CipherEngine for Networks

Product Overview
CipherEngine is a global security policy, encryption key and configuration management solution enabling comprehensive end-to-end data protection. Based on an open architecture for data security, CipherEngine takes a simplified approach to network and security management. CipherEngine is an easy-to-use solution that controls all aspects of a CipherOptics IP, Ethernet or MPLS infrastructure encryption deployment. It provides global security policy management, encryption key creation and distribution, as well as, CipherEngine Enforcement Point configuration within a single centralized solution.

How It Works
CipherEngine uses a distributed open architecture comprised of Policy Services, Key Services, Configuration Services and Enforcement Point Services. CipherEngine provides the ability to group network endpoints into one or more network sets. Groups can be assigned based on multicast groups, load balanced groups, VLAN groups, MPLS groups or closed community groups. Each member of its respective group will receive the same key material, with different groups using different keys. CipherEngine Enforcement Points (CEPs) can belong to one or more groups.

CipherEngine can be distributed over multiple regional or clustered servers with each platform sharing the policy, key and configuration details for the entire network. Each individual server can control thousands of CipherEngine Enforcement Points deployed throughout the network.

CipherEngine

Based on user defined network security policies, CipherEngine dynamically generates and distributes group IDs, policies and keys to CipherOptics CEPs.

With CipherEngine, security policies and encryption keys are created and distributed to the endpoints from a transparent management network layer.

Centralized management tool

Monitor and manage encryptors

Make Real time changes to security polices

Generate and dynamically distribute encryption keys based on policies

Securely push encryption keys and policies to enforcement points

Enables scalable deployment

Policy Services
CipherEngine's Policy Services are the policy management components that can be implemented to secure multiple data paths in redundant networks and complex mesh, hub and spoke, and multicast networks. Policy Services provide centralized creation, monitoring and management, and are used to create and manage the policies that are acted on by the Key Services.

A policy specifies what traffic to protect and how to protect it. Encryption is set by policy definition and can be based on source IP address, destination IP address, source and destination port number, protocol ID or VLAN tag ID. The Policy Services are the tools used to define the filtering criteria specified in the policy. Each policy specifies:

The enforcement points utilized

The networks the enforcement points will protect

The networks in a group

The action that is to be performed (encrypt, send in the clear, or drop)

The type of traffic the policy affects

IP polices, Ethernet VLAN policies, Layer 4 payload protection policies

Key Services
CipherEngine's Key Services generates and then distributes the encryption keys and policies to the Enforcement Point Services, based on the policies generated from the Policy Services.

Configuration Services
All device configuration aspects of CipherEngine Enforcement Points, including network configuration, SNMP hosts and syslog servers, are controlled through the Configuration Services.

Network Encryption Made Simple

After receiving the security information from CipherEngine, the CEPs encrypt network data without interrupting the topology, infrastructure or performance.

Centralized configuration management

Configure device network parameters

Compare saved configuration with device configuration

Securely upgrade Enforcement Point firmware

Monitor appliance status

Enforcement Point Services
CipherEngine's Enforcement Point Services push the encryption keys and policy rules to the CEPs. The CEPs then encrypt the traffic, send it in the clear or drop it, depending on the policy rules it receives.

Monitoring and Reporting
CipherEngine includes log and audit reporting mechanisms, allowing you to collect and monitor key criteria such as enforcement point status, policy changes, device configuration changes, and password changes.

Administrative Roles and Users
CipherEngine allows appropriate levels of administrative access to specific users through the separation of roles. Enterprises can restrict or provide different levels of system privileges to specific individuals. CipherEngine provides two system level roles with change privileges (administrative user and operational user), and one monitoring role for read-only access. All user access is password-controlled.

Features and Benefits

Feature	Feature Description	Benefits
Enforcement point configuration management	Quickly and easily configure and deploy enforcement points	Reduce overall configuration time for large or small network deployments
Flexible policy management	Create encryption rules per enforcement point or per network	Quickly and easily deploy network security policies
Single solution for global data protection	Encryption across different network layers	Flexible configuration and deployment
Secure firmware image management	Manage all enforcement points from a central location and securely download new firmware	Reduce overall maintenance for large or small networks
Monitoring	Actively monitor policies and enforcement point status	View overall status from one centralized location
High availability and scalability	Multiple CipherEngine servers can be deployed to create a policy and key server grid	Always on, always ready operation
Group policy creation	Group key distribution	Encryption for multicast, load balanced, or VLAN networks

CipherEngine for Networks Datasheet

For more information or to learn how CipherOptics can help you protect your sensitive data as it moves across any network, call us at 1-877-878-6655 or feel free to ask us a question.