Skip Navigation

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57, Recommendations for Key Management Part 1 (Rev 5) provides guidance for cryptographic key management for U.S. Federal Government agencies. Part 1 of the publication outlines best practices for the management of cryptographic keys and discusses key management issues that must be addressed with using cryptography.

This white paper details how Thales TCT's CipherTrust Platform address NIST SP 800-57 requirements.

Download Now

Files from the web are network assassins. Here are no-excuse defenses.

As of 2018, supply chain attacks have increased 78%. By infiltrating a supply chain network, attackers can spread malware throughout connected networks and devices.

Governments worldwide have been affected by supply chain attacks facilitated through the spread of an evasive and malicious software update file. In a recent attack, bad actors successfully programmed trojanized update files with a dormancy period of up to 2 weeks and temporary file replacement techniques in order to evade detection.

Almost all successful attacks use malware hidden in a file or attachment at some point in their attack strategy. If you wait for detect and response actions, you are probably a statistic. Put technology to work to ensure files are safe to enter. Don't be the weak link in anyone's supply chain or, worse yet, your own weak link.

Join Votiro's Director of Engineering, Richard Hosgood, and Thales Trusted Cyber Technologies' CTO, Brent Hansen, to learn:

  • How file attestation can be used to verify file integrity before downloading files to the network. 
  • How web isolation prevents compromised browsers from downloading malicious code. 
  • How Positive Selection technology proactively removes malicious code—including zero-days—from any files without removing active content or compromising user experience. 

Watch Now

What to do before your network is compromised

Breaches are inevitable. The numbers don’t lie – whether internal or external, breaches are inevitable. Supply chain attacks, insider threats, ransomware, malware, phishing, identity/credential theft—attack vectors are targeting agencies from all angles. In today’s environment, the core of any security strategy needs to shift from “breach prevention” to “breach acceptance”. And the best way to prevent your agency from becoming victimized is by adopting a zero trust approach to security while establishing strong supply chain risk management plans. 

Agencies can adopt several best practices today in order to protect their most sensitive data and mitigate the risks associated with future attacks. Download this white paper to learn what to do before your network is compromised.

Download Now

CipherTrust Transparent Encryption enables quick, effective and transparent protection of data at the system level without derailing processes,
user tasks, and administrative workflows. With a single set of data security controls, information stored within physical and virtual systems, big
data environments, containers, and linked cloud storage are protected at the file system or volume level across data centers and cloud
environments. The result is greatly reduced risk, and an enhanced capability to meet compliance and regulatory data security requirements.

Download Now

Product overview with technical features and specifications.

Download Now

Detailed platform overview with technical features and specifications.

Download Now

Teradata databases and big data analytics enable agencies to leverage information to fuel improved decisions, services, and results. However, Teradata-powered environments can bring together a wide range of data repositories—including those that contain sensitive assets. Without proper protections, these sensitive assets can inadvertently be exposed by privileged administrators, or be the target of theft by malicious insiders and external attackers.

Download a replay to learn how to secure your agency's Teradata databases and big data environments. The session will discuss how to:

  • Centrally manage encryption across your Teradata environments—including the Teradata database and Teradata Appliance for Hadoop
  • Enforce granular controls to enable administrators to perform operational tasks, without accessing sensitive data
  • Centrally manage encryption keys and policies
  • Boost security without compromising the value of big data analytics
  • Establish protections against cyberattacks and abuse by privileged users
  • Reduce costs and administrative overhead relative to other data protection solutions for Teradata

Watch Now

Ryuk ransomware presents a serious threat to enterprises and government organizations everywhere. Consequences of a ransomware attack are significant. No enterprise or governmental organization is immune. CISOs and IT administrators can take some key steps to protect important systems and networks, such as putting protocols in place to limit damage, deploying technical solutions— such as Positive Selection technology – to filter email files, email attachments, and other incoming files, and ensuring all data is properly backed up. With Ryuk malware, the absolute best protection is prevention.

Download Now

During this webinar attendees learned how Thales Trusted Cyber Technologies' Luna Credential System introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network.

The session discussed how the Luna Credential System can address multi-factor authentication challenges such as:

  • Issuing hardware-based identity credentials to NPEs and software robots
  • User authentication across the mobile workforce and a disparate variety of devices
  • Credential data protection to mitigate the risk of accidental loss or intentional compromise of a physical token
  • Digital signatures issuance for humans and NPEs
  • OMB Memo M-19-17, DoD Instruction 8520.3, and NIST 800-63-2 E Authentication compliance

Watch Now

Zero Trust is not just another buzzword in a never-ending list of tech trends. The principles of zero trust eliminates the binary trust/don't trust approach applied to users and assets in yesterday's on-premise, perimeter-centric environments.

According to a recent survey, 100% of U.S. Federal Government agencies are storing sensitive data in third-party cloud, mobile, social, big data and IoT platforms, which inherently makes data vulnerable. Traditional perimeter protection does not protect off-premise data, which speaks to the need to take a zero trust approach to data security.

Attend this webinar to learn about the best practices for implementing a zero trust architecture to protect your most sensitive data despite the dissolving perimeter. The webinar will discuss the top 5 things you need to know about zero trust:

1.           The basics. What is zero trust and how does it apply to data security

2.           Setting the stage. How digital transformation can make data vulnerable

3.           Getting to work. Tips for putting zero trust architecture into action

4.           What about the cloud? Implementing zero trust in a multi-cloud environment

5.           Pulling it all together.  How to develop a long term strategy to protect data throughout its lifecycle

Speakers:

  • Nicholas Jovanovic, Senior Vice President of Sales, Thales Trusted Cyber Technologies, Moderator
  • Brent Hansen, Chief Technology Officer, Thales Cyber Technologies
  • Steven Hernandez, Chief Information Security Officer, Department of Education

Download Now

A macro is a mini program that is designed to automate a task within a larger program in order to make the user experience faster and easier. Macros are a legitimate and important component of any productivity software, including common Microsoft Office software for creating documents, spreadsheets, and presentations.  Macros for Microsoft Office are currently written in Visual Basic for Applications (VBA) and work within most Office programs for both Windows and Macintosh, including Word, Excel, Outlook, PowerPoint, Project, Access, Publisher, and Visio. Unfortunately, these efficiency-drivers are easily compromised by hackers. Cybercriminals have figured out that by hiding their malicious code inside Office macros, they  have a good chance of tricking a victim into triggering.

Download Now

Many organizations believe that utilizing antivirus (AV), next-gen antivirus (NGAV), and sandbox security technologies is the best practice for file security.  


While these technologies are certainly important for threat  prevention, each has its own vulnera-bilities that can be exploited by malicious hackers seeking a way to disrupt business activity and make quick money.  


This eBook explores these security techniques, identifies the gaps in each, and explains how a particular technology – Positive Selection technology – can fill those gaps and ensure your files are safe.

Download Now

Many common cybersecurity technologies are powerless in an environment where undisclosed and zero-day attacks abound. With cybercriminals becoming more sophisticated than ever and investing enormous effort in preparing successful targeted attacks through email, a revolutionary approach to cyber protection is required.

Positive Selection technology provides the ultimate solution for stopping undisclosed and zero-day email-based threats by singling out only the safe elements of each file, ensuring every file that enters your organization is 100% safe.

Download Now

Organizational espionage is real and set to intensify, contributing to a shift to the more efficient encryption of sensitive traffic at Layer 2. Compared to IPSec (Layer 3), Layer 2 secure encryption can boost network performance by up to 50%. This paper outlines the shift, and looks at the drivers and benefits of Layer 2 encryption.

Download Now

First introduced to the CV Series virtualized encryption range in 2018, Thales Network Independent Encryption is now available for the CN Series of hardware encryption devices. It enables concurrent, policy-based multi-layer encryption for modern Ethernet and Internet protocol architecture.


Developed specifically for today’s multi-layer networks, Network Independent Encryption provides end-to-end encryption security without the typical performance and bandwidth costs associated with IPSec encryption solutions. Historically, different network types have required different encryption solutions. As network architecture has evolved to comprise multiple transport layers, this has implications for network security, performance and cost.


In the case of Internet protocols, the most common encryption solution, IPSec, is over 20 years old. IPSec was not developed with wide area networking and cloud applications in mind; it incurs additional bandwidth costs and can impact significantly on network performance. Download this paper to learn more.

Download Now

This White Paper analyses the threats that organizations deploying SD-WAN face, explains why data in motion should be encrypted and offers guidance on choosing the right encryption solution.

Download Now

High Speed Encryptors provide the optimal, most efficient means of encrypting data across modern metro or wide area Ethernet networks. By encrypting the payload of Ethernet traffic, sensitive data (including all IP addresses) is kept completely private whilst the frame headers are left unencrypted so that traffic can still be switched across the network. Although HSEs are designed for use across layer 2 networks such as metro or carrier Ethernet services, they can also be effectively deployed across layer 3 MPLS or IP/VPN environments. Download this white paper to learn more.

Download Now

This paper seeks to highlight the differences between purpose-built high-assurance encryptors and MACsec for WAN solutions; helping customers make informed decisions about what solution type best meets their specific security, performance and operational requirements. The section overleaf provides a security feature comparative table.

Download Now

This eBook discussed how Thales enables you to implement a totally secure, full performance, high speed Ethernet WAN, ensuring your data is secure. 

Download Now

Scalable Ethernet encryptor with variable license speeds up to 1 Gbps.

Download Now

Multi-port (1 or 10 Gbps), high-assurance encryptor designed to provide up to 40 Gbps (4x10), full line rate transparent encryption.

Download Now

Government agencies' digital transformation has vastly increased the complexity of security. Technologies such as cloud computing, AI, IoT, analytics, machine learning, and edge computing open up more vulnerabilities and areas for cyber-attack. Sensitive data is at a greater risk than ever before.

The importance of integrity, confidentiality, and trust 

A strong foundation for digital security means you are protected without compromising agility, usability, or scalability so that you can meet the high demands of regulations and audit requirements. Ensuring you cryptographic keys and digital identities are always secure and establishing integrity, confidentiality, and trust between devices, users, and data are critical.

Attend this webinar to learn to implement a strong root of trust to secure the most sensitive data. We will discuss how hardware security modules (HSMs): 

  • Secure critical data and digital identities 
  • Support a variety of well-known and emerging cybersecurity use cases 
  • Address compliance needs 
  • Secure your infrastructure, network, devices, applications, and data regardless of where they are located

Download Now

Product overview with technical features and specifications.

Download Now

Product overview with technical features and specifications.

Download Now

This white paper looks back at the evolution of encryption and key management systems, and examines the key challenges faced by IT teams around encryption systems, including regulation and compliance, complexity, lack of proper management tools. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management.

Download Now

The CipherTrust Data Security Platform from Thales integrates data discovery, classification, and industry-leading data protection solutions across diverse IT environments to provide adaptive data-centric security. The platform provides powerful tools to combat external threats, guard against insider abuse, and establish persistent controls, even when data is stored in the cloud or any external provider’s infrastructure and supports an evolving regulatory landscape. CipherTrust Data Security Platform is available for sale to the U.S. Federal Government exclusively through Thales Trusted Cyber Technologies.

This white paper provides an overview of the deployment architecture of the CipherTrust Platform products and the compelling use-cases that they enable for customers along their data protection journey.

Download Now

This white paper offers a look at the KMIP standard, and it shows how Thales solutions help you maximize the advantages of this standard.

Download Now

This brief captures the major reasons for adopting the new CipherTrust Data Security Platform now.

Download Now

Traditionally organizations have focused IT security primarily on perimeter defense, building walls to block external threats from entering the network. While this is still important, it is not enough. Cybercriminals regularly breach perimeter defenses and data frequently lives outside those defenses in the cloud elsewhere, so organizations need to apply a data-centric security strategy that protects data wherever it is. With today’s proliferation of data, evolving global and regional privacy regulations, growth of cloud adoption, and advanced persistent threats, data-centric security enables organizations to be in control of their data regardless of location while rendering it unreadable to data thieves. But, to be effective, this protection must happen automatically without relying on user intervention. This white paper outlines the challenges of data security in this age of data proliferation. It also provides strategies to discover and classify your critical data and apply data-centric security to it.

This white paper outlines the challenges of data security in this age of data proliferation. It also provides strategies to discover and classify your critical data and apply data-centric security to it.

Download Now

This infographic concentrates on data security complexity caused by multi-cloud adoption, evolving privacy regulations, as well as the risk of data breaches from external and internal threats.

Download Now

Product overview with technical features and specifications.

Download Now

No matter where or how the people in your organization work, there is always the need to share and sync files - both internally and externally. While you want to enable collaboration, data security should always be the first priority. If it’s not, the risk of non-compliance and data breaches become a serious problem.

Attend Thales TCT’s upcoming webinar to learn about Thales SureDrop, the most secure file sharing tool with 100% control over data sovereignty. We will discuss how SureDrop allows people to store, share and sync all their files in the Cloud or on premises with an enterprise-class solution and defense-grade security.

Watch Now

In this video, Jermaine from Thales TCT demonstrates protecting AWS S3 buckets with AWS KMS vs Transparent Encryption Cloud Object Storage S3 from Thales.

 

File-borne attacks are on the rise, and 80% of successful breaches are new, unknown, or zero-day attacks that are not recognized by traditional signature-based detection solutions, such as antivirus. An example of this is an April 2020 attack that delivered Dridex ransomware to FedEx, UPS, and DHL customers. Sophisticated phishing emails—cleverly disguised to appear to be from company email accounts were sent with legitimate-looking attachments that delivered the payload. This threat's signature was not recognized in antivirus databases for 2 entire days, leaving the business' vulnerable.

In the past, detection and alert-based security tools were best-in-class. But in a world of zero-days and an overwhelming amount of attacks, these solutions miss massive quantities of threats—as much as 40%—leaving security teams fighting both alert fatigue and new threats from all fronts.

In this talk, Brent Hansen, Thales TCT's CTO, and Richard Hosgood, white hat hacker and North American Director of Engineering at file security company, Votiro, dissects the April 2020 phishing attack, the gaps that antivirus and next-generation antivirus leave for unknown and zero-day threats, and how an emerging technology called Positive Selection technology can prevent these types of attacks.

Download Now

Thales TCT assists Department of Defense (DoD) customers in compliance with Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) in order to maintain Authority to Operate (ATO) on the DoDIN. Recent updates to the Windows Server 2019 Security Technical Implementation Guide will require customers in a VMware environment to implement an External Key Manager. To learn more, download our solution brief.

Download Now

In this video, D'Nan from Thales TCT demonstrates how to integrate MarkLogic with KeySecure for Government for data-at-rest encryption.

 

Secure all file uploads and receive documents completely risk-free.

Download Now

Completely secure every email that enters your organization.

Download Now

Certificate-based, multi-factor authentication is a mainstay security technique used by the U.S. Federal Government to secure access to agency networks, protect the identities of users, and ensure that a user is who they claim to be.

Evolving needs around cloud applications and mobile devices, combined with rising threats, and the need to reduce costs, require entirely new considerations for access control.

View this on-demand recording to hear from Thales TCT, and their partner Intercede, where you will have the opportunity to learn how to strengthen your authentication and address topics such as:

  • Gaining better self-control of data
  • Improving management and visibility
  • Addressing access security methods of any user and any risk level
  • Deploying future-ready solutions to address evolving business needs

Download Now

We are at digital war and data is the target. No organization is immune from data security threats and the US Federal government is no exception. More than half of federal data is now stored in the cloud, and a significant portion is sensitive. Yet, despite this exposure, in the 2020 Thales Data Threat Report 99% of federal government respondents say at least some of their sensitive data in the cloud is not encrypted. IT security departments must now, more than ever, embrace and own their portion of the cloud shared responsibility model and implement data security best practices, as the cloud provider does not guarantee security at the data level. This digital event highlighted results from the 2020 Thales Data Threat Report and explored best practices for securing data in cloud and multi-cloud environments.

Download Now

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 provides guidance for the selection of security and privacy controls for federal information systems and organizations. Published by the National Institute of Standard and Technology, the publication details items from the Risk Management Framework that address security controls required to meet requirements in the Federal Information Processing Standard (FIPS) 200. Revision 4 is the most comprehensive update since the initial publication. Revision 4 was motivated principally by the expanding threat space and increasing sophistication of cyber-attacks. Major changes include new security controls and control enhancements to address advanced persistent threats (APTs), insider threats, and system assurance; as well as additions to address technology trends such as mobile and cloud computing. Critical to certification for meeting FIPS, is the implementation of security controls from NIST 800-53, Appendix F. Focusing on the capabilities needed to meet these requirements, this paper provides background about Thales Trusted Cyber Technologies’s (TCT) Data Security Platform and the Transparent Encryption product that is delivered through that platform. It further details a mapping of the Thales TCT product line’s capabilities against these NIST security controls, first with an initial summary for each Family Area (in the form of a table), and then with expanded details of how these controls are delivered.

Download Now

D'Nan from Thales TCT demonstrates how to integrate Thales TCT's Luna Credential System with UiPath to provide hardware-protected PKI credentials for the software robots in UiPath's enterprise RPA solution.

 

U.S. Federal agencies often require PKI certificate-based authentication to perform Windows Logon and to access public key enabled systems. This requires use of a multi-factor authentication token that performs a cryptographic operation using the certificate and keys residing within the token.

Traditional multi-factor authentication introduces roadblocks to technologies like Robotic Process Automation (RPA). The OMB Memo M-19-17 outlines a policy that requires management of digital identities of non-person entities such as software robots. This means that all software robots are required to have individual digital identities and credentials that are managed in the same fashion as traditional user identities. Although software robots cannot be issued a physical token, they can utilize multi-factor login capabilities through the use of a centralized, hardware security module-based authentication system.

View this webinar to learn how Thales TCT’s Luna Credential System integrates with UiPath’s RPA platform to provide hardware-protected PKI credentials for software robots. The session will discuss topics including:

  • An introduction to RPA
  • RPA cryptographic authentication best practices
  • OMB Memo M-19-17 compliance RPA
  • RPA Defense Department Implementation Overview

Watch Now

Historically, organizations have taken a perimeter based approach to cyber security, with the belief that a strong perimeter protected the IT infrastructure behind it. But, as agencies modernize legacy systems and move apps, systems and workloads to the cloud – and more employees, contractors and citizens connect remotely and from multiple devices – something is happening across federal networks; the perimeter is dissolving. Data is the new perimeter. Therefore, identifying and protecting data wherever it is created, shared, or stored, through its entire lifecycle becomes the priority. This digital briefing unveiled the survey results in the 2020 Thales Data Threat Report – Federal and shared best practices in creating a cohesive data security strategy in a perimeterless world. 

Watch Now

Traditional multi-factor authentication introduces roadblocks to technologies like Robotic Process Automation (RPA). The OMB Memo M-19-17 outlines a policy that requires management of digital identities of non-person entities such as software robots. This means that all software robots are required to have individual digital identities and credentials that are managed in the same fashion as traditional user identities. Although software robots cannot be issued a physical token, they can utilize multi-factor login capabilities through the use of a centralized, hardware security module-based authentication system. This video demonstrates how Thales TCT’s Luna Credential System integrates with UiPath’s RPA platform to provide hardware-protected PKI credentials for software robots.

 

CDM overview mapping Thales TCT solutions to specific CDM requirements.

Download Now

The Luna Credential System (LCS) introduces a new, patent pending,  approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. Download our video to learn more about LCS.

 

The Luna Credential System (LCS) introduces a new, patent pending,  approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. Download our infographic to learn more about LCS and how the solution solves identity management challenges.

Download Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.

Accept