Thales

Thales Group is one of the global leaders in high-tech solutions, combining innovations in transportation, defense, aerospace, and cybersecurity. Following its merger with Gemalto, the company’s portfolio significantly expanded with advanced data protection solutions — from encryption and multi-factor authentication to access management and digital identities. Additional integration with Imperva strengthened Thales’ capabilities in database security, API protection, and bot mitigation, while also enhancing its portfolio with leading WAF products, positioning the company as a key player in the comprehensive cybersecurity market.

More information: https://www.thalesgroup.com

Description of technology

Data Encryption

CIPHERTRUST DATABASE PROTECTION - protects database-stored information at the column level, with additional access controls.

CIPHERTRUST MANAGER - is a centralized key management platform that supports protocols such as KMIP, making integration with existing systems (NetApp) simple.

CIPHERTRUST TRANSPARENT ENCRYPTION - is a transparent file-level encryption, including files on network shares, with additional access control.

CLOUD KEY MANAGER - is a management of keys originating from cloud repositories.

DATA DISCOVERY AND CLASSIFICATION - enables effective searching, classification, and risk analysis across varied data environments from cloud and Big Data to traditional databases.

HIGH SPEED ENCRYPTOR - high-speed network encryptors preventing data interception over telecom links between company sites. Provides encryption at OSI/ISO layer 2 or 3, with constant microsecond latency, up to 100 GB throughput, FIPS 140-2 Level 3 certified.

KMIP - supports Key Management Interoperability Protocol, connect third-party systems and protect the data stored within them.

SECRET MANAGEMENT - centralized management, control, and secure storage of sensitive data (keys, passwords, tokens) used in cloud services, containers, and DevOps environments.

TOKENIZATION - is a data masking for users seeking rapid protection of their assets, encrypts data at the moment of creation.

HSM

HARDWARE SECURITY MODULE - designed to secure encryption keys throughout their lifecycle. Hardened operating system, crypto cards resistant to hardware attacks, encrypted communication channels, multi-factor authentication, and compliance with recognized standards (FIPS 140-3 Level 3, Common Criteria) prevent the loss of cryptographic material. Various module versions are available.

LUNA HSM - is a general-purpose security module, available as a Network HSM, standalone PCI-E card, or USB device; authentication via password (PW Auth) or device supporting strong two-factor authentication (PED Auth).

PAYSHIELD HSM - is a specialized security module dedicated to financial transaction processing.

PROTECTSERVER - configurable security modules offering higher flexibility and lower total cost of ownership, available as Network HSM or PCI-E variant.

User Authentication

SAFENET TRUSTED ACCESS - is a modern strong authentication and access management platform. It protects access to both on-premises and cloud resources, integrating with around 1,000 systems, including Office 365. With Smart SSO, STA adjusts the authentication method based on risk factors, such as location, device, application, etc. It supports multiple login methods: OTP, Push OTP, biometrics, certificates, FIDO, SMS/email passwords, and more. Also, STA simplifies identity management and eliminates the need for multiple passwords. It provides a centralized admin panel and full visibility into user activity.

SMART CARDS, READERS, USB TOKENS - offers a wide range of smart cards, readers, and USB tokens for secure user authentication. The most popular are contact-interface cards, used for login, encryption, signing, and VPN access. Dual-interface cards also support contactless communication (NFC), while hybrid cards combine logical and physical access (room access control). An alternative to cards is eTokens – small USB keys, sometimes with a touch sensor and NFC. Thales solutions comply with standards such as FIDO, eIDAS, GDPR, Common Criteria, QSCD, and FIPS 140-2, and operate across multiple operating systems, streamlining credential management.

VSEC:CMS - a comprehensive credential management platform, available on-premises and in the cloud. It enables automation of the entire credential lifecycle without programming, integrating various systems and saving time and resources. The platform manages smart cards, tokens (including Yubico), virtual cards, and mobile devices. It supports passwordless and multi-factor authentication (PKI, FIDO) and complies with major government regulations. Key features include full credential lifecycle management; support for physical and virtual cards; integration with IdP, HSM, ACME systems; user and operator self-service; high availability – backup, clustering, disaster recovery; audits, role-based access control, approval workflows; support for Windows and macOS, flexible APIs and SDK.

Helpful files