheet | |
| CipherTrust Data Security Platform Self Guided Tour | |
| CipherTrust Encryption key management solutions for Microsoft® SQL Server® and Oracle® Database Solution Brief | |
| CipherTrust Live Data Transformation Product Brief | |
| CipherTrust Manager k160 Product Brief | ||
| CipherTrust Manager k570 Product Brief | |
| CipherTrust Manager Product Brief | |
| CipherTrust Platform Community Edition | ||
| CipherTrust Security Intelligence Product Brief | |
| CipherTrust Teradata Protection Solution Brief | |
| CipherTrust Transparent Encryption for Kubernetes Product Brief | |
| CipherTrust Transparent Encryption for Teradata Vantage Solution Brief | |
| CipherTrust Transparent Encryption Product Brief | |
| CM7 Network Manager Product Brief | ||
| CN4010 Product Brief | |
| CN4020 Product Brief | |
| CN6010 Product Brief | |
| CN6100 Product Brief | |
| CN6140 Product Brief | |
| CN9120 Product Brief | |
| Cohesity | ||
| Cohesity and KeySecure for Government | |
 | CTERA | |
| CTERA Enterprise File Services Platform and Thales TCT CipherTrust Manager Solution Brief | |
 | CTO Sessions On Demand: Best Practices for Data in Transit Encryption | |
| CTO Sessions On Demand: Preventing Ransomware in Microsoft 365 Environments | |
| CTO Sessions Webcast Series: Securing the Convergence of HPC and AI in the Enterprise | |
| CV1000 Product Brief | |
| Cyber EO Compliance Video Series – Part 2 – Multi-Factor Authentication | |
| Cyber EO Compliance Video Series – Part 3 – Data at Rest Encryption | |
| Cyber EO Compliance Video Series – Part 4 – Data in Transit Encryption | |
| Cyber EO Compliance Video Series – Part 5 – Securing Cloud Deployments | |
| Cyber EO Compliance Video Series – Part 6 – Implementing a Zero Trust Architecture | |
 | CyberArk | |
| Data Discovery & Classification Product Brief | |
| Data Discovery & Classification Solution Brief | |
| Data Protection Solutions for the Edge Solution Brief | |
| Dell and Thales TCT Integration Brief | |
 | Dell EMC | |
| Dell Technologies and Thales Delivering Secure & Dfficient storage | |
| DoD STIG Compliance Virtualization-Based Security – External Key Management Solution Brief | |
 | eBook: Encrypt Everything | |
 | eBook: High Speed Ethernet WAN | |
 | eBook: Ryuk: Everything You Need to Know About the Ransomware Targeting U.S. Governments & Government Agencies | |
| Enterprise Key Management for NetApp Solution Brief | |
| Enterprise Key Management Solutions for KMIP Clients, TDE and LUKS Solution Brief | |
 | Entrust | |
| Entrust and Thales TCT HSMs Solution Brief | |
 | Enveil | |
 | F5 | |
 | Google Cloud | |
 | HashiCorp | |
 | Hewlett Packard Enterprise (HPE) | |
| HID ActiveID and Thales TCT Luna Network HSM Solution Brief | |
 | HID Global | |
 | Hitachi Vantara | |
| How Ransomware attacks leverage unprotected RDPs Solution Brief | |
| How to Integrate UiPath with Thales TCT’s Luna Credential System | |
| HPE 3PAR StoreServ and Thales CipherTrust Manager | |
| HPE servers and storage with Thales CipherTrust Data Security Platform Solution Brief | |
 | IBM | |
| Industry Insight: Supply Chain Risk Management | |
 | InfoBlox | |
 | Infographic: CipherTrust Data Security Platform Infographic | |
 | Infographic: Luna Credential System | |
 | Information Security Corporation (ISC) | |
| Integrated Data Discovery and Classification with Enhanced Protection Product Brief | |
 | Intercede | |
| Introduction to Thales’ CipherTrust Enterprise Key Management Solutions | |
| ISC and Thales TCT HSM Solution Brief | |
| KeySecure G160 Product Brief | ||
| KeySecure G350v Product Brief | ||
| KeySecure G460 Product Brief | ||
 | Klas Telecom Government | |
| Luna as a Service Solution Brief | |
| Luna Credential System & UiPath RPA: Addressing Federal CAC/PIV Requirements with PKI Authentication | |
| Luna Credential System Product Brief | |
| Luna Credential System Video | |
| Luna G5 for Government HSM Product Brief | ||
| Luna HSMs for Commercial Solutions for Classified (CSfC) Solution Brief | ||
| Luna Network HSM Product Brief | |
| Luna PCI-E for Government HSM Product Brief | ||
| Luna PCIe HSM Product Brief | |
| Luna SA for Government Product Brief | ||
 | MarkLogic | |
 | Microsoft | |
| Microsoft Azure Advanced Data Protection Solution Brief | |
 | MongoDB | |
| Multi-Factor Authentication for CipherTrust Transparent Encryption | |
 | NetApp | |
| NetApp and Thales TCT Solution Brief | |
| Network Encryption Family Overview Brief | |
 | Nutanix | |
| Nutanix and Thales TCT Solution Brief | |
| On Demand Master Class: Zero Trust Beyond the Buzzword | |
| On Demand Webinar – Intelligence Community: Cyber Security is National Security | |
| On Demand Webinar: Best Practices for Cloud Data Protection | |
| On Demand Webinar: Best Practices for Data Visibility | |
| On Demand Webinar: Building a Root of Trust to Secure the Most Sensitive Data | |
| On Demand Webinar: Complementing Splunk: Balancing Big Data Benefits & Big Risks | |
| On Demand Webinar: CTO Sessions: Data Protection at the Edge | |
| On Demand Webinar: Fireside Chat: Data Protection for Multi-Domain Operations | |
| On Demand Webinar: Getting to Compliance with the National Security Memo on Cybersecurity | |
| On Demand Webinar: How To Issue Hardware-Based Identity Credentials To Software Robots | |
| On Demand Webinar: No-Excuse Defenses Against Supply Chain Attacks | |
| On Demand Webinar: Rapid Protection for Teradata Database and Big Data Environments | |
| On Demand Webinar: Shifting the Mindset from “Breach Prevention” to “Acceptance” | |
| On Demand Webinar: The Key Pillars for Protecting Sensitive Data | |
 | Oracle | |
 | Palo Alto Networks | |
 | Panasas | |
| Panasas PanFS and Thales TCT CipherTrust Manager Solution Brief | |
 | Ping Identity | |
| Product Demo: Protecting AWS S3 Buckets: AWS KMS vs Transparent Encryption COS S3 from Thales | |
| Protecting Data with Thales CipherTrust Manager and Dell EMC PowerEdge Server | |
| Protecting Data with Thales Key Management and Dell EMC VxRail HCI System | |
| Quantum Enhanced Keys Solution Brief | |
 | Red Hat | |
| Redhat and Thales TCT Solution Brief | |
 | Research Study: Security Weaknesses in Data in Motion Identified in Cybersecurity Survey | |
| Robotic Process Automation Industry Insight | |
| RPA Cryptographic Authentication — Thales TCT and Blue Prism | |
| SafeNet Authentication Service Private Cloud Edition Product Brief | ||
| SafeNet IDPrime 930 and 930nc Product Brief | |
| SafeNet IDPrime PIV | |
| Securing Infoblox DNSSEC Implementations with Thales TCT’s Luna Network HSM Solution Brief | |
| Securing UiPath Credential Stores with Luna Vault Solution Brief | |
| Security Management Center Product Brief | |
| sKey3250 Product Brief | |
| Smart Card 650 Product Brief | ||
 | Solution Brief: Data Protection Solutions for the Edge | |
 | Solution Brief: Votiro + Office 365 | |
 | Splunk | |
| SureDrop Product Brief | |
| Thales Authentication Family Brief | ||
| Thales High Speed Encryption Solutions Family Overview | |
| Thales IDPrime FIDO 2.0 Smartcard Demo | |
| Thales TCT and Splunk Solution Brief | |
| Thales TCT HSM Product Family Overview Brief | |
| Thales TCT Luna Hardware Security Solutions for Microsoft Certificate Services | |
| Thales TCT Solutions for the NSM on Improving Cybersecurity of NSS Solution Brief | |
| Thales TCT Solutions for White House Executive Order on Cybersecurity | |
| Thales TCT: Protecting the Most Vital Data from the Core to the Cloud to the Field | |
 | Thales Trusted Cyber Technologies Product Overview | |
 | Thales Trusted Cyber Technologies Solutions for Continuous Diagnostics and Mitigation DEFEND | |
| Top 10 Reasons CipherTrust Intelligent Protection will Protect Your Data & Reduce Your Risk | |
| Top 10 Reasons for Protecting Your Organization with CipherTrust Data Security Platform | |
| Top 5 Ways to Comply with the White House EO on Cybersecurity – Part 1 – Setting the Stage | |
 | UiPath | |
| UiPath RPA Cryptographic Authentication with Luna Credential System | |
 | Venafi | |
| Video: CipherTrust Data Discovery & Classification | |
| Virtual CipherTrust Manager Product Brief | |
 | VMware | |
| VMware and Thales Deliver Secure Hyper-Converged Infrastructure Solution Brief | |
| VMware and Thales Deliver Secure Virtual Machine Encryption Solution Brief | |
| VMware and Thales TCT Integration Brief | ||
| Vormetric Data Security Platform Product Brief | ||
| Votiro + Office 365 Solution Brief | |
| Votiro Secure File Gateway for Email | |
| Votiro Secure File Gateway for Web Applications | |
| Votiro Secure File Gateway vs Secure Email Gateway Solution Brief | |
 | White Paper: Best Practices for Cloud Data Protection and Key Management | |
 | White Paper: Best Practices for Cryptographic Key Management | |
 | White Paper: Best Practices for Implementing the White House Executive Order on Improving the Nation’s Cybersecurity Infrastructure | |
 | White Paper: Best Practices for Secure Cloud Migration | |
 | White Paper: Best Practices for Securing Network Function Virtualization Environment | |
 | White Paper: CipherTrust Data Security Platform Architecture | |
 | White Paper: CipherTrust Transparent Encryption | |
 | White Paper: CJIS Data-in-Transit Encryption Standards | |
 | White Paper: Continuous Diagnostics and Mitigation: Data Protection & Assurance | |
 | White Paper: Data Protection at the Edge | |
 | White Paper: Ethernet WAN Solutions Compared | |
 | White Paper: High Assurance Encryption for Healthcare Network Data | |
 | White Paper: High Speed Encryption Solutions Across MPLS Networks | |
 | White Paper: HIPAA Compliance Checklist | |
 | White Paper: Key Management | |
 | White Paper: MACsec for WAN and High Assurance Encryptors | |
 | White Paper: Malicious Macros | |
 | White Paper: Network Independent Encryption | |
 | White Paper: NIST 800-53 Mapping to CipherTrust Data Security Platform | |
 | White Paper: NIST 800-57 Recommendations for Key Management Requirements Analysis | |
 | White Paper: NIST Cybersecurity Framework and Ransomware Prevention Guidance Mapping | |
 | White Paper: Own and Manage Your Encryption Keys | |
 | White Paper: Prevent Ransomware Attacks from Disrupting Your Agency with the CipherTrust Platform | |
 | White Paper: Roots of Trust | |
 | White Paper: Secure Multicast Transmission | |
 | White Paper: Securing Network-Attached HSMs | |
 | White Paper: Securing SD-WAN | |
 | White Paper: Securing the Keys to the Kingdom with Splunk and Thales | |
 | White Paper: Splunk and Thales Industry Standard Protection for Your Log Data | |
 | White Paper: Thales TCT Solutions for CMMC | |
 | White Paper: The Case for Centralized Multicloud Encryption Key Management | |
 | White Paper: The Importance of KMIP Standard for Centralized Key Management | |
 | White Paper: The Key Pillars for Protecting Sensitive Data in Any Organization | |
 | White Paper: Top Five Ways to Address Requirements in National Security Memo on Improving Cybersecurity of National Security Systems | |
| Zero Trust Solutions from Thales TCT Solution Brief |