Skip Navigation

The White House issued an Executive Order on improving the Nation’s Cybersecurity on May 12, 2021. The Executive order gives agencies 180 days to “adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

Download Now

Thales TCT offers authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Download Now

Ransomware attacks targeting enterprises in a variety of sectors have skyrocketed during the first half of 2020. Criminals are taking advantage of our reliance on digital communications and remote working for sinister purposes. As a result, most of the ransomware incidents can be attributed to a limited number of intrusion vectors, with the top three being badly secured remote desktop protocol (RDP) endpoints, email phishing, and the exploitation of zero-day VPN vulnerabilities.

Download Now

The National Cybersecurity Center of Excellence (NCCoE) under the auspices of the National Institute of Standards and Technology (NIST) released guidance on identifying and protecting assets against ransomware. The Cybersecurity Special Publication (SP) 1800-25 lays out the steps to having a comprehensive strategy around protecting assets. It also shows that there is no silver bullet to address the menace of ransomware.

Thales Trusted Cyber Technologies (TCT) data security and access management solutions provide some of the most essential components of the cybersecurity framework proposed by NIST to protect organizations against ransomware. 

Download Now

Part 6 of this video series based on a recent Thales TCT webinar discusses Zero Trust.

Implementing a zero trust approach to data security is one of the best ways for agencies to protect their data. Agencies must act under the assumption that their networks have already been compromised. A good plan starts with taking a data-centric approach to security. This means focusing on what needs to be protected—the files containing sensitive information—and applying the appropriate form of protection no matter where the data happens to reside. To be effective, this must happen automatically; sensitive information should be identified as soon as it enters an organization’s IT ecosystem and should be secured with policy-based protection that lasts throughout the data lifecycle.


Part 5 of this video series based on a recent Thales TCT webinar discusses how to secure cloud deployments.

Government agencies should focus on implementing solutions that can simplify the data security landscape and reduce complexity across multiple clouds and legacy environments, as well as modern, cloud-based digital transformation technologies. Agencies should consider data security solutions that enable protection of data moving between clouds and out of the cloud to on-premises environments and should leverage centralized security solutions that orchestrate data security across multiple cloud platforms.


Protecting network transmitted data against cyber-attacks and data breaches is imperative. High-assurance network encryption features secure, dedicated encryption devices that protect data in transit. In order to be truly high assurance, these devices must use embedded, zero-touch encryption key management; provide end-to-end, authenticated encryption and use standards-based algorithms.

Part 4 of this video series based on a recent Thales TCT webinar discusses data in transit encryption. Thales TCT offers network encryption solutions that provide a single platform to encrypt everywhere— from network traffic between data centers and the headquarters to backup and disaster recovery sites, whether on premises or in the cloud. Rigorously tested and certified, our network encryption solutions have been vetted by such organizations as the Defense Information Systems Agency (DoDIN APL) and NATO. Only through Thales TCT’s high-assurance network data encryption can you be assured your data is rendered useless in unauthorized hands and that it will remain secure beyond the data’s useful life.


Part 3 of this video series, based on a recent Thales TCT webinar, discusses Section 3.d of the Executive Order which requires the implementation of encryption for data at rest. Data at rest encryption with privileged user access controls significantly improves security posture and not only protects data at rest, but also encrypted workloads in the cloud. Role-based access policies enable a zero trust architecture by controlling who, what, where, when and how data can be accessed. Granular access controls enable administrative users to perform their duties while restricting access to encrypted data.

Thales TCT offers data at rest encryption solutions that deliver granular encryption and role-based access control for structured and unstructured data residing in file servers, databases, applications, and storage containers. With centralized key management and a hardened root of trust with a full U.S. supply chain, agencies can ensure their master keys are protected and data remains secure.


The White House issued an Executive Order on improving the Nation's Cybersecurity on May 12, 2021. The Executive Order gives agencies 180 days to "adopt multi-factor authentication and encryption for data at rest and in transit". Thales TCT, a U.S. based provider of government high-assurance data security solutions, offers multi-factor authentication, data at rest encryption, and data in transit encryption solutions that address the requirements outlined in the Executive Order.

Part 1 of this video series based on a recent Thales TCT webinar discusses the U.S. Federal cybersecurity landscape and provides a primer on the EO.


Part 2 of this video series based on a recent Thales TCT webinar discusses section 3.d of the Executive Order which requires the implementation of multi-factor authentication. Multi-factor authentication ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity. Because multi-factor authentication requires multiple means of identification at login, it is widely recognized as the most secure method for authenticating access to data and applications.

Thales TCT offers the broadest range of authentication methods and form factors. Our solutions address numerous use cases, assurance levels, and threat vectors with unified, centrally managed policies—managed from a central platform delivered in the cloud or on-premises.


A global research report of IT and cybersecurity decision-makers highlights serious concerns about the security of data in motion across networks. 

In today’s environment of exponential growth in the volumes of data in motion over networks, increasingly sophisticated and state sponsored cybercrime combined with the use of outdated legacy approaches to protecting network data, serious cybersecurity issues need to be addressed. 
As data network infrastructure is the on-ramp for all organizations’ connectivity, the threats to intellectual property, government secrets, sovereignty, citizen identities and critical national infrastructure have never been greater.

Download Now

The U.S. Military generates data at unprecedented rates, all the time, and in various locations from core data centers to the cloud to the tactical edge. Data drives everything. The Defense Department needs the flexibility to use its aggregated data for multi-domain operations without compromising security.

Join Brent Hansen and Col. Carl Young for a fireside chat discussing multi-domain data protection. These two data experts will share insightful best practices that will help attendees tackle their data strategy.

Discussion topics include:

  • Identifying risk points throughout the lifecycle of data.
  • Incorporating data security into an existing enterprise architecture.
  • Protecting data in compromised environments.
  • Planning for secure data migrations to the cloud.

This webinar has been approved by CertNexus for 1 CEC for CyberSec First Responder and by CompTIA for 1 CEU for A+, Network+, Security+, Linux+, and Cloud+.

Watch Now

During this webinar, attendees learned how to develop a three-point strategy for protecting sensitive data in their organization. Attendees also learned about:

  • Data security challenges in the age of data proliferation
  • Strategies to discover and classify critical data
  • Data-centric security best practices

Watch Now

Video published by Thales CPandL


Video published by Thales CPL

Video provided by Thales CP&L

Video provided by Thales CP&L

In January, the National Security Agency issued its first Cybersecurity Year in Review, detailing the agency’s progress in preventing and removing threats to U.S. systems and critical infrastructure in 2020.

The emergence of COVID-19 made Intelligence Community efforts to improve cybersecurity a critical element in the nationwide effort to contain the pandemic. The widespread implementation of telework, by both the private sector and all levels of government, expanded the attack surfaces for bad actors.

Operation Warp Speed, the program developing vaccines to protect the U.S. and the world, required protection from malicious interests. Similarly, the 2020 presidential election needed to be secured from foreign interference.

Join us for an in-depth examination of ways to mitigate risk in critical systems and cyber environments in these volatile times.



 Matthew Riddle
 Deputy Chief Information Officer,


 Gary Buchanan
 Chief Information Security Officer,


 Brent Hansen
 Chief Technology Officer,
 Thales Trusted Cyber Technologies


 Michael Kennedy 
 Discussion Moderator, and
 Senior National Intelligence Service Officer (ret.) 

Learning Objectives    

  • Outline the steps to adopting a Zero Trust architecture.
  • Detail the key principles for protecting data from the data center to the cloud.
  • Delineate requirements to manage supply chain risks.
  • Analyze methods for identifying internal and external breaches and containing their spread.

Watch Now

Cloud Service Providers (CSPs) emphasize the shared responsibility model for securing data in the cloud and meeting compliance requirements for information protection. CSPs own the responsibility to secure the infrastructure that runs their cloud services. Data owners are responsible for protecting the confidentiality, integrity, and availability of their data in the cloud. Making sure that this data is safe from unauthorized access requires organizations to consider not only the physical and logical security of the CSP but also who is encrypting the data; when and where the data is being encrypted; and who is creating, managing, and accessing the encryption keys.

In this session, attendees learned how to reduce the risks associated with storing sensitive data in the cloud. The speaker will address topics such as:

  • Meeting compliance and regulatory mandates
  • Applying customer-owned encryption and key management
  • Deploying a hybrid cloud for increased security
  • Utilizing multiple cloud providers effectively

Download Now

Ransomware is a vicious type of malware that cybercriminals use to block organizations and individuals from accessing their critical files, databases, or entire computer systems, until the victim pays a ransom. It is a form of cyber extortion.

This white paper helps you understand the anatomy of ransomware attacks and explores the solutions available in the market today to defend against such attacks. It illustrates how security policies in CipherTrust Transparent Encryption from Thales enable you to prevent rogue processes and unauthorized users from encrypting your most sensitive data and thereby protects you from ransomware attacks. CipherTrust Transparent Encryption is part of the CipherTrust Data Security Platform. The CipherTrust Platform unifies data discovery, classification, data protection, and provides unprecedented granular access controls, all with centralized key management. The products and solutions available on the CipherTrust Platform mitigate the business risks associated with data breaches and ransomware attacks.

Download Now

To recap, during this webinar attendees learned how to develop a data classification strategy that enables you to get a clear understanding of what sensitive data you have, where it is located, and its risk exposure. The speakers also discussed topics including:

  • Providing guidance on orchestrating the data discovery and classification planning in your organization
  • Identifying what sensitive data your organization has, where it is, and how it relates to data privacy regulations
  • Understanding and defining data sensitivity levels as part of an impact analysis exercise
  • Providing guidance on the remediation process
  • Identifying the main roles and responsibilities related with this process

Watch Now

The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57, Recommendations for Key Management Part 1 (Rev 5) provides guidance for cryptographic key management for U.S. Federal Government agencies. Part 1 of the publication outlines best practices for the management of cryptographic keys and discusses key management issues that must be addressed with using cryptography.

This white paper details how Thales TCT's CipherTrust Platform address NIST SP 800-57 requirements.

Download Now

Files from the web are network assassins. Here are no-excuse defenses.

As of 2018, supply chain attacks have increased 78%. By infiltrating a supply chain network, attackers can spread malware throughout connected networks and devices.

Governments worldwide have been affected by supply chain attacks facilitated through the spread of an evasive and malicious software update file. In a recent attack, bad actors successfully programmed trojanized update files with a dormancy period of up to 2 weeks and temporary file replacement techniques in order to evade detection.

Almost all successful attacks use malware hidden in a file or attachment at some point in their attack strategy. If you wait for detect and response actions, you are probably a statistic. Put technology to work to ensure files are safe to enter. Don't be the weak link in anyone's supply chain or, worse yet, your own weak link.

Join Votiro's Director of Engineering, Richard Hosgood, and Thales Trusted Cyber Technologies' CTO, Brent Hansen, to learn:

  • How file attestation can be used to verify file integrity before downloading files to the network. 
  • How web isolation prevents compromised browsers from downloading malicious code. 
  • How Positive Selection technology proactively removes malicious code—including zero-days—from any files without removing active content or compromising user experience. 

Watch Now

What to do before your network is compromised

Breaches are inevitable. The numbers don’t lie – whether internal or external, breaches are inevitable. Supply chain attacks, insider threats, ransomware, malware, phishing, identity/credential theft—attack vectors are targeting agencies from all angles. In today’s environment, the core of any security strategy needs to shift from “breach prevention” to “breach acceptance”. And the best way to prevent your agency from becoming victimized is by adopting a zero trust approach to security while establishing strong supply chain risk management plans. 

Agencies can adopt several best practices today in order to protect their most sensitive data and mitigate the risks associated with future attacks. Download this white paper to learn what to do before your network is compromised.

Download Now

CipherTrust Transparent Encryption enables quick, effective and transparent protection of data at the system level without derailing processes,
user tasks, and administrative workflows. With a single set of data security controls, information stored within physical and virtual systems, big
data environments, containers, and linked cloud storage are protected at the file system or volume level across data centers and cloud
environments. The result is greatly reduced risk, and an enhanced capability to meet compliance and regulatory data security requirements.

Download Now

Product overview with technical features and specifications.

Download Now

Detailed platform overview with technical features and specifications.

Download Now

Teradata databases and big data analytics enable agencies to leverage information to fuel improved decisions, services, and results. However, Teradata-powered environments can bring together a wide range of data repositories—including those that contain sensitive assets. Without proper protections, these sensitive assets can inadvertently be exposed by privileged administrators, or be the target of theft by malicious insiders and external attackers.

Download a replay to learn how to secure your agency's Teradata databases and big data environments. The session will discuss how to:

  • Centrally manage encryption across your Teradata environments—including the Teradata database and Teradata Appliance for Hadoop
  • Enforce granular controls to enable administrators to perform operational tasks, without accessing sensitive data
  • Centrally manage encryption keys and policies
  • Boost security without compromising the value of big data analytics
  • Establish protections against cyberattacks and abuse by privileged users
  • Reduce costs and administrative overhead relative to other data protection solutions for Teradata

Watch Now

Ryuk ransomware presents a serious threat to enterprises and government organizations everywhere. Consequences of a ransomware attack are significant. No enterprise or governmental organization is immune. CISOs and IT administrators can take some key steps to protect important systems and networks, such as putting protocols in place to limit damage, deploying technical solutions— such as Positive Selection technology – to filter email files, email attachments, and other incoming files, and ensuring all data is properly backed up. With Ryuk malware, the absolute best protection is prevention.

Download Now

During this webinar attendees learned how Thales Trusted Cyber Technologies' Luna Credential System introduces a new approach to multi-factor authentication by maintaining user credentials in a centralized hardware device that is securely accessible by endpoints in a distributed network.

The session discussed how the Luna Credential System can address multi-factor authentication challenges such as:

  • Issuing hardware-based identity credentials to NPEs and software robots
  • User authentication across the mobile workforce and a disparate variety of devices
  • Credential data protection to mitigate the risk of accidental loss or intentional compromise of a physical token
  • Digital signatures issuance for humans and NPEs
  • OMB Memo M-19-17, DoD Instruction 8520.3, and NIST 800-63-2 E Authentication compliance

Watch Now

Zero Trust is not just another buzzword in a never-ending list of tech trends. The principles of zero trust eliminates the binary trust/don't trust approach applied to users and assets in yesterday's on-premise, perimeter-centric environments.

According to a recent survey, 100% of U.S. Federal Government agencies are storing sensitive data in third-party cloud, mobile, social, big data and IoT platforms, which inherently makes data vulnerable. Traditional perimeter protection does not protect off-premise data, which speaks to the need to take a zero trust approach to data security.

Attend this webinar to learn about the best practices for implementing a zero trust architecture to protect your most sensitive data despite the dissolving perimeter. The webinar will discuss the top 5 things you need to know about zero trust:

1.           The basics. What is zero trust and how does it apply to data security

2.           Setting the stage. How digital transformation can make data vulnerable

3.           Getting to work. Tips for putting zero trust architecture into action

4.           What about the cloud? Implementing zero trust in a multi-cloud environment

5.           Pulling it all together.  How to develop a long term strategy to protect data throughout its lifecycle


  • Nicholas Jovanovic, Senior Vice President of Sales, Thales Trusted Cyber Technologies, Moderator
  • Brent Hansen, Chief Technology Officer, Thales Cyber Technologies
  • Steven Hernandez, Chief Information Security Officer, Department of Education

Download Now

A macro is a mini program that is designed to automate a task within a larger program in order to make the user experience faster and easier. Macros are a legitimate and important component of any productivity software, including common Microsoft Office software for creating documents, spreadsheets, and presentations.  Macros for Microsoft Office are currently written in Visual Basic for Applications (VBA) and work within most Office programs for both Windows and Macintosh, including Word, Excel, Outlook, PowerPoint, Project, Access, Publisher, and Visio. Unfortunately, these efficiency-drivers are easily compromised by hackers. Cybercriminals have figured out that by hiding their malicious code inside Office macros, they  have a good chance of tricking a victim into triggering.

Download Now

Many organizations believe that utilizing antivirus (AV), next-gen antivirus (NGAV), and sandbox security technologies is the best practice for file security.  

While these technologies are certainly important for threat  prevention, each has its own vulnera-bilities that can be exploited by malicious hackers seeking a way to disrupt business activity and make quick money.  

This eBook explores these security techniques, identifies the gaps in each, and explains how a particular technology – Positive Selection technology – can fill those gaps and ensure your files are safe.

Download Now

Many common cybersecurity technologies are powerless in an environment where undisclosed and zero-day attacks abound. With cybercriminals becoming more sophisticated than ever and investing enormous effort in preparing successful targeted attacks through email, a revolutionary approach to cyber protection is required.

Positive Selection technology provides the ultimate solution for stopping undisclosed and zero-day email-based threats by singling out only the safe elements of each file, ensuring every file that enters your organization is 100% safe.

Download Now

Organizational espionage is real and set to intensify, contributing to a shift to the more efficient encryption of sensitive traffic at Layer 2. Compared to IPSec (Layer 3), Layer 2 secure encryption can boost network performance by up to 50%. This paper outlines the shift, and looks at the drivers and benefits of Layer 2 encryption.

Download Now

First introduced to the CV Series virtualized encryption range in 2018, Thales Network Independent Encryption is now available for the CN Series of hardware encryption devices. It enables concurrent, policy-based multi-layer encryption for modern Ethernet and Internet protocol architecture.

Developed specifically for today’s multi-layer networks, Network Independent Encryption provides end-to-end encryption security without the typical performance and bandwidth costs associated with IPSec encryption solutions. Historically, different network types have required different encryption solutions. As network architecture has evolved to comprise multiple transport layers, this has implications for network security, performance and cost.

In the case of Internet protocols, the most common encryption solution, IPSec, is over 20 years old. IPSec was not developed with wide area networking and cloud applications in mind; it incurs additional bandwidth costs and can impact significantly on network performance. Download this paper to learn more.

Download Now

This White Paper analyses the threats that organizations deploying SD-WAN face, explains why data in motion should be encrypted and offers guidance on choosing the right encryption solution.

Download Now

High Speed Encryptors provide the optimal, most efficient means of encrypting data across modern metro or wide area Ethernet networks. By encrypting the payload of Ethernet traffic, sensitive data (including all IP addresses) is kept completely private whilst the frame headers are left unencrypted so that traffic can still be switched across the network. Although HSEs are designed for use across layer 2 networks such as metro or carrier Ethernet services, they can also be effectively deployed across layer 3 MPLS or IP/VPN environments. Download this white paper to learn more.

Download Now

This paper seeks to highlight the differences between purpose-built high-assurance encryptors and MACsec for WAN solutions; helping customers make informed decisions about what solution type best meets their specific security, performance and operational requirements. The section overleaf provides a security feature comparative table.

Download Now

This eBook discussed how Thales enables you to implement a totally secure, full performance, high speed Ethernet WAN, ensuring your data is secure. 

Download Now

Scalable Ethernet encryptor with variable license speeds up to 1 Gbps.

Download Now

Multi-port (1 or 10 Gbps), high-assurance encryptor designed to provide up to 40 Gbps (4x10), full line rate transparent encryption.

Download Now

Government agencies' digital transformation has vastly increased the complexity of security. Technologies such as cloud computing, AI, IoT, analytics, machine learning, and edge computing open up more vulnerabilities and areas for cyber-attack. Sensitive data is at a greater risk than ever before.

The importance of integrity, confidentiality, and trust 

A strong foundation for digital security means you are protected without compromising agility, usability, or scalability so that you can meet the high demands of regulations and audit requirements. Ensuring you cryptographic keys and digital identities are always secure and establishing integrity, confidentiality, and trust between devices, users, and data are critical.

Attend this webinar to learn to implement a strong root of trust to secure the most sensitive data. We will discuss how hardware security modules (HSMs): 

  • Secure critical data and digital identities 
  • Support a variety of well-known and emerging cybersecurity use cases 
  • Address compliance needs 
  • Secure your infrastructure, network, devices, applications, and data regardless of where they are located

Download Now

Product overview with technical features and specifications.

Download Now

This site uses cookies to store information on your computer. Some are essential to make our site work properly; others help us improve the user experience.

By using the site, you consent to the placement of these cookies. For more information, read our cookie policy and our privacy policy.