You are here: Home / PARTNERS / CERTES NETWORKS

CERTES NETWORKS

Certes Networks specializes in protecting data-in-motion with innovative network encryption.

Certes Networks is leading the way with the industry’s first and only:

  • Commercially deployable group encryption technology
  • Global security policy and encryption key management solution that protects any application data flow or network traffic
  • Solution that allows encryption based on VLAN tag IDs
  • Full line-rate, low latency gigE encryptor
  • Native Layer 2 Ethernet frame encryptor
  • Layer 4 encryptor
  • Encryption appliance that operates at Layer 2, Layer 3 or Layer 4

Network Encryption Overview

One of the most effective ways to eliminate data loss or theft is to encrypt the data on the network. However, not all data protection solutions are created equal. While most solutions offer standard AES 256-bit encryption, there are other attributes that must be considered:

  • Manageability – The ease and simplicity with which the solution is installed, deployed and managed
  • Transparency – The degree to which the solution affects network operations and applications
  • Flexibility – The solution’s compatibility with various combinations of topologies, protocols and applications

Comprehensive protection must excel in all three categories. Many solutions are strong one area, but weak in others, compromising their overall effectiveness. Only Certes Networks provides you with the manageability, transparency and flexibility needed for complete data protection.

Network Encryption Made Easy

When you need to encrypt your data in motion, Certes makes it easy. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s networks.

Certes Networks solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost. They give you the power to encrypt your network data wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.

Business benefits:

  • Quick to install and easy to manage
  • Additional security and decreased risk
  • Transparent network and application protection

Technical benefits:

  • Global policy and key management
  • Easy endpoint grouping
  • Tunnel-less encryption
  • Seamless scalability to grow with your needs

Ethernet Encryption (Layer 2)

Our Ethernet encryption solution provides easy management for large-scale Ethernet encryption deployments. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s Ethernet networks.

Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost.

You also get a variety of security options, including the ability to:

  • Group endpoints together for ease of configuration and scalability
  • Encrypt based on VLAN IDs to create secure communities of interest
  • Secure multicast application traffic

Whether you need to protect data on a specific VLAN or all of your network traffic, you can do it easily with a Certes solution while maintaining your network and application performance.

Ethernet Encryption: Point-to-Point

If you need to secure links between a few LANs, buildings, or remote locations, the CipherEngine Enforcement Points (CEPs) are a simple and affordable solution. These hardware-accelerated encryption appliances provide high speed, low latency data protection from 10Mbps to 10Gbps.

The CEPs are:

  • Quick to install and easy to manage – Installs quickly and is ready to use in minutes
  • Transparent to your network – No architecture changes or router upgrades needed
  • Wire-speed – Provides full duplex wire-speed encryption
  • Low Latency – Will not disrupt any latency sensitive applications

Certes Networks Ethernet encryption solutions allow you to protect your data while maintaining your existing network and application performance.

Internet Protocol (IP) Encryption (Layer 3)

Certes Networks IP encryption solutions ensure data protection over any IP infrastructure, including full mesh, hub and spoke, and point-to-point networks, without affecting the user experience or network performance. Our IP encryption solutions range from 10Mbps to 1Gbps, with 10Gbps capabilities coming this year, and provide best-in-class data protection without requiring you to upgrade or change your existing infrastructure.

IP Encryption: Full Mesh and Hub-and-Spoke

A Certes Networks IP encryption solution provides easy management for large-scale IP encryption deployments. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s networks.

Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost.

You also get a wide array of security options, including the ability to:

  • Group endpoints together for ease of configuration and scalability
  • Protect any-to-any communications without impacting application performance
  • Encrypt based on MPLS tags
  • Secure multicast application traffic

IPSec VPNs

Unlike traditional IPsec VPNs, next generation IPsec VPNs are able to protect data as it travels over networks while maintaining the any-to-any connectivity and low latency performance required by modern applications. Next generation IPSec VPNs are also much easier to install and maintain than their predecessors. They offer greater flexibility with regards to group encryption and policy creation, and offer equal or better security (due to less complexity) at a much lower total cost of ownership.

Next Generation IPsec VPN

Traditional IPSec VPNs require point-to-point tunnels across the network

If you are like most networking or security professionals who have looked at securing your data with traditional IPsec VPNs, you have likely discovered that they can be difficult to set up and manage, especially for large deployments. Traditional IPsec VPNs can also add unacceptable latency to application performance, impair router and switch throughput and can result in massive packet loss during site failovers.

Today’s business models rely on high-speed applications that require any-to-any connectivity. To support these applications, today’s networks are architected to provide high speed, low latency connectivity with highly available connections. This allows business professionals to access applications and data from data centers, server farms or private clouds with the same ease, timeliness and reliability as if they were located in the same building.

However, today’s businesses are forced to contend with the growing threats of cyber crime and data theft. The reality is that companies must now add data security to their list of network requirements. Unfortunately, IPsec VPNs (the primary technology used for network data protection) were developed in the late 1990’s- when networks were made up of simple point-to-point connections.

Using traditional IPsec VPNs to secure today’s dynamic networks forces you to “devolve” your network from an intelligent any-to-any business tool, to a collection of point-to-point tunnels.

Next Generation IPSec VPNs do not require IPSec tunnels across the network.

The good news is that the next generation of IPsec VPNs is finally here! Through the use of Group Encryption, this advanced method of enabling data protection maintains all that was good about IPsec VPNs- but without the hassles and performance compromises of tunnels.

This unique capability allows next generation IPsec VPNs to operate transparently over any topology without impacting application performance or network infrastructure. In fact, because next generation IPsec VPNs decouple security from the routed infrastructure, your network performance may even improve!

Layer 4 Encryption

Many organizations run multiple services on their network, such as Class of Service, Network Address Translation (NAT), Policy-Based Routing and Netflow to ensure their network operates as efficiently and as effectively as possible. Most of these network services depend on information from the Layer 4 header to operate. Unfortunately, traditional Layer 2 and Layer 3 encryption solutions are incompatible with Layer 4 services because they encrypt the Layer 4 header along with the payload. This forces network administrators to choose between improved traffic management and data security.

Certes Networks has made it possible to maintain traffic shaping, NAT and Class of Service based prioritization while securing data with our Layer 4 encryption solution. This unique and innovative functionality provides AES 256-bit encryption of the data payload while leaving the Layer 4 header in the clear. With Layer 4 encryption, network administrators no longer have to choose between performance and security.

How Layer 4 Encryption Works

By preserving the original header information and encrypting the payload, you can encrypt data over load-balanced, redundant and resilient networks. With the Certes Layer 4 encryption solution, the Layer 4 header information remains in the clear and only the payload is encrypted, as shown in the illustration below.

Layer 4 Encryption

Benefits of Layer 4 Encryption

Certes Layer 4 encryption solutions can be deployed quickly and easily in any network environment. With this solution, companies and service providers can maintain traffic shaping, prioritization, net flow capabilities and other services while ensuring that the data is safe from unauthorized use or inspection.

An added benefit to our Layer 4 encryption is that it makes troubleshooting an encrypted network easier. With traditional IPsec, all packets in the WAN are ESP packets, which hide the Layer 4 headers. The Layer 4 header is often used to help identify applications, so not being able to see that information complicates troubleshooting encrypted networks. With Layer 4 encryption, the headers are in the clear, and there is no need to modify your troubleshooting methodology. There is no additional training for NOC personal when troubleshooting encrypted networks.

Layer 4 Encryption benefits include:

  • Ability to pass encrypted data through NAT devices
  • Support for policy based routing/load balancing
  • Lower packet overhead (5-10% faster than L3)
  • Easy troubleshooting for encrypted networks
  • Netflow/Jflow support

In fact, one of the largest service providers in the U.S. tested our Layer 4 encryption solution in their labs to gauge the impact on network services. You can download the test results below.

With encryption speeds ranging from 10Mbps to 10Gbps, our Layer 4 encryption solutions ensure your data is protected and the network services can run- all without impacting application or network performance.

VOIP Security & Encryption

Voice over Internet Protocol (VoIP) is one of the fastest growing segments in networking technology. Companies are moving their telephone communications from their traditional Public Switched Telephone Network (PSTN) to modern converged IP networks that offer high-speed access and lower costs.

Since VoIP utilizes the shared infrastructure of an IP network, any VoIP communication is subject to the same security vulnerabilities as any other form of data on a shared infrastructure. These security concerns were addressed in the National Institute of Standards and Technology’s (NIST) paper Security Considerations for Voice over IP Systems:

“The prevalence and ease of packet sniffing and other techniques for capturing packets on an IP based network makes encryption a necessity for VoIP.”

Until now, the biggest issue with VoIP security has been the tradeoff between protection and performance. Standard link encryption and the use of VPNs added latency, degrading VoIP call quality to the point where companies were forced to abandon VoIP encryption. The same NIST report mentioned above suggests that the way to negate the protection vs. performance tradeoff is with improved security policy and encryption key management.

Certes Networks’ VoIP encryption solution delivers just that. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s networks.

Certes Networks’ solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost.

MPLS Encryption & Security

MPLS is one of the fastest growing networking technologies today. Companies are migrating from their legacy infrastructures in order to take advantage of the cost savings and performance advantages offered by MPLS. While these advantages are real, users should be aware of the MPLS Security Myth. In the early days of the MPLS migration, the service was often positioned as being a secure form of transport. However, this proved to be more of a marketing claim than a defensible technical feature.

The truth is, MPLS only provides logical separation of traffic over a shared virtual network. Service providers offer the same MPLS service on the same network to multiple companies. Often, they outsource the local transport to third party carriers, which also use shared networks. Unless you specifically request and arrange otherwise, your service provider will typically send your data in the clear across these shared multi-carrier networks.

Fortunately, with a Certes solution, you can take advantage of MPLS features without having to worry about its inherent lack of security. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s MPLS networks.

Fortunately, with a Certes solution, you can take advantage of MPLS features without having to worry about its inherent lack of security. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s MPLS networks.

Metro Ethernet Security

Layer 2 WANs offer many advantages over the technologies they are replacing, but there are security concerns that must be addressed by any organization migrating to, or currently using, these services. In order to avoid data leakage or any other form of unauthorized access to your data, you need to take  an active role in protecting your data transmissions over the service provider’s Metro Ethernet, VPLS or other Layer 2 WAN.

Fortunately, with a Certes encryption solution, you can take advantage of Metro Ethernet without having to worry about its’ inherent lack of data security. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today’s Metro Ethernet networks.

Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost.

With Certes Networks, you can protect your data in motion wherever, however and whenever you want, without changes or disruptions to your Metro Ethernet network, your infrastructure, or your operations.

SCADA Encryption & Security

Networks that connect the control systems, plants, and distribution systems of the nation’s critical infrastructure have become the new frontline of cyber warfare. Where once an enemy had to penetrate a nation’s physical border to attack command and control systems, they can now accomplish the same task from anywhere in the world.

According to industry experts, SCADA (Supervisory Control and Data Acquisition) systems – the computer networks that monitor and control the nation’s electrical grid, gas and oil refineries, water systems, power generation and industrial processes are “in dire need of stronger safeguards”.

Experts estimate that more than two-thirds of these systems are connected to an IP network or the Internet. This makes them vulnerable to all of the attack vectors plaguing every other network, including data theft, monitoring, man-in-middle attacks and DoS attacks which aim to overwhelm perimeter security devices with brute force.

Certes Networks makes it easy to secure and encrypt SCADA, Digital Control Systems (DCS) and other command and control networks. Our encryption solutions mitigate the most common attack vectors, while preserving the performance, reliability and availability these critical control systems demand.

Our solutions have been deployed on a growing number of government, municipal and utility networks. Our policy and key management system makes it easy to secure SCADA and DSC systems without adding personnel, disrupting operations, or requiring network reconfigurations.

Group Encryption Overview

Protecting data in motion has become a high priority for a growing number of companies and governments. The growing threat of data theft and the increased regulatory pressure to protect data has moved group encryption of data in motion from a “nice to have” technology to a budgeted project for many companies.

However, companies that have deployed IPsec VPNs across their network have discovered that while encryption is a superior form of data protection, the deployment and management of IPsec VPNs is complicated, time consuming and largely incompatible with other network requirements, such as application performance, intelligent traffic routing and reliability. The IPsec VPN technology is also incompatible with a growing number of cost-effective Layer 2 service options, such as Metro Ethernet E-LAN, E-LINE, and VPLS forcing companies needing encryption to find another way to achieve such security.

Certes Networks addresses this need in the market with the introduction of CipherEngine, a groundbreaking group encryption solution that makes encryption easy to install, simple to manage and transparent to any infrastructure, topology or application.

Examples of CipherEngine encrypted groups include:

  • IP Hub and Spoke
  • MPLS full mesh
  • VPLS Mesh
  • Metro Ethernet point-to-multipoint
  • MPLS Multicast
  • Multi-carrier infrastructures
  • Mixed vendors infrastructures

The CipherEngine group encryption solution has the added benefit of decoupling the security from the networks’ routed or switched infrastructure, providing additional security through role and access segmentation. CipherEngine also eases network troubleshooting, which is very difficult to do with other methods of transport encryption.

If you have a question or a comment, or would like more information or a demonstration, please let us know by completing the Contact Us box on the upper right side of this page.