Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Products
Quick Links
Secure Information
Sharing
 White Papers
Solution Overviews
CipherEngine™ Snapshot
Enables network-wide
encryption
Integrates transparently
into existing networks
Centralized policy & key
generation, distribution
and management
CipherEngine Videos
Network Security Video
Watch the video
All videos
Contact Us
1-877-878-6655
info@cipheroptics.com
Ask a Quick Question

CipherEngine Summary

What CipherEngine Does

  • Enables simplified large scale "Encrypt Everything" data protection strategies for regulatory compliance and security of private information and intellectual property


  • Delivers flexible Layer 2 and Layer 3 encryption functionality across existing network architecture including full mesh, partial mesh, hub & spoke, point-to-point, or hybrid designs


  • Delivers a simplified lower cost model for administration and management of encrypted networks


  • Provides centralized management of security policies with automated policy and encryption key generation and distribution


  • Delivers resilient multi-path encryption that leverages existing redundant and load balanced network architectures
    		•
    Home > Products & Services > Policy & Key Manager > 10,000 Foot View

    What is CipherEngine?

    Download PDF Version
    Print this Page

    CipherEngine™ is the management engine of CipherOptics’ Policy & Key Management Architecture Click to open larger diagram(PKMA). It provides an innovative approach to policy and key management, effectively eliminating the limitations of traditional router-based encryption solutions. Prior to this breakthrough, network encryption was restricted to intrusive router-based security solutions that were difficult to scale, expensive to manage, and had limited flexibility.

    What are the challenges with IPSec encryption?:
    Scalability: Today’s manually intensive administration and configuration models for IPSec and Ethernet encryption do not scale. Using router based solutions requires severe tradeoffs between protecting data and incurring considerable administrative complexity and increases in operational expenses to do so. Current distributed provisioning models found in router-based encryption solutions require manual configuration steps performed on several routers to implement a single security policy. Distributed administration and configuration models hinder the deployment of encryption in anything but small networks consisting of no more than a few encryption points.

    Multi-path Redundancy and Load Balancing: Traditional router-based IPSec and Ethernet encryption is currently based on the creation of secure point-to-point tunnels between any two encryption points that share the required keys to encrypt and de-encrypt data. By locking down the de-encryption to a single peer on the other end of a secure tunnel, a single point of failure exists. Encrypted traffic can not take advantage of today’s highly redundant networks nor can it be load balanced across multiple paths with redundant encryption points. Resiliency for encrypted traffic is not easily achieved with connection oriented point-to-point tunnels that dictate route selection and lock down the de-encryption function to a single peer.

    Multicast and Broadcast Applications: The current router-based deployment models for IPSec encryption can not effectively support multicast or broadcast applications. The concept of multiple recipients that broadcast and multicast traffic present is incompatible with the restrictions inflicted by the point-to-point tunnels required for encryption. Overlaying encryption to broadcast and multicast applications would necessitate the creation of duplicate data streams each traversing a separate point-to point tunnel. The additional network and server load required to facilitate duplicate streams negates all the advantages of multicast and broadcast applications.

    How Does CipherEngine Solve These Problems?
    By dividing policy and key generation/distribution into separate, logical components, and combining them into a new scalable multi-tiered encryption model, CipherOptics virtualizes and distributes the fundamental connection-oriented approach of today’s IPSec and Ethernet encryption solutions using Internet Key Exchange (IKE) while maintaining encryption features and functionality as well as preserving and improving security capabilities. This dynamic new encryption model, called CipherOptics’ Policy Key Management Architecture (PKMA), solves the limitations of traditional router-based IPSec and Ethernet encryption solutions and makes encryption a simple and transparent overlay service to any enterprise network regardless of size or design. The CipherEngine approach dramatically simplifies and improves the performance of encryption by centralizing the policy configuration function and removing the burdens of key negotiation and the maintenance of security associations away from encryption end points.

    Click to open larger diagram In addition CipherEngine enables secure information sharing between communities of interest, by deploying group keys accessible to encryption points providing protection to community members. By creating logical security groups inside and outside the organizational boundaries, different security requirements for various groups of users and applications can be met with ease. Group keys also free the constraints of pre-determined paths and locked down encryption peers thus allowing encryption to occur over redundant and load balanced networks and creating resiliency through alternate encryption points. CipherEngine’s deployment of group policies also makes it very powerful and quite scalable. A full mesh of encrypted end points, regardless of the quantity, can be easily provisioned for any-to-any encryption through CipherEngine with the configuration of one simple group policy.

    CipherEngine Value
    Transparent Security Overlay
    • High speed, low latency encryption architecture with no impact to existing network design, application performance, or user experience
    • Wide scale encryption with no impact to other network services such as VLAN and MPLS tagging or QoS
    • Encryption without core switch and router upgrades, the addition of new networks, additional hops, default route modifications, or route table impacts
    • Quick and easy "drop and insert" installation and integration of encryption into any existing network architecture
    Reduced Complexity & Costs
    • Eliminates the need for and complexity of a secondary overlay network of point-to- point tunnels for encryption
    • Automated policy and key distribution simplifies configuration process significantly reducing operational costs
    • Central point of provisioning reduces risk of configuration errors and compromised data
    • Powerful group policies can effect single command network-wide changes across multiple encryption points
     
    Copyright 2002-2008 CipherOptics, Inc. | All rights reserved | 1-877-878-6655
    Trademark and Legal Notices | Privacy Policy | Site Map