Policy and Key Management

CipherEngine Policy and Key Manager
Global security policy, encryption key and configuration management

CipherEngine Video Data Sheet

Product Overview
CipherEngine is a global encryption policy, key and configuration management solution enabling comprehensive network data protection. CipherEngine is an easy-to-use solution that controls all aspects of an Ethernet or MPLS network encryption deployment. CipherEngine provides global security policy management, encryption key creation, encryption key distribution and CipherEngine Enforcement Point (CEP) configuration from a transparent management network layer.

With CipherEngine you can:

Centrally manage your encryption deployment

Monitor and manage encryptors from a single interface

Make real time changes to security polices

Generate and dynamically distribute encryption keys based on group policies

Securely push encryption keys and policies to CEPs

CipherEngine is three powerful security management applications combined into one easy-to-use security tool. CipherEngine MAP lets you easily define security policies that will be enforced by the CEPs, our wire-speed encryption appliances. CipherEngine KAP generates key material based on the polices created in the MAP and pushes the encryption keys and polices to the CEPs. CipherEngine CipherView is the configuration tool for the encryptors themselves.

CipherEngine Management and Policy server (MAP)

Click to enlarge

CipherEngine's user interface allows
easy editing of security policies.

The Management and Policy server, or MAP, is CipherEngine's policy services interface which provides centralized creation, monitoring and management of network encryption policies.

Policies defined within CipherEngine specify what traffic to protect and how to protect it. These policies can use various encryption selectors, such as source IP address, destination IP address, source and destination port number, protocol ID or VLAN tag ID.

The MAP also provides the ability to assign CEPs to one or more logical groups, called network sets. Network sets can be based on multicast groups, load balancing requirements, VLAN IDs, or closed community groups. Each member of its respective group will receive the same key material, with different groups using different keys and CEPs can belong to one or more groups.Once the policies are defined, they are acted on by CipherEngine KAP.

Each policy specifies:

The type of traffic the policy affects

The action that is to be performed (encrypt, send in the clear, or drop)

The Networks Sets the policy will protect

The CEPs included in each Network Set

CipherEngine Key Authority Point (KAP)
The Key Authority Point, or KAP, is CipherEngine's key generation and distribution mechanism. The KAP receives the policies from the MAP and then generates and distributes the encryption keys and the MAP policies to the CEPs.

CipherEngine CipherView
CipherView is CipherEngine's device management application which controls all configuration aspects of the CEPs, including network configuration, SNMP hosts and Syslog servers.

Monitoring, Reporting and Administratve Roles
CipherEngine includes log and audit reporting mechanisms, allowing you to collect and monitor important criteria such as enforcement point status, policy changes, device configuration changes, and password changes. CipherEngine also utilizes password controlled access to provide various levels of users so enterprises can restrict or provide different levels of system privileges to specific individuals. CipherEngine provides two system level roles with change privileges (administrative user and operational user), and one monitoring role for read-only access.

To see just how easy it can be to take advantage of CipherEngine's policy and key management capabilities, call us at 1-877-878-6655 or feel free to ask us a question.

CipherEngine Datasheet