Skip Navigation

During this webinar, attendees learned how Thales Trusted Cyber Technologies' Luna Credential System introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network. This session discussed how the Luna Credential System can address multi-factor authentication challenges such as:

  • Issuing hardware-based identity credentials to NPEs and software robots
  • User authentication across the mobile workforce and a disparate variety of devices
  • Credential data protection to mitigate the risk of accidental loss or intentional compromise of a physical token
  • Digital signatures issuance for humans and NPEs
  • OMB Memo M-19-17, DoD Instruction 8520.3, and NIST 800-63-2 E Authentication compliance

Watch Now

Federal agencies require a simple way to correlate all security-relevant data so they can manage their security posture. Instead of merely watching events after they occur, agencies should anticipate their occurrence and implement measures to limit vulnerabilities in real time. For that, agencies need an analytics-driven SIEM platform such as Splunk.

However, once data is correlated by SEIM tools, it becomes extremely valuable. By integrating an encryption and key management solution such as CipherTrust Data Security Platform with Splunk, agencies can ensure that their operational intelligence is protected from surreptitious attacks.

Attendees learned how to protect Splunk indexes and provide enhanced visibility on the processes and users who are accessing protected data.

This webinar addressed topics such as:

  • Identifying anomalous process and user access patterns for investigation
  • Enabling data-at-rest encryption and privileged user access controls
  • Centralizing administration of encryption keys and data security policies
  • Collecting security intelligence logs without change to applications, databases or infrastructure

Watch Now

This solution brief provides an overview of Thales TCT's solutions that address foundational pillars of Zero Trust.

Download Now

SIEM solutions can be blind to possible threats to your protected data without the detailed data provided by CipherTrust Transparent Encryption’s Security Intelligence. CipherTrust Security Intelligence logs and reports streamline compliance reporting and speed up threat detection using leading Security Information and
Event Management (SIEM) systems.

Download Now

Identifying complex security and compliance threats that puts your data at risk

With advanced persistent threats (APTs), now common—hackers are actively seeking to steal credit card data, personally identifiable information (PII), critical intellectual property (IP), and other legally protected information to sell to the highest bidder. Some of the most effective tools for fighting these attacks are the security intelligence and threat detection capabilities of Security Information and Event Management (SIEM) solutions. SIEM solutions monitor both real-time events and track long-term data to find anomalous patterns of usage, qualify possible threats to reduce false positives, and alert organizations when risks are detected. The CipherTrust Manager from Thales enhances SIEM solutions by providing an additional data feed on events that are occurring on the internal network and provides rich data points about protected data-at-rest. 

Download Now

The challenge with leveraging log data is it comes in an array of unpredictable formats, and traditional monitoring and analysis tools were not designed for the variety, velocity, volume or variability of this data. This is where a security information and event management (SIEM) vendor like Splunk comes in. Splunk’s industry-leading collect, categorize and correlate event data coming from various devices, systems and applications throughout the enterprise. It is an enterprise ready, fully integrated solution for log management, data collection, storage, and visualization.

In this paper, we will examine how CipherTrust Transparent Encryption from Thales secures the Splunk log repositories and databases. Then, we will show how Live Data Transformation, an extension of CipherTrust Transparent Encryption, can encrypt Splunk buckets seamlessly with zero-downtime. We will close with how the CipherTrust Security Intelligence solution for Splunk extends the reach of security information and event management (SIEM) capabilities to detect and counter attacks on sensitive data.

Download Now

Government agencies’ digital transformation has vastly increased the complexity of security. Technologies such as cloud computing, AI, IoT, analytics, machine learning, and edge computing open up more vulnerabilities and areas for a cyber-attack. Sensitive data is at a greater risk than ever before.

A strong foundation for digital security means you are protected without compromising agility, usability or scalability so that you can meet the high demands of regulations and audit requirements. Ensuring your cryptographic keys and digital identities are always secure and establishing integrity, confidentiality and trust between devices, users and data is critical.

Attendees learned how to implement a strong root of trust to secure most sensitive data. We discussed how hardware security modules (HSMs):

  • Secure critical data and digital identities
  • Support a variety of well-known and emerging cybersecurity use cases
  • Address compliance needs
  • Secure your infrastructure, network, devices, applications and data regardless of where they are located.

Watch Now

High speed networks are the critical foundation that supports many of an agency's most vital communications and operations. However, this foundation is at risk of surveillance and attack by increasingly sophisticated cyber criminals and well-funded nation states. These network connections, if unprotected, are proving to be highly vulnerable, leaving sensitive assets exposed. Threats such as shared infrastructure exposure, man-in-the-middle attacks, and metadata exposure leave agencies susceptible to a range of devastating repercussions.

Due to these risks, the White House Executive Order on Cybersecurity gives agencies until the beginning of November to implement data in transit encryption. So, what is the best way to protect network traffic? Encrypt everywhere—between data centers and headquarters to backup and disaster recovery sites, whether on premises or in the cloud.

In this webinar, attendees learned about the best practices for data in transit encryption. Attendees also learned how to efficiently and effectively protect their network traffic in order to safeguard it from threats.

Watch Now

During this webinar, we discussed what agencies need to do before their networks are compromised. Discussion topics included:

  • Tips for adopting zero trust architecture
  • Key principles for protecting data from the data center to the cloud
  • Supply chain risk management requirements

Watch Now

Cloud Security Alliance's Cloud Controls Matrix states in section EKM-04 that "Keys shall not be stored in the cloud (i.e., at the cloud provider in question), but maintained by the cloud consumer or trusted key management provider. Key management and key usage shall be separated duties." Download this white paper to learn how secure and manage your encryption keys in a multicloud environment.

Download Now

The White House issued an Executive Order on improving the Nation’s Cybersecurity on May 12, 2021. The Executive order gives agencies 180 days to “adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

Download Now

Thales TCT offers authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Download Now

Ransomware attacks targeting enterprises in a variety of sectors have skyrocketed during the first half of 2020. Criminals are taking advantage of our reliance on digital communications and remote working for sinister purposes. As a result, most of the ransomware incidents can be attributed to a limited number of intrusion vectors, with the top three being badly secured remote desktop protocol (RDP) endpoints, email phishing, and the exploitation of zero-day VPN vulnerabilities.

Download Now

The National Cybersecurity Center of Excellence (NCCoE) under the auspices of the National Institute of Standards and Technology (NIST) released guidance on identifying and protecting assets against ransomware. The Cybersecurity Special Publication (SP) 1800-25 lays out the steps to having a comprehensive strategy around protecting assets. It also shows that there is no silver bullet to address the menace of ransomware.

Thales Trusted Cyber Technologies (TCT) data security and access management solutions provide some of the most essential components of the cybersecurity framework proposed by NIST to protect organizations against ransomware. 

Download Now

Part 6 of this video series based on a recent Thales TCT webinar discusses Zero Trust.

Implementing a zero trust approach to data security is one of the best ways for agencies to protect their data. Agencies must act under the assumption that their networks have already been compromised. A good plan starts with taking a data-centric approach to security. This means focusing on what needs to be protected—the files containing sensitive information—and applying the appropriate form of protection no matter where the data happens to reside. To be effective, this must happen automatically; sensitive information should be identified as soon as it enters an organization’s IT ecosystem and should be secured with policy-based protection that lasts throughout the data lifecycle.


Part 5 of this video series based on a recent Thales TCT webinar discusses how to secure cloud deployments.

Government agencies should focus on implementing solutions that can simplify the data security landscape and reduce complexity across multiple clouds and legacy environments, as well as modern, cloud-based digital transformation technologies. Agencies should consider data security solutions that enable protection of data moving between clouds and out of the cloud to on-premises environments and should leverage centralized security solutions that orchestrate data security across multiple cloud platforms.


Protecting network transmitted data against cyber-attacks and data breaches is imperative. High-assurance network encryption features secure, dedicated encryption devices that protect data in transit. In order to be truly high assurance, these devices must use embedded, zero-touch encryption key management; provide end-to-end, authenticated encryption and use standards-based algorithms.

Part 4 of this video series based on a recent Thales TCT webinar discusses data in transit encryption. Thales TCT offers network encryption solutions that provide a single platform to encrypt everywhere— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud. Rigorously tested and certified, our network encryption solutions have been vetted by such organizations as the Defense Information Systems Agency (DoDIN APL) and NATO. Only through Thales TCT’s high-assurance network data encryption can you be assured your data is rendered useless in unauthorized hands and that it will remain secure beyond the data’s useful life.


Part 3 of this video series, based on a recent Thales TCT webinar, discusses Section 3.d of the Executive Order which requires the implementation of encryption for data at rest. Data at rest encryption with privileged user access controls significantly improves security posture and not only protects data at rest, but also encrypted workloads in the cloud. Role-based access policies enable a zero trust architecture by controlling who, what, where, when and how data can be accessed. Granular access controls enable administrative users to perform their duties while restricting access to encrypted data.

Thales TCT offers data at rest encryption solutions that deliver granular encryption and role-based access control for structured and unstructured data residing in file servers, databases, applications, and storage containers. With centralized key management and a hardened root of trust with a full U.S. supply chain, agencies can ensure their master keys are protected and data remains secure.


The White House issued an Executive Order on improving the Nation's Cybersecurity on May 12, 2021. The Executive Order gives agencies 180 days to "adopt multi-factor authentication and encryption for data at rest and in transit". Thales TCT, a U.S. based provider of government high-assurance data security solutions, offers multi-factor authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Part 1 of this video series based on a recent Thales TCT webinar discusses the U.S. Federal cybersecurity landscape and provides a primer on the EO.


Part 2 of this video series based on a recent Thales TCT webinar discusses section 3.d of the Executive Order which requires the implementation of multi-factor authentication. Multi-factor authentication ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity. Because multi-factor authentication requires multiple means of identification at login, it is widely recognized as the most secure method for authenticating access to data and applications.

Thales TCT offers the broadest range of authentication methods and form factors. Our solutions address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from a central platform delivered in the cloud or on-premises.


A global research report of IT and cybersecurity decision-makers highlights serious concerns about the security of data in motion across networks. 

In today’s environment of exponential growth in the volumes of data in motion over networks, increasingly sophisticated and state sponsored cybercrime combined with the use of outdated legacy approaches to protecting network data, serious cybersecurity issues need to be addressed. 
As data network infrastructure is the on-ramp for all organizations’ connectivity, the threats to intellectual property, government secrets, sovereignty, citizen identities and critical national infrastructure have never been greater.

Download Now

The U.S. Military generates data at unprecedented rates, all the time, and in various locations from core data centers to the cloud to the tactical edge. Data drives everything. The Defense Department needs the flexibility to use its aggregated data for multi-domain operations without compromising security.

Join Brent Hansen and Col. Carl Young for a fireside chat discussing multi-domain data protection. These two data experts will share insightful best practices that will help attendees tackle their data strategy.

Discussion topics include:

  • Identifying risk points throughout the lifecycle of data.
  • Incorporating data security into an existing enterprise architecture.
  • Protecting data in compromised environments.
  • Planning for secure data migrations to the cloud.

This webinar has been approved by CertNexus for 1 CEC for CyberSec First Responder and by CompTIA for 1 CEU for A+, Network+, Security+, Linux+, and Cloud+.

Watch Now

During this webinar, attendees learned how to develop a three-point strategy for protecting sensitive data in their organization. Attendees also learned about:

  • Data security challenges in the age of data proliferation
  • Strategies to discover and classify critical data
  • Data-centric security best practices

Watch Now

Video published by Thales CPandL


Video published by Thales CPL

Video provided by Thales CP&L

Video provided by Thales CP&L

In January, the National Security Agency issued its first Cybersecurity Year in Review, detailing the agency’s progress in preventing and removing threats to U.S. systems and critical infrastructure in 2020.

The emergence of COVID-19 made Intelligence Community efforts to improve cybersecurity a critical element in the nationwide effort to contain the pandemic. The widespread implementation of telework, by both the private sector and all levels of government, expanded the attack surfaces for bad actors.

Operation Warp Speed, the program developing vaccines to protect the U.S. and the world, required protection from malicious interests. Similarly, the 2020 presidential election needed to be secured from foreign interference.

Join us for an in-depth examination of ways to mitigate risk in critical systems and cyber environments in these volatile times.



 Matthew Riddle
 Deputy Chief Information Officer,


 Gary Buchanan
 Chief Information Security Officer,


 Brent Hansen
 Chief Technology Officer,
 Thales Trusted Cyber Technologies


 Michael Kennedy 
 Discussion Moderator, and
 Senior National Intelligence Service Officer (ret.) 

Learning Objectives    

  • Outline the steps to adopting a Zero Trust architecture.
  • Detail the key principles for protecting data from the data center to the cloud.
  • Delineate requirements to manage supply chain risks.
  • Analyze methods for identifying internal and external breaches and containing their spread.

Watch Now

Cloud Service Providers (CSPs) emphasize the shared responsibility model for securing data in the cloud and meeting compliance requirements for information protection. CSPs own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud. Making sure that this data is safe from unauthorized access requires organizations to consider not only the physical and logical security of the CSP but also who is encrypting the data; when and where the data is being encrypted; and who is creating, managing, and accessing the encryption keys.

In this session, attendees learned how to reduce the risks associated with storing sensitive data in the cloud. The speaker will address topics such as:

  • Meeting compliance and regulatory mandates
  • Applying customer-owned encryption and key management
  • Deploying a hybrid cloud for increased security
  • Utilizing multiple cloud providers effectively

Download Now

Ransomware is a vicious type of malware that cybercriminals use to block organizations and individuals from accessing their critical files, databases, or entire computer systems, until the victim pays a ransom. It is a form of cyber extortion.

This white paper helps you understand the anatomy of ransomware attacks and explores the solutions available in the market today to defend against such attacks. It illustrates how security policies in CipherTrust Transparent Encryption from Thales enable you to prevent rogue processes and unauthorized users from encrypting your most sensitive data and thereby protects you from ransomware attacks. CipherTrust Transparent Encryption is part of the CipherTrust Data Security Platform. The CipherTrust Platform unifies data discovery, classification, data protection, and provides unprecedented granular access controls, all with centralized key management. The products and solutions available on the CipherTrust Platform mitigate the business risks associated with data breaches and ransomware attacks.

Download Now

To recap, during this webinar attendees learned how to develop a data classification strategy that enables you to get a clear understanding of what sensitive data you have, where it is located, and its risk exposure. The speakers also discussed topics including:

  • Providing guidance on orchestrating the data discovery and classification planning in your organization
  • Identifying what sensitive data your organization has, where it is, and how it relates to data privacy regulations
  • Understanding and defining data sensitivity levels as part of an impact analysis exercise
  • Providing guidance on the remediation process
  • Identifying the main roles and responsibilities related with this process

Watch Now

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57, Recommendations for Key Management Part 1 (Rev 5) provides guidance for cryptographic key management for U.S. Federal Government agencies. Part 1 of the publication outlines best practices for the management of cryptographic keys and discusses key management issues that must be addressed with using cryptography.

This white paper details how Thales TCT's CipherTrust Platform address NIST SP 800-57 requirements.

Download Now

Files from the web are network assassins. Here are no-excuse defenses.

As of 2018, supply chain attacks have increased 78%. By infiltrating a supply chain network, attackers can spread malware throughout connected networks and devices.

Governments worldwide have been affected by supply chain attacks facilitated through the spread of an evasive and malicious software update file. In a recent attack, bad actors successfully programmed trojanized update files with a dormancy period of up to 2 weeks and temporary file replacement techniques in order to evade detection.

Almost all successful attacks use malware hidden in a file or attachment at some point in their attack strategy. If you wait for detect and response actions, you are probably a statistic. Put technology to work to ensure files are safe to enter. Don't be the weak link in anyone's supply chain or, worse yet, your own weak link.

Join Votiro's Director of Engineering, Richard Hosgood, and Thales Trusted Cyber Technologies' CTO, Brent Hansen, to learn:

  • How file attestation can be used to verify file integrity before downloading files to the network. 
  • How web isolation prevents compromised browsers from downloading malicious code. 
  • How Positive Selection technology proactively removes malicious code—including zero-days—from any files without removing active content or compromising user experience. 

Watch Now

What to do before your network is compromised

Breaches are inevitable. The numbers don’t lie – whether internal or external, breaches are inevitable. Supply chain attacks, insider threats, ransomware, malware, phishing, identity/credential theft—attack vectors are targeting agencies from all angles. In today’s environment, the core of any security strategy needs to shift from “breach prevention” to “breach acceptance”. And the best way to prevent your agency from becoming victimized is by adopting a zero trust approach to security while establishing strong supply chain risk management plans. 

Agencies can adopt several best practices today in order to protect their most sensitive data and mitigate the risks associated with future attacks. Download this white paper to learn what to do before your network is compromised.

Download Now

CipherTrust Transparent Encryption enables quick, effective and transparent protection of data at the system level without derailing processes,
user tasks, and administrative workflows. With a single set of data security controls, information stored within physical and virtual systems, big
data environments, containers, and linked cloud storage are protected at the file system or volume level across data centers and cloud
environments. The result is greatly reduced risk, and an enhanced capability to meet compliance and regulatory data security requirements.

Download Now

Product overview with technical features and specifications.

Download Now

Detailed platform overview with technical features and specifications.

Download Now

Teradata databases and big data analytics enable agencies to leverage information to fuel improved decisions, services, and results. However, Teradata-powered environments can bring together a wide range of data repositories—including those that contain sensitive assets. Without proper protections, these sensitive assets can inadvertently be exposed by privileged administrators, or be the target of theft by malicious insiders and external attackers.

Download a replay to learn how to secure your agency's Teradata databases and big data environments. The session will discuss how to:

  • Centrally manage encryption across your Teradata environments—including the Teradata database and Teradata Appliance for Hadoop
  • Enforce granular controls to enable administrators to perform operational tasks, without accessing sensitive data
  • Centrally manage encryption keys and policies
  • Boost security without compromising the value of big data analytics
  • Establish protections against cyberattacks and abuse by privileged users
  • Reduce costs and administrative overhead relative to other data protection solutions for Teradata

Watch Now

Ryuk ransomware presents a serious threat to enterprises and government organizations everywhere. Consequences of a ransomware attack are significant. No enterprise or governmental organization is immune. CISOs and IT administrators can take some key steps to protect important systems and networks, such as putting protocols in place to limit damage, deploying technical solutions— such as Positive Selection technology – to filter email files, email attachments, and other incoming files, and ensuring all data is properly backed up. With Ryuk malware, the absolute best protection is prevention.

Download Now

During this webinar attendees learned how Thales Trusted Cyber Technologies' Luna Credential System introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network.

The session discussed how the Luna Credential System can address multi-factor authentication challenges such as:

  • Issuing hardware-based identity credentials to NPEs and software robots
  • User authentication across the mobile workforce and a disparate variety of devices
  • Credential data protection to mitigate the risk of accidental loss or intentional compromise of a physical token
  • Digital signatures issuance for humans and NPEs
  • OMB Memo M-19-17, DoD Instruction 8520.3, and NIST 800-63-2 E Authentication compliance

Watch Now

Zero Trust is not just another buzzword in a never-ending list of tech trends. The principles of zero trust eliminates the binary trust/don't trust approach applied to users and assets in yesterday's on-premise, perimeter-centric environments.

According to a recent survey, 100% of U.S. Federal Government agencies are storing sensitive data in third-party cloud, mobile, social, big data and IoT platforms, which inherently makes data vulnerable. Traditional perimeter protection does not protect off-premise data, which speaks to the need to take a zero trust approach to data security.

Attend this webinar to learn about the best practices for implementing a zero trust architecture to protect your most sensitive data despite the dissolving perimeter. The webinar will discuss the top 5 things you need to know about zero trust:

1.           The basics. What is zero trust and how does it apply to data security

2.           Setting the stage. How digital transformation can make data vulnerable

3.           Getting to work. Tips for putting zero trust architecture into action

4.           What about the cloud? Implementing zero trust in a multi-cloud environment

5.           Pulling it all together.  How to develop a long term strategy to protect data throughout its lifecycle


  • Nicholas Jovanovic, Senior Vice President of Sales, Thales Trusted Cyber Technologies, Moderator
  • Brent Hansen, Chief Technology Officer, Thales Cyber Technologies
  • Steven Hernandez, Chief Information Security Officer, Department of Education

Download Now

A macro is a mini program that is designed to automate a task within a larger program in order to make the user experience faster and easier. Macros are a legitimate and important component of any productivity software, including common Microsoft Office software for creating documents, spreadsheets, and presentations.  Macros for Microsoft Office are currently written in Visual Basic for Applications (VBA) and work within most Office programs for both Windows and Macintosh, including Word, Excel, Outlook, PowerPoint, Project, Access, Publisher, and Visio. Unfortunately, these efficiency-drivers are easily compromised by hackers. Cybercriminals have figured out that by hiding their malicious code inside Office macros, they  have a good chance of tricking a victim into triggering.

Download Now

Many organizations believe that utilizing antivirus (AV), next-gen antivirus (NGAV), and sandbox security technologies is the best practice for file security.  

While these technologies are certainly important for threat  prevention, each has its own vulnera-bilities that can be exploited by malicious hackers seeking a way to disrupt business activity and make quick money.  

This eBook explores these security techniques, identifies the gaps in each, and explains how a particular technology – Positive Selection technology – can fill those gaps and ensure your files are safe.

Download Now

Many common cybersecurity technologies are powerless in an environment where undisclosed and zero-day attacks abound. With cybercriminals becoming more sophisticated than ever and investing enormous effort in preparing successful targeted attacks through email, a revolutionary approach to cyber protection is required.

Positive Selection technology provides the ultimate solution for stopping undisclosed and zero-day email-based threats by singling out only the safe elements of each file, ensuring every file that enters your organization is 100% safe.

Download Now

Organizational espionage is real and set to intensify, contributing to a shift to the more efficient encryption of sensitive traffic at Layer 2. Compared to IPSec (Layer 3), Layer 2 secure encryption can boost network performance by up to 50%. This paper outlines the shift, and looks at the drivers and benefits of Layer 2 encryption.

Download Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.