Decru, Inc, the leader in storage security, today announced availability of Decru Client Security Module (DCS), an endpoint security solution that enables end-to-end security for applications and storage. DCS software, which can be deployed selectively on servers and desktops, works in conjunction with Decru DataFort storage security appliances to enforce policies and protect endpoint machines from threats including insider breaches, viruses, worms, misconfiguration, and hacker tools.
The optional Decru Client Security software incorporates application whitelists, cryptographic authentication, granular access controls, and hardware-based integrity checks to ensure that only authorised users and applications can access sensitive data. Security administrators can define access policies based on user, application, machine, and time of day, and customise this for each Cryptainer storage vault.
By default, unauthorised applications including malware and root kits are prevented from running, and DCS blocks administrators and unauthorised applications from improperly accessing applications or storage. DCS endpoint policy enforcement complements Decru DataFort's transparent, wire-speed encryption capabilities across all enterprise storage environments, including SAN, NAS, DAS, and tape.
"Enterprises increasingly realise that applications need end-to-end security behind the firewall. Decru DataFort appliances provide a powerful model for protecting data at rest and in flight; DCS extends this security to the application and user level on endpoint machines," said Jon Oltsik, senior analyst, information security, for Enterprise Strategy Group. "Decru is the only vendor to combine selective client security with transparent wire-speed encryption, providing customers with maximum security and flexibility."
In networked computer systems, security is only as strong as the weakest link. Decru Client Security Module integrates seamlessly with Decru DataFort storage security appliances to protect the entire data path, including:
* Application and Database Servers: Granular access controls and cryptographic enforcement ensure that only authorised users and applications can access sensitive data in both SAN and NAS environments. Application whitelists with cryptographic fingerprinting prevent unauthorised applications from running or accessing data on host servers. This approach provides powerful protection against viruses and worms, including zero-day attacks which signature-based anti-virus systems fail to address.
* Networks: Data in flight can be encrypted with either IPsec or SSL, ensuring that data cannot be observed on the network. In SAN environments, DataFort can be deployed in-line directly behind sensitive servers to encrypt data with AES-256 before it enters the Fibre Channel fabric.
* Storage: Data at rest is secured and compartmentalised with wire-speed AES-256 encryption. DataFort is deployed transparently in-line, and is agnostic with respect to operating systems and applications. Cryptainer vaults enable secure consolidation of multiple groups onto shared storage, while preventing access by unauthorised users or administrators.
* Backup and Disaster Recovery: All replicated copies of data are protected with AES-256 encryption, and the Decru solution can be deployed in a wide variety of backup and disaster recovery topologies.
In contrast to solutions that require agent software on every desktop or server, DCS is an optional module that can be deployed selectively. This flexibility translates into lower management costs, reduced complexity, and reduced deployment risk.
Because DCS and DataFort natively support standard storage protocols such as CIFS, NFS, and Fibre Channel, the solution is transparent to users, and provides layered security without disrupting existing applications. The Decru platform is the only solution capable of supporting application-level security for SAN and NAS environments with in-line wire speed encryption, including 2 Gbps Fibre Channel and Gigabit Ethernet.
DataFort's secure hardware provides a cryptographic "trust anchor" to prevent tampering on endpoint machines running DCS. Because DCS maintains cryptographic heartbeat communications with DataFort's secure hardware, any attempt to tamper or un-install the software results in alerts and immediate suspension of data access for the affected servers. Data encryption and key management are maintained within DataFort's Storage Encryption Processor, which has received FIPS 140-2 Level 3 government certification with end-to-end 256-bit security, one of the highest levels of assurance available for commercial cryptographic solutions.
"Decru offers the industry's broadest set of solutions for securing data behind the firewall, spanning servers, networks, and all open-systems storage environments," said Dan Avida, chief executive officer of Decru. "Decru Client Security Module represents a powerful tool for customers to extend data security from their storage out to endpoint machines. Because Decru DataFort can be deployed transparently with no client software, customers have the flexibility to decide which clients need additional security."
Decru Client Security Module is available immediately for Linux and Windows, with Solaris support planned for the first half of 2005.