Thales TCT Product Updates

Thales TCT is pleased to announce the release of High Speed Encryption (HSE) Firmware (FW) V5.1. Continuing our commitment to provide innovative products that meet our customers’ security needs, HSE FW 5.1 contains a number of customer requested enhancements, product maintenance items, and documentation improvements.

Thales TCT recommends that all HSEs be updated to the V5.1 firmware as soon as possible. The V5.1 is not backward compatible with prior versions of code but provides extensive feature advancements, updates to meet the latest security standards, and address critical known issues as outlined below. Thales TCT will still offer HSE FW V 2.7.1 to customers who require previous versions of code.

Feature Enhancement

The V5.1 firmware release introduces Transport Independent Mode (TIM) which provides network independent encryption allowing customers to secure data in motion at layer 2, 3, or 4. In addition to the TIM enhancement, 100G Forward Error Correction (FEC) and GCM mode, and support for EQKD were added. Please refer to the Customer Release Note (CRN) and Users Guide for a full list of features now available.

Security Standard Updates

V5.1 firmware meets the latest NIST guidance set out in the Transitioning the Use of Cryptographic Algorithms and Key Lengths publication (SP800-131A). These updates to the V5.1 firmware render it inoperable with any prior version. It is recommended that all fielded units be upgraded to Firmware V5.1 to meet the latest NIST guidance and to ensure interoperability within the network. Please see the Release Notes for further details on interoperability and upgrade caveats.

Known Issue/Bug Fix

The HSE software library requires modification in order to address an undesired function. The fix removes an authentication mechanism whereby self-signed encryptor certificates may be accepted during session establishment. The change reduces the scope of accepted certificates, but does not alter the underlying security or cryptographic mechanism. Patches are available via Thales TCT customer support to address this issues.

To learn more about high speed encryption, visit www.thalestct.com/hse.

The SafeNet Ethernet Encryptor CN6140 is now available for sale to the U.S. Federal Government. The CN6140 is a multi-port (1 or 10 Gbps), high-assurance encryptor designed to provide up to 40 Gbps (4x10), full line rate transparent encryption for all voice, video, and data communications moving across dark fiber, and metro or wide area Ethernet networks (MAN or WAN).
 
CN6140 Highlights:

• 8 x SFP+ physical ports 
• Supports 1/10 Gbps interfacing
• Up to 40Gbps total throughput (4x10G)
• Industry Low Overhead
• Ultra-low Latency
• Crypto Agile Platform
• Supports Future Security Requirements

5.0.1 Firmware Release

In addition to the new hardware appliance, a firmware update is available for all HSE appliances and includes the following new features and enhancements:

• KeySecure for Government integration now available for all hardware platforms
• Meets NIST SP800-131A Key transition requirements
• FIPS 140-2 Level 3 certification in process. 
• DODIN APL certification to begin post-FIPS certification
• Forward Error Correction (FEC) on CN9120 devices

Note: Firmware is not backwards compatible due to changes in support of new NIST requirements.

Download the resources below to learn more about the SafeNet Ethernet Encryptor CN6140

• CN6140 Product Brief

The SafeNet Virtual Encryptor CV1000 is now available for sale to the U.S. Federal Government. The CV1000, the first hardened virtual encryptor, is designed for extended WANs and SD-WANs. The CV1000 delivers robust encryption security for data-in-motion across high speed carrier WAN links up to 5 Gbps. 

The CV1000 uses Network Function Virtualization (NFV). NFV enables organizations to programmatically define and execute the services that run on networks. NFV infrastructures are comprised of virtual network functions (VNF), the components that deliver specific services. The CV1000 is a VNF that delivers flexibility, scalability and responsiveness while reducing capital expenditure requirements.

Virtualized encryption provides organizations with an operational and expense friendly alternative to using a hardware appliance for securing data in motion across networks and meeting security and compliance requirements.

Download the resources below to learn more about the SafeNet Virtual Encryptor CV1000:

• CV100 Product Brief 
• CV1000 Data Sheet
• CV1000 Infographic 
• Best Practices for Securing Network Function Virtualization Environment White Paper

SafeNet AT is announcing End-of-Sale and Last Time Buy opportunities for SafeNet Multilink Encryptor CN8000, 5X10GBPS With Chassis, 8002 Cards, SafeNet Multilink Encryptor, CN8000, 10X10GBPS With Chassis, 8002 Card, and CN8000 interface card 8002 (Ethernet ONLY).

We encourage our customers to transition to the SafeNet Multilink Encryptor CN8000 with 8003 Cards, a best-in-class high-assurance encryption solution providing maximum security and performance, and certified to the highest security standards. SafeNet High Speed Encryptors (HSE) ensure the most secure data-in-motion protection, maximum performance, near-zero overhead with “set and forget” management, and lowest total cost of ownership.

Limited quantities remain; products are available on a first-come, first-served basis.

Maintenance will be available for renewal through January 1, 2020

Ethernet Platforms for End-of-Sale:

• SafeNet Multilink Encryptor CN8000, 5X10GBPS With Chassis, 8002 Cards
• SafeNet Multilink Encryptor CN8000, 10X10GBPS With Chassis, 8002 Card
• CN8000 interface card 8002 (Ethernet ONLY)

The following are key dates in the End-of-Sale process:

• End-of-Sale Date: 3/31/2019
• tart of Good Faith Support: 1/1/2022
• End-of-Life/End-of-Support: 12/31/2022

The following is a list of HSE part numbers affected by this announcement, including, but not limited to, the part numbers listed below:

• 936-099649-001 - Ethernet Encryptor CN8000, 5X10GBPS With Chassis, 8002 Cards
• 936-099648-001 - Ethernet Encryptor CN8000, CN8000, 10X10GBPS With Chassis, 8002 Card

As of July 1, 2018, SafeNet AT is announcing End-of-Sale and last time buy opportunities for the SafeNet Ethernet Encryptor CN6040. We encourage our customers to transition to the SafeNet High Speed Encryptor CN6010. The CN series encryptors offer best-in-class high-assurance encryption solutions, providing maximum security and performance, and certified to the highest security standards. SafeNet High Speed Encryptors ensure the most secure data-in-motion protection, maximum performance, near-zero overhead with “set and forget” management, and lowest total cost of ownership. This notice does not affect SafeNet Fiber Channel Encryptor CN6040.

• Limited quantities remain; products are available on a first-come, first-served basis 
• Maintenance will be available for renewal through 12/31/2020 

Ethernet Platforms for End-of-Sale

• SafeNet Ethernet Encryptor CN6040 

Key Dates in the End-of-Sale Process:

• End-of-Sale Date: 12/31/2018 
• Start of Good Faith Support: 1/1/2021 
• End-of-Life/End-of-Support: 12/31/2022 

The following is a list of HSE part numbers affected by this announcement:

• Description: ETHERNET ENCRYPTOR,1GBPS,DUAL DC,CN6040 
• End-of-Sale Part Number: 936-099892-001 

Alternative Products
Customers using these products are encouraged to migrate to the SafeNet Ethernet Encryptor CN6010.

The first choice for Layer 2 encryption, SafeNet High Speed Encryptors from SafeNet AT are field proven to secure data in transit including time-sensitive voice and video streams, as well as metadata for enterprise and government organizations, defense agencies, global financial transactions networks, and the world’s biggest cloud services providers. The SafeNet CN4000, CN6000, CN8000, and CN9000 Series Encryptors help organizations encrypt an even broader range of network traffic across more location types – from the data center to branch offices, and up to the cloud and back at speeds from 10 Mbps to 100 Gbps.