Contact Us: For all office locations and contact information, please visit www.safenet-inc.com
Follow Us: www.safenet-inc.com/connected
©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.
All other product names are trademarks of their respective owners. FB (EN)-09.28.11
SafeNet Network
Encryption Solutions
SafeNet High-Speed Network
Encryptors Combine the Highest
Performance With the Easiest
Integration and Management
SafeNet Network Encryption and
Isolation Solution
SafeNet Network Encryption and Isolation Solution uses dedicated security engines that are
separate from the network infrastructure. This approach has intrinsic advantages compared to
integrated solutions. Whether you are operating a traditional enterprise data center or moving your
data and processing into the cloud, data confidentiality and infrastructure isolation are assured
without impacting the day to day operations of the network. Infrastructure security is administered
separately from the network administration function allowing separation of duties even when
operating in the cloud. SafeNet technology operates at the highest performance levels without
negatively impacting network capacity or speed and without adding network complexity. The
encryption devices and their management function exist as a network ‘overlay’ that is highly reliable,
highly resilient, easy to deploy and maintain, and can be rapidly expanded as needs change.
10G/100M
SafeNet Network Encryption Solutions
Proven reliability, highest throughput, and lowest latency make SafeNet’s network security devices the ideal solution for protecting data
in motion, including time-sensitive voice and video streams. SafeNet’s network security devices provide the fastest and easiest way to
integrate robust, FIPS-certified network security to protect data for enterprise and government organizations.
With SafeNet Network Encryption Solutions, You Can:
• Protect your data from evolving threats - Sensitive data is being transmitted through networks, more transactions are being
conducted over networks, and more value is moving through networks, which means that even a small breach can result in staggering
data leakage—with associated reputation, privacy, and financial losses.
• Become compliant with mandates - Beyond the obvious needs for encryption in safeguarding against security threats, many
organizations need to ensure and demonstrate compliance with a host of mandates, including governmental, industrial, and regional
policies. Encryption mechanisms need to support these efforts and provide advanced audit reporting.
• Provide business continuity and disaster recovery - Organizations need real-time transmissions of sensitive data to disaster recovery
sites. Encryption solutions ensure the information remains totally secure without slowing down the network and interfering with other
business functions.
Carrier Ethernet
(Provider A)
10G
Carrier Ethernet
(Provider B)
10G
Secondary Data Center
Disaster Recovery Site
Data Center
• Secure branch office connectivity - Sensitive and regulated data is constantly traversing the network from headquarters to branch
offices. Organizations need a lower cost encryption solution capable of scaling.
Branch Offices
100M
75M
Carrier Ethernet
50M
Headquarters
10M
VLAN 1
5M
VLAN 2
VLAN 3
VLAN 4
VLAN 5
etc...
• Safeguard data in private clouds - Organizations are moving to cloud-based services; just about every enterprise will have a hybrid
mix of services—including on-premise, private cloud, and public cloud—in place at any given time. Network encryption ensures
trusted communications across the organizations cloud-based applications while boosting user productivity, lowering costs and
increasing business agility.
Cloud
Benefits
Reduced Cost
SafeNet’s Network Encryption solutions are simple to deploy and require little maintenance, thus reducing implementation and
operational costs. Because SafeNet’s Network Encryptors encrypt at Layer 2, bandwidth efficiency is greatly improved.
Maximum Performance
SafeNet Network Encryptors are able to protect massive amounts of data with high throughput, zero latency, and minimal protocol
overhead.
Enterprise Scalability
SafeNet Network Encryption solutions significantly reduce equipment requirements and costs. In addition, encryption policy is effortless.
Central Control and Remote Management - SafeNet’s Security Management Center (SMC)
SafeNet’s Network Encryptors can be centrally controlled or managed across multiple remote stations using SafeNet’s SMC. With
SMC’s point-and-click, easy-to-use interface, and configuration wizards, it’s simple to visualize, configure, modify, and manage network
security—5 minute installation and deployment. SMC enables organizations to implement a broad range of security policies that can limit
access to specific devices or provide unlimited access to the entire network.
Layer 2 Encryption
It’s a little known fact that network encryption solutions can have profound impact on the network’s scalability, maintenance and cost.
Layer 3 encryption solutions like IPsec introduce latency and frame loss, and may reduce available bandwidth to as little as 27%.
Applications like VoIP and video may be a problem, and network equipment has to be super-sized just to keep up with normal traffic.
Why Encrypt at Layer 2?
SafeNet offers advanced Layer 2 encryption solutions that eliminate the challenges and obstacles presented by Layer 3 encryption
approaches.
Maximum Performance
Simple Management
Minimal Cost
• Simple policy for fast setup and integration
• IPv4 transparent to encryption policy
• Minimal ongoing maintenance
• Encryption can have no effect on high
layer IP routing design
• Better bandwidth utilization (up to 50%)
• Protects legacy Layer 3 protocols
Layer 2 (Ethernet)
Performance
Ease of Integration &
Maintenance
Layer 3 (IPSec)
• No performance degradation for small packet
traffic (real-time VoIP, video)
• Poor performance especially for small-packet
traffic (real-time VoIP, video)
• Virtually no latency
• High latency, especially for small packet traffic
• No bandwidth wasted for security overhead
• Up to 90% of bandwidth wasted by security
protocol overhead
• Easy to integrate, plug and-play
• Hard to integrate into IP networks due to IP
address management issues
• Virtually no maintenance required
• FIPS 140-1/2 and CC certified hardware
• Highly resilient
• Changes in IP layer doesn’t affect Layer 2
security
Cost
• Low Latency – microseconds vs.
milliseconds
• Throughput up to 1Gbps
• Supports latest encryption standards such as
AES-256
Reliability
• No GRE or complex QoS schemes
• Throughput up to 10Gbps
• Separates physical network from security
Depth of Security
• Low Overhead – Needed for new
bandwidth intensive applications
• Cost-effective security solution requires only
minimum number of encryptors to secure entire
circuits
• Changes in network setup impact security
• Provides more granular security options
which leaves room for errors in security
implementation (e.g., unencrypted connections)
• Changes in IP network (e.g., IP address changes)
can interfere with security setup
• Fast IPSec encryptors are expensive
SafeNet’s Network Encryption and
Isolation Solution for Ethernet WAN
encryption is elegantly simple.
This solution operates at Layer 2, so
that maintenance issues like security
policy changes become a thing of the
past, bandwidth is not affected, and
network complexity is reduced.
All of which means better application
performance and lower network
operating costs.
SafeNet’s High-Speed Encryptors deliver maximum performance,
the strongest available protection, the least administrative
overhead, and the lowest total cost of ownership.
Ethernet Encryption
Reduce the cost and complexity of protecting sensitive data in motion
Ethernet Encryptor 10G
The best-in-class Ethernet Encryptor 10G offers proven compliance through
Layer 2 encryption. It also provides central policy management through SafeNet
SMC and is easy to integrate into your current architecture.
FIPS 140-2, Level 3 validated
Ethernet Encryptor 1G
The Ethernet Encryptor 1G provides full-duplex, line-rate encryption of
Ethernet networks up to 1Gbps. It contains standards-based authentication,
digital certificates, and key management. Its bump-in-the-wire design allows
for easy installation into existing network environments. It also offers central
configuration, monitoring, and management through SMC.
FIPS 140-2, Level 3 validated
Ethernet Encryptor Branch Office
Cost-effective data security for branch office Ethernet links up to 10 Mbps.
Designed specifically for sites with low-bandwidth requirements, providing
connectivity between corporate and branch offices.
FIPS 140-2, Level 3 validated
SONET Encryption
High Performance Security Solution Providing Seamless Integration
SONET Encryptor
The SafeNet SONET Encryptor is a high performance, dedicated security
solution to protect 10 Gbps and below SONET/SDH networks. It integrates
easily and transparently into SONET/SDH networks and performs at wire-speed
throughput, encrypting user data with the AES-256 algorithm. Extremely low
latency makes it ideal for even the most demanding real-time, latency-sensitive
network applications.
FIPS 140-2 Level 3 validated
Security Management Center
Centralized, Robust, Flexible and Easy-to-Use Management Platform
Security Management Center (SMC)
Designed to integrate seamlessly into any network topology, SafeNet
WAN encryptors are the only devices to offer the SafeNet SMC, a SNMPbased network management platform that enables unparalleled ease of
administration, as well as audit tracking of encryptors across multiple circuits
and network protocols.
FIPS 140-2 Level 2 & Level 3 validated (management communications)
Encryptor Features
•Designed for FIPS
and Common Criteria
Certification
•Physically tamper-proof
•Minimal latency (typically
< 10 microseconds)
•Point-to-point and
full mesh connection
capability
•Each connection
uses unique AES256
symmetric key (refreshed
every hour)
•Connections can be set
to encrypt, bypass, or
discard
•Secure remote
management overhead data payload encrypted
•AC and DC power options
