Академический Документы
Профессиональный Документы
Культура Документы
Enterprise-scale encryption and digital signing of all sensitive data shared across SOA, Cloud, Web and mobile applications
Industries from defense to banking to finance, as well as government organizations follow cryptographic best practices to ensure security, privacy and data integrity when sharing sensitive information both within and beyond their enterprise boundaries. But these enterprises are challenged to manage increasingly large and complex security architectures. After all, identity and authorization are no longer about people the focus is now squarely on systems and services. Rather than extending traditional encryption, digital signing and authentication systems to manage the risks and meet compliance requirements for new initiatives that encompass SOA, cloud, and mobile access to sensitive information, whats required is a more flexible security framework that not only meets these emerging needs, but also incorporates secure key management and tamper-resistant cryptography. For this reason, Layer 7 has integrated the Thales nShield family of nCipher Hardware Security Modules (HSMs) with Layer 7s CloudSpan and SecureSpan families of SOA gateways. Layer 7s gateways act as policy-driven identity and security enforcement points that can be implemented both in the enterprise and in the cloud to addresses a broad range of behind the firewall, SOA, B2B, API management and Cloud security challenges. With support for all leading directory, identity, access control, Single Sign-On (SSO) and Federation services, Layer 7 provides unparalleled flexibility in defining and enforcing identity-driven security policies, leveraging SSO session cookies, Kerberos tickets, SAML assertions and Public Key Infrastructure (PKI). Support for all major WS* and WS-I security protocols provides enterprise architects with advanced policy controls for specifying message and element security rules, including the ability to branch policy based on any message context. Layer 7 also ensures enterprise application and infrastructure services are protected again malicious attack or accidental damage due to poorly structured data. Thales has a history of delivering industry-leading security solutions that allow organizations to protect data wherever its stored and whenever it moves or is accessed inside the extended enterprise. To protect information that ranges from 'sensitive but unclassified' to 'top secret' military data, Thales ensures confidentiality, proof of identity, data integrity and nonrepudiation by allowing organizations to protect and manage the cryptographic keys that lie at the heart of an organizations trusted encryption, digital signing and authentication processes. Both Layer 7s gateways and Thales nCipher HSMs are certified to FIPS 140-2 Level 3 and Common Criteria EAL4+ standards, delivering the highest levels of security and best-in-class performance. Together, the integrated Layer 7/Thales solution
provides encryption and digital signing for sensitive data shared across security boundaries (such as those spanning internal enterprise domains, as well as enterprise-to-partner, enterprise-to-cloud or Web-to-mobile applications), thereby streamlining compliance and regulatory tasks while delivering enterprise-grade security for organizations that require cryptographic best practices.
Key Features
Identity and Message Level Security
Cryptography Support for onboard Thales nShield Solo HSM and Thales nShield Connect network HSM Support for elliptic curve cryptography (conforms to NSAs Suite B algorithms) FIPS 140-2 support in both hardware (Level 3) and software (Level 1) Integration with all leading external identity, access, SSO and federation systems Onboard identity store for administering identities and staging new services Credential chaining, credential remapping and support for federated identity Integrated STS/SAML issuer supports SAML 1.1/2.0 and Security Context Tokens Integrated PKI CA for automated deployment and management of client-side certificates and RA ability for external CAs including Verisign Support for Web browser STS, facilitating single sign on for users logging into SaaS/cloud applications Configurable validation & filtering of HTTP headers, parameters and form data Detection of classified or dirty words or arbitrary signatures with subsequent scrubbing, rejection or redaction of messages Support for XML, SOAP, POX, AJAX, REST and other XML-based services Protect against identity spoofing and session hijacking cluster-wide Assure integrity of communication end-to-end Protect against XML parsing; XDoS and OS attacks; SQL and malicious scripting language injection attacks Protection against XML content tampering and viruses in SOAP attachments Enforce security policies such as those that digitally sign and/or encrypt parts of the message; issue security tokens to ensure proper authentication, etc Enforce compliance with policies such as those that verify message structure and content to meet corporate, industry or government standards, etc Enforce reliability with policies such as those that reroute traffic to facilitate failover; throttle traffic to ensure availability and maintain quality of service, etc Throttling/rate limiting controls provide the ability to support service over subscription with per-service throttling of excess messages Service availability features include support for strict failover, round robin, and best effort routing
Identity-based access to services and operations Manage security for crossdomain and B2B relationships Web SSO
Threat Protection
Filter XML content for Web 2.0 and SOA
SOA Governance
Runtime enforcement of governance policies Centralized SLA enforcement/Quality of Service
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan, CloudSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.
Full support for Class of Service based message processing and routing based on identity, message content, time of day, etc Transport mediation between HTTP, HTTPS, MQS, JMS, raw TCP
Secure, manage, monitor and control access to APIs exposed to third parties API usage can be throttled to ensure backend services are not overwhelmed; limited by user, time of day, location, etc; and quota managed (i.e., # of uses / user / day) Configurable, out-of-the-box reports provide insight into API performance: measure throughput, routing failures, utilization and availability rates, etc Failed authentications and/or policy violations can be tracked to identify patterns and potential threats Support for all major WS* and WS-I security protocols Support for all major authentication and authorization standards, including SAML, Kerberos, digital signatures, X.509 certificates, LDAP, XACML, etc
API Management
API Publication API Security
Thales nShield
Hardware Security Module Standards Support
Performance
Form Factors
Supported Standards
XML, JSON, SOAP, REST, PCI-DSS, AJAX, XPath, XSLT, WSDL, XML Schema, LDAP, SAML, XACML, OAuth, PKCS, Kerberos, POP3, X.509 Certificates, FIPS 140-2, XML Signature, XML Encryption, SSL/TLS, SNMP, SMTP, IMAP4, HTTP/HTTPS, JMS, MQ Series, Tibco EMS, FTP/FTPS, WS-Security, WS-Trust, WS-Federation, WS-SecureExchange, WS-Addressing, WS-SecureConversation, WS-MetadataExchange, WS-Policy, WS-SecurityPolicy, WS-PolicyAttachment, WSIL, WS-I, WS-I BSP, UDDI, WSRR, MTOM, IPv6, WCF
To learn more about Layer 7 call us today at +1 800.681.9377 (toll free within North America) or +1.604.681.9377. You can also email us at info@layer7.com; friend us on facebook.com/layer7; visit us at layer7.com, or follow-us on twitter @layer7.
Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan, CloudSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.