AscentDataGuard
Encryption as a Service

TrustNet Manager

Encryption as a Service (EaaS)

Ascent DataGuard, powered by TrustNet Manager from Certes Networks, is a web-based management platform that simplifies security management while preserving network performance and functionality. It provides a browser-based user interface for managing policies and devices and a back end server for distributing group encryption keys. Ascent DataGuard offers simplified encryption management without requiring costly changes to your existing network infrastructure.

Ascent DataGuard allows you to:

  • Manage network encryption from anywhere using a web-based interface
  • Define and distribute security policies with simple drag-and-drop simplicity
  • Separate security management from network management
  • Review and audit system events to simplify regulatory compliance
  • Automatically validate changes before deployment

Solutions Architecture

Solutions Architecture

Group Encryption Policy and Key Updates

Ascent DataGuard reliably distributes the group encryption policies and keys to Certes Enforcement Points (CEPs) throughout the network and it periodically sends key updates (rekeys). Key updates minimize the risk of a brute-force attack on the encrypted data by reducing the amount of information encrypted with the same key.

With Ascent DataGuard's fail-safe rekey feature, group keys are updated only when all of the group members are ready to receive the new key. This avoids network outages that occur when some group members receive a new key while other group members continue to use the old key.

Role-Based Access Control

Using role-based access control, Ascent DataGuard provides separate roles for security control and network management. This allows the security team to outsource network management without losing control of the security policies and keys. Ascent DataGuard also provides powerful logging and auditing capabilities to establish, maintain and prove regulatory compliance.

Group Encryption Management for Policies, Keys and Devices

POLICY GENERATION

  • Mesh topologies
  • Hub and spoke topologies
  • Multicast networks
  • Point-to-point connections
  • IPsec site-to-site connections

KEY GENERATION

  • Generates encryption keys associated with policies
  • Optional HSM card for hardware- based random number generation

KEY DISTRIBUTION

  • Distributes encryption keys to enforcement points
  • Scheduled key updates by period (hours) or daily at a pre-determined time
  • Cluster-based server with disaster recovery for reliable re-keys
  • All communications involving policies and keys are secured using TLS and transmitted through the management ports of the enforcement points
  • Communications authenticated using X.509 certificates

CERTIFICATE MANAGEMENT

  • GUI interface for complete certificate management
  • Generate signing requests
  • Send requests (CSR) from the CEP to the TrustNet Server
  • Install certificates onto the CEP

SYSTEM SYNCHRONIZATION

  • Time synchronization via Network Time Protocol (NTP) version 3, RFC 1035 Supported Encryption Devices (software versions 1.5 or later)
  • CEP10 VSE, CEP100 VSE, CEP1000 VSE, and CEP10G VSE
  • CEP10, CEP10-R, CEP100, CEP100-XSA, CEP1000

DEVICE MANAGEMENT

  • Import and export CEP configurations
  • Device templates for fast repeat configurations
  • Shift-click and select multiple CEPs for bulk operations
  • Compare saved configuration with running configuration
  • Secure CEP firmware upgrades
  • Control user roles and passwords
  • Monitor CEP status, counters and statistics

BROWSER REQUIREMENTS

For optimal security, stability and performance, the latest major release of the following browsers are fully supported and tested on a rolling basis*:

  • Microsoft Internet Explorer®
  • Mozilla Firefox®
  • Google ChromeTM

* Earlier versions and unlisted browsers may be fully or partially supported.

Industry Compliance Standards

Ascent DataGuard takes the pain, complexity and expense out of complying with industry and government data protection requirements. Whether you are subject to PCI DSS, HIPAA, HITECH, NERC CIP Standards, Sarbanes-Oxley or any data privacy/protection mandate, our network encryption solutions allow you to secure your network, achieve regulatory compliance, and reduce the cost of deploying, managing and maintaining the encrypted network.

The Ascent DataGuard Difference

TrustNet is an innovative security policy and encryption key management solution providing scalable network-wide encryption. By providing global control of the generation of policies and dynamic distribution of keys, TrustNet enables organizations to encrypt data transmissions over any type of network without compromising application or network performance.

Ascent DataServices

Get a quote

Download the Ascent DataGuard Sheet.

ModernHealthcare.com

UCLA Health System Faces $16M Suit for Data Encryption Breach

Class-action suit involving encrypted, but still vulnerable electronic medical records of more than 16,000 patients could cost UCLA Health System $16M in damages. Read the article. . .


Standford Hospital Faces Major Security Breach

Private medical data for nearly 20,000 emergency room patients at California’s prestigious Stanford Hospital were exposed to public view for nearly a year because a billing contractor's marketing agent sent the electronic spreadsheet to a job prospect as part of a skills test.

Read the article

Ascent DataGuard
powered by Certes Networks

Certes Networks Named Finalist In Best IPsec VPN Product Category

Readers selected TrustNet Manager as a top product in the Reader Trust Award competition, which honors best-in-class security products and services.

Learn more about the 2012 Reader Trust Finalists. . .

Resources

Ascent DataGuard Data Sheet.

Variable Speed Encryption Specs.

CEP10G Variable Speed Encryption Specs.

Product Snapshot

 

SSAE 16 Compliant SLA 100 HIPAA PCI Compiant AFCOM MGMA