Skip Navigation

Thales Trusted Cyber Technologies (TCT), a US-based provider of cybersecurity solutions, offers unified data protection solutions that reduce the risks associated with the most critical attack vectors at the edge and solve for the government’s most stringent encryption, key management, and access control requirements. Our solutions easily integrate into an existing cybersecurity infrastructure to extend your agency’s data protection ecosystem to the edge. Whether integrated with a third-party product or used as standalone solution, we can tackle a wide range of mission-critical challenges. Our solutions can be cost-effectively deployed across enclave environments or scale to large number of disconnected environments.

Download Solution Brief

CipherTrust k160 is a compact cryptographic key management platform that protects and manages cryptographic keys and associated policies used to encrypt the most sensitive data-at-rest. This cost-effective solution is ideal for small to medium sized deployments commonly found in small offices, remote sites, and tactical environments. CipherTrust k160’s small form factor allows it to be easily deployed in any environment while still providing the best in class security features customers are accustomed to finding in the CipherTrust product family.

Download Product Brief

Core computing functionality commonly found in data centers and in the cloud is also being deployed at the edge—data protection capabilities must transition with that move. Traditionally, data protection for civilian, intelligence, and defense agencies has been focused at the strategic, or core, level. Increasingly, it has become clear that true data protection must extend to the tactical or field-level edge. The same level of security previously reserved for strategic planning must also come into play at the edge. 

This white paper provides an overview of the security constraints at the edge and discussed how Thales TCT's data protection solutions address these mission critical challenges.

Download Now

View this on-demand recording to learn how federal agencies can ensure that their data is properly protected through data and content sanitization deployed in Microsoft 365 environments.

Thales TCT's and Votiro's security experts will overview how content disarm and reconstruction technology fits into Microsoft 365 environments including:

  • Reviewing the path of an advanced threat concealed in a zipped file that traditional detection-based solutions missed
  • Overviewing the different levels of CDR and what you should look for in this technology
  • Content Disarm & Reconstruction live demo - See it in action!

Watch Now

High speed networks are the critical foundation that supports many of an agency's most vital communications and operations. However, this foundation is at risk of surveillance and attack by increasingly sophisticated cyber criminals and well-funded nation states. These network connections, if unprotected, are proving to be highly vulnerable, leaving sensitive assets exposed. Threats such as shared infrastructure exposure, man-in-the-middle attacks, and metadata exposure leave agencies susceptible to a range of devastating repercussions.

Due to these risks, the White House Executive Order on Cybersecurity gives agencies until the beginning of November to implement data in transit encryption. So, what is the best way to protect network traffic? Encrypt everywhere—between data centers and headquarters to backup and disaster recovery sites, whether on premises or in the cloud.

In this webinar, attendees learned about the best practices for data in transit encryption. Attendees also learned how to efficiently and effectively protect their network traffic in order to safeguard it from threats.

Watch Now

This white paper discusses the encryption of multicast data traffic at Layer 2 to provide secure data transmission through high-speed networks. Thales CN series encryptors are devices that secure information transmitted at wire speeds across wide area Ethernet services. Encrypting multicast traffic is difficult because of the nature of the data flow. This paper describes how multicast traffic can be transmitted simply and securely by encrypting at Layer 2 in the OSI model.

Download Now

Votiro proactively removes malware threats from Office 365 email content and attachments, without significantly delaying email delivery. Votiro’s patented Content Disarm and Reconstruction-as-a-Service technology identifies the known-good elements of files, selecting them and moving them to a clean file template in a single, seamless process. 

Download Now

On January 19, 2022, the White House issued National Security Memorandum 8 (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. The memorandum requires National Security Systems to employ network cybersecurity measures equal to or greater than those required of federal civilian networks in Executive Order 14028, issued in May 2021.

The NSM builds on several parts of the EO, including adoption of a zero trust architecture and securing cloud services. Agencies covered by the NSM have 180 days to implement multifactor authentication and encryption of data at rest and in transit.

Join us as thought leaders from government and industry discuss how multifactor authentication and encryption of data provide the foundation for meeting zero trust and secure cloud requirements.

This webinar with hosted by FedInsider, Thales TCT and Carahsoft.


 Eric Sanders
 Chief Information Security Officer,
 Office of Intelligence and Analysis,


 Matthew Riddle
 Deputy Chief Information Officer
 for Cybersecurity and Operations,


 Gina Scinta
 Deputy Chief Technology Officer,

 Thales Trusted Cyber Technologies

 Michael Kennedy   
 Moderator & Senior National  
 Intelligence Service Officer (ret.)


Watch Now

On January 19, 2022, the White House issued a National Security Memorandum (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.  This NSM requires National Security Systems (NSS) to employ the network cybersecurity measures that are equivalent to or exceed those required of federal civilian networks in Executive Order (EO) 140281.


Section 1 of the NSM details the implementation of EO 1428 for NSS and outlines guidance for the:

  1. Implementation of multifactor authentication
  2. Implementation of encryption for NSS data-at-rest and data-in-transit
  3. Application of minimum security standards and controls related to cloud migration and operations
  4. Adoption of a Zero Trust Architecture
  5. Transition to quantum resistant encryption

This white paper discusses best security practices associated with the aforementioned key components of the NSM.  It additionally details how to implement these best practices with solutions from Thales Trusted Cyber Technologies (TCT). 

Download Now

High-performance computing (HPC) has long expanded from research labs to commercial use. Computational modeling and simulation along with high-performance data analytics using HPC systems are prevalent in industries from the design and manufacturing of aircrafts to consumer goods, life sciences, energy, and financial services.

The emergence of artificial intelligence (AI) and its symbiotic relationship with HPC has augmented traditional methods for modeling and analysis. HPC plus AI is HPC workloads using AI and AI workloads using HPC. It leverages the significant technological advancements in GPUs, ML frameworks, neural network architectures, networking, and storage protocols and solutions. This confluence is merging in the enterprise data center requiring adherence to standards around management and security.

The benefit from the convergence of these technological advancements appear limitless leading to bigger, better, and faster data analytics. From mission simulations to the collection and analysis of huge volumes of intelligence data, it is paramount that the data generated and stored by HPC and the evolving enterprise is properly secured.

The inaugural edition of Thales TCT and Carahsoft's CTO Sessions webcast series taught attendees about the convergence of Enterprise HPC and security. Thales TCT & Panasas tech experts discussed:

  • Advancement in HPC plus AI
  • How storage solutions can inherently adapt and scale meeting the demands of HPC, AI, and the enterprise
  • How to apply data security best practices without compromising performance

Watch Now

Watch an on demand recording of Thales TCT Deputy CTO Gina Scinta's presentation from the 2022 FCW Summit: Cybersecurity.

Watch Now

Thales TCT offers authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the NSM and EO 14028.

Download Now

Download this solution brief to learn how federal agencies can ensure that their data is properly protected through cloud-independent encryption and key management deployed in AWS, Azure, Google Cloud, and IBM Cloud environments as well as in private or hybrid cloud infrastructures. It discuses cloud security best practices including:

  • Bring Your Own Encryption (BYOE) which enables the highest level of data security in the cloud
  • Bring Your Own Key (BYOK) which add an additional layer of security to native cloud encryption

Download Now


During this webinar, attendees learned how Thales Trusted Cyber Technologies' Luna Credential System introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. This session discussed how the Luna Credential System can address multi-factor authentication challenges such as:

  • Issuing hardware-based identity credentials to NPEs and software robots
  • User authentication across the mobile workforce and a disparate variety of devices
  • Credential data protection to mitigate the risk of accidental loss or intentional compromise of a physical token
  • Digital signatures issuance for humans and NPEs
  • OMB Memo M-19-17, DoD Instruction 8520.3, and NIST 800-63-2 E Authentication compliance

Watch Now

Federal agencies require a simple way to correlate all security-relevant data so they can manage their security posture. Instead of merely watching events after they occur, agencies should anticipate their occurrence and implement measures to limit vulnerabilities in real time. For that, agencies need an analytics-driven SIEM platform such as Splunk.

However, once data is correlated by SEIM tools, it becomes extremely valuable. By integrating an encryption and key management solution such as CipherTrust Data Security Platform with Splunk, agencies can ensure that their operational intelligence is protected from surreptitious attacks.

Attendees learned how to protect Splunk indexes and provide enhanced visibility on the processes and users who are accessing protected data.

This webinar addressed topics such as:

  • Identifying anomalous process and user access patterns for investigation
  • Enabling data-at-rest encryption and privileged user access controls
  • Centralizing administration of encryption keys and data security policies
  • Collecting security intelligence logs without change to applications, databases or infrastructure

Watch Now

This solution brief provides an overview of Thales TCT's solutions that address foundational pillars of Zero Trust.

Download Now

SIEM solutions can be blind to possible threats to your protected data without the detailed data provided by CipherTrust Transparent Encryption’s Security Intelligence. CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed up threat detection using leading Security Information and
Event Management (SIEM) systems.

Download Now

Identifying complex security and compliance threats that puts your data at risk

With advanced persistent threats (APTs), now common—hackers are actively seeking to steal credit card data, personally identifiable information (PII), critical intellectual property (IP), and other legally protected information to sell to the highest bidder. Some of the most effective tools for fighting these attacks are the security intelligence and threat detection capabilities of Security Information and Event Management (SIEM) solutions. SIEM solutions monitor both real-time events and track long-term data to find anomalous patterns of usage, qualify possible threats to reduce false positives, and alert organizations when risks are detected. The CipherTrust Manager from Thales enhances SIEM solutions by providing an additional data feed on events that are occurring on the internal network and provides rich data points about protected data-at-rest. 

Download Now

The challenge with leveraging log data is it comes in an array of unpredictable formats, and traditional monitoring and analysis tools were not designed for the variety, velocity, volume or variability of this data. This is where a security information and event management (SIEM) vendor like Splunk comes in. Splunk’s industry-leading collect, categorize and correlate event data coming from various devices, systems and applications throughout the enterprise. It is an enterprise ready, fully integrated solution for log management, data collection, storage, and visualization.

In this paper, we will examine how CipherTrust Transparent Encryption from Thales secures the Splunk log repositories and databases. Then, we will show how Live Data Transformation, an extension of CipherTrust Transparent Encryption, can encrypt Splunk buckets seamlessly with zero-downtime. We will close with how the CipherTrust Security Intelligence solution for Splunk extends the reach of security information and event management (SIEM) capabilities to detect and counter attacks on sensitive data.

Download Now

Government agencies’ digital transformation has vastly increased the complexity of security. Technologies such as cloud computing, AI, IoT, analytics, machine learning, and edge computing open up more vulnerabilities and areas for a cyber-attack. Sensitive data is at a greater risk than ever before.

A strong foundation for digital security means you are protected without compromising agility, usability or scalability so that you can meet the high demands of regulations and audit requirements. Ensuring your cryptographic keys and digital identities are always secure and establishing integrity, confidentiality and trust between devices, users and data is critical.

Attendees learned how to implement a strong root of trust to secure most sensitive data. We discussed how hardware security modules (HSMs):

  • Secure critical data and digital identities
  • Support a variety of well-known and emerging cybersecurity use cases
  • Address compliance needs
  • Secure your infrastructure, network, devices, applications and data regardless of where they are located.

Watch Now

During this webinar, we discussed what agencies need to do before their networks are compromised. Discussion topics included:

  • Tips for adopting zero trust architecture
  • Key principles for protecting data from the data center to the cloud
  • Supply chain risk management requirements

Watch Now

Cloud Security Alliance's Cloud Controls Matrix states in section EKM-04 that "Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties." Download this white paper to learn how secure and manage your encryption keys in a multicloud environment.

Download Now

The White House issued an Executive Order on improving the Nation’s Cybersecurity on May 12, 2021. The Executive order gives agencies 180 days to “adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

Download Now

Thales TCT offers authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Download Now

Ransomware attacks targeting enterprises in a variety of sectors have skyrocketed during the first half of 2020. Criminals are taking advantage of our reliance on digital communications and remote working for sinister purposes. As a result, most of the ransomware incidents can be attributed to a limited number of intrusion vectors, with the top three being badly secured remote desktop protocol (RDP) endpoints, email phishing, and the exploitation of zero-day VPN vulnerabilities.

Download Now

The National Cybersecurity Center of Excellence (NCCoE) under the auspices of the National Institute of Standards and Technology (NIST) released guidance on identifying and protecting assets against ransomware. The Cybersecurity Special Publication (SP) 1800-25 lays out the steps to having a comprehensive strategy around protecting assets. It also shows that there is no silver bullet to address the menace of ransomware.

Thales Trusted Cyber Technologies (TCT) data security and access management solutions provide some of the most essential components of the cybersecurity framework proposed by NIST to protect organizations against ransomware. 

Download Now

Part 6 of this video series based on a recent Thales TCT webinar discusses Zero Trust.

Implementing a zero trust approach to data security is one of the best ways for agencies to protect their data. Agencies must act under the assumption that their networks have already been compromised. A good plan starts with taking a data-centric approach to security. This means focusing on what needs to be protected—the files containing sensitive information—and applying the appropriate form of protection no matter where the data happens to reside. To be effective, this must happen automatically; sensitive information should be identified as soon as it enters an organization’s IT ecosystem and should be secured with policy-based protection that lasts throughout the data lifecycle.


Part 5 of this video series based on a recent Thales TCT webinar discusses how to secure cloud deployments.

Government agencies should focus on implementing solutions that can simplify the data security landscape and reduce complexity across multiple clouds and legacy environments, as well as modern, cloud-based digital transformation technologies. Agencies should consider data security solutions that enable protection of data moving between clouds and out of the cloud to on-premises environments and should leverage centralized security solutions that orchestrate data security across multiple cloud platforms.


Protecting network transmitted data against cyber-attacks and data breaches is imperative. High-assurance network encryption features secure, dedicated encryption devices that protect data in transit. In order to be truly high assurance, these devices must use embedded, zero-touch encryption key management; provide end-to-end, authenticated encryption and use standards-based algorithms.

Part 4 of this video series based on a recent Thales TCT webinar discusses data in transit encryption. Thales TCT offers network encryption solutions that provide a single platform to encrypt everywhere— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud. Rigorously tested and certified, our network encryption solutions have been vetted by such organizations as the Defense Information Systems Agency (DoDIN APL) and NATO. Only through Thales TCT’s high-assurance network data encryption can you be assured your data is rendered useless in unauthorized hands and that it will remain secure beyond the data’s useful life.


Part 3 of this video series, based on a recent Thales TCT webinar, discusses Section 3.d of the Executive Order which requires the implementation of encryption for data at rest. Data at rest encryption with privileged user access controls significantly improves security posture and not only protects data at rest, but also encrypted workloads in the cloud. Role-based access policies enable a zero trust architecture by controlling who, what, where, when and how data can be accessed. Granular access controls enable administrative users to perform their duties while restricting access to encrypted data.

Thales TCT offers data at rest encryption solutions that deliver granular encryption and role-based access control for structured and unstructured data residing in file servers, databases, applications, and storage containers. With centralized key management and a hardened root of trust with a full U.S. supply chain, agencies can ensure their master keys are protected and data remains secure.


The White House issued an Executive Order on improving the Nation's Cybersecurity on May 12, 2021. The Executive Order gives agencies 180 days to "adopt multi-factor authentication and encryption for data at rest and in transit". Thales TCT, a U.S. based provider of government high-assurance data security solutions, offers multi-factor authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Part 1 of this video series based on a recent Thales TCT webinar discusses the U.S. Federal cybersecurity landscape and provides a primer on the EO.


Part 2 of this video series based on a recent Thales TCT webinar discusses section 3.d of the Executive Order which requires the implementation of multi-factor authentication. Multi-factor authentication ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity. Because multi-factor authentication requires multiple means of identification at login, it is widely recognized as the most secure method for authenticating access to data and applications.

Thales TCT offers the broadest range of authentication methods and form factors. Our solutions address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from a central platform delivered in the cloud or on-premises.


A global research report of IT and cybersecurity decision-makers highlights serious concerns about the security of data in motion across networks. 

In today’s environment of exponential growth in the volumes of data in motion over networks, increasingly sophisticated and state sponsored cybercrime combined with the use of outdated legacy approaches to protecting network data, serious cybersecurity issues need to be addressed. 
As data network infrastructure is the on-ramp for all organizations’ connectivity, the threats to intellectual property, government secrets, sovereignty, citizen identities and critical national infrastructure have never been greater.

Download Now

The U.S. Military generates data at unprecedented rates, all the time, and in various locations from core data centers to the cloud to the tactical edge. Data drives everything. The Defense Department needs the flexibility to use its aggregated data for multi-domain operations without compromising security.

Join Brent Hansen and Col. Carl Young for a fireside chat discussing multi-domain data protection. These two data experts will share insightful best practices that will help attendees tackle their data strategy.

Discussion topics include:

  • Identifying risk points throughout the lifecycle of data.
  • Incorporating data security into an existing enterprise architecture.
  • Protecting data in compromised environments.
  • Planning for secure data migrations to the cloud.

This webinar has been approved by CertNexus for 1 CEC for CyberSec First Responder and by CompTIA for 1 CEU for A+, Network+, Security+, Linux+, and Cloud+.

Watch Now

During this webinar, attendees learned how to develop a three-point strategy for protecting sensitive data in their organization. Attendees also learned about:

  • Data security challenges in the age of data proliferation
  • Strategies to discover and classify critical data
  • Data-centric security best practices

Watch Now

Video published by Thales CPandL


Video published by Thales CPL

Video provided by Thales CP&L

Video provided by Thales CP&L

In January, the National Security Agency issued its first Cybersecurity Year in Review, detailing the agency’s progress in preventing and removing threats to U.S. systems and critical infrastructure in 2020.

The emergence of COVID-19 made Intelligence Community efforts to improve cybersecurity a critical element in the nationwide effort to contain the pandemic. The widespread implementation of telework, by both the private sector and all levels of government, expanded the attack surfaces for bad actors.

Operation Warp Speed, the program developing vaccines to protect the U.S. and the world, required protection from malicious interests. Similarly, the 2020 presidential election needed to be secured from foreign interference.

Join us for an in-depth examination of ways to mitigate risk in critical systems and cyber environments in these volatile times.



 Matthew Riddle
 Deputy Chief Information Officer,


 Gary Buchanan
 Chief Information Security Officer,


 Brent Hansen
 Chief Technology Officer,
 Thales Trusted Cyber Technologies


 Michael Kennedy 
 Discussion Moderator, and
 Senior National Intelligence Service Officer (ret.) 

Learning Objectives    

  • Outline the steps to adopting a Zero Trust architecture.
  • Detail the key principles for protecting data from the data center to the cloud.
  • Delineate requirements to manage supply chain risks.
  • Analyze methods for identifying internal and external breaches and containing their spread.

Watch Now

Cloud Service Providers (CSPs) emphasize the shared responsibility model for securing data in the cloud and meeting compliance requirements for information protection. CSPs own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud. Making sure that this data is safe from unauthorized access requires organizations to consider not only the physical and logical security of the CSP but also who is encrypting the data; when and where the data is being encrypted; and who is creating, managing, and accessing the encryption keys.

In this session, attendees learned how to reduce the risks associated with storing sensitive data in the cloud. The speaker will address topics such as:

  • Meeting compliance and regulatory mandates
  • Applying customer-owned encryption and key management
  • Deploying a hybrid cloud for increased security
  • Utilizing multiple cloud providers effectively

Download Now

Ransomware is a vicious type of malware that cybercriminals use to block organizations and individuals from accessing their critical files, databases, or entire computer systems, until the victim pays a ransom. It is a form of cyber extortion.

This white paper helps you understand the anatomy of ransomware attacks and explores the solutions available in the market today to defend against such attacks. It illustrates how security policies in CipherTrust Transparent Encryption from Thales enable you to prevent rogue processes and unauthorized users from encrypting your most sensitive data and thereby protects you from ransomware attacks. CipherTrust Transparent Encryption is part of the CipherTrust Data Security Platform. The CipherTrust Platform unifies data discovery, classification, data protection, and provides unprecedented granular access controls, all with centralized key management. The products and solutions available on the CipherTrust Platform mitigate the business risks associated with data breaches and ransomware attacks.

Download Now

To recap, during this webinar attendees learned how to develop a data classification strategy that enables you to get a clear understanding of what sensitive data you have, where it is located, and its risk exposure. The speakers also discussed topics including:

  • Providing guidance on orchestrating the data discovery and classification planning in your organization
  • Identifying what sensitive data your organization has, where it is, and how it relates to data privacy regulations
  • Understanding and defining data sensitivity levels as part of an impact analysis exercise
  • Providing guidance on the remediation process
  • Identifying the main roles and responsibilities related with this process

Watch Now

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57, Recommendations for Key Management Part 1 (Rev 5) provides guidance for cryptographic key management for U.S. Federal Government agencies. Part 1 of the publication outlines best practices for the management of cryptographic keys and discusses key management issues that must be addressed with using cryptography.

This white paper details how Thales TCT's CipherTrust Platform address NIST SP 800-57 requirements.

Download Now

Files from the web are network assassins. Here are no-excuse defenses.

As of 2018, supply chain attacks have increased 78%. By infiltrating a supply chain network, attackers can spread malware throughout connected networks and devices.

Governments worldwide have been affected by supply chain attacks facilitated through the spread of an evasive and malicious software update file. In a recent attack, bad actors successfully programmed trojanized update files with a dormancy period of up to 2 weeks and temporary file replacement techniques in order to evade detection.

Almost all successful attacks use malware hidden in a file or attachment at some point in their attack strategy. If you wait for detect and response actions, you are probably a statistic. Put technology to work to ensure files are safe to enter. Don't be the weak link in anyone's supply chain or, worse yet, your own weak link.

Join Votiro's Director of Engineering, Richard Hosgood, and Thales Trusted Cyber Technologies' CTO, Brent Hansen, to learn:

  • How file attestation can be used to verify file integrity before downloading files to the network. 
  • How web isolation prevents compromised browsers from downloading malicious code. 
  • How Positive Selection technology proactively removes malicious code—including zero-days—from any files without removing active content or compromising user experience. 

Watch Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.