Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Getting Started
Administration
Reference
Release Notes

All

All

CipherTrust Intelligent Protection

Overview

Please Note:

Administration
CipherTrust Manager Administration
- Password Policy
- Users
- Certificate Based Authentication
- Changing Passwords
- Domain Management
- Groups
- LDAP Group Mapping
- Services
- Hardware Security Module
- Clusters and Nodes
- CipherTrust Manager System Monitoring
  - Records
  - Alarms
  - Syslogs
  - Debug Logs
  - Log Forwarding
  - Prometheus Metrics Endpoint
- Tokens
- Policies
- Banners
- Interfaces
- Proxy Configuration
- Quorums
- SNMP
- SMTP
- Backups
- Scheduling Backups
- Disk Encryption After Initial Deployment
- Scheduler
- Connection Manager
  - Connections
  - Amazon Web Services (AWS)
  - Microsoft Azure
  - Salesforce
  - SAP Data Custodian
  - Oracle Cloud Infrastructure (OCI)
  - Google Cloud Platform (GCP)
  - Hadoop Knox
  - Luna Network HSM
  - Server Message Block (SMB)
  - DSM Connection
  - Secure Copy Protocol (SCP)
- System Upgrade/Downgrade
- Client Management
- Configuring DNS Hosts
- CLI Toolkit
  - CLI Toolkit Installation
  - Batching Commands with Tokens
  - Example CLI User Set Up
  - Support CLI
- Keys
- Key Rotation
- Crypto Operations
- MKEK Rotation
- Certificate Authority
- Data Protection
  - Protection Profiles
  - BDT Policies
  - BDT Containers
- REST API
- Integrating Logging with Splunk App
- Return Material Authorization (RMA) Guidance
Application Data Protection Administration
- Overview
- Interfaces
- Managing Applications
  - Defining Applications
  - Modifying Applications
  - Deleting Applications
  - Viewing Application Details
  - Viewing Registration Token
  - DPG Policies
- Managing Character Sets
  - Creating Character Sets
  - Modifying Character Sets
  - Deleting Character Sets
- Managing Protection Policy
  - Viewing protection policy
  - Creating protection policy
  - Modifying protection policy
  - Deleting protection policy
- Single Pane of Glass
- Heartbeat Configuration
- Frequently Asked Questions
CCKM Administration
- Overview
- Interfaces
- AWS Resources
  - Managing AWS Accounts
  - Managing AWS Keys
  - Scheduling Operations
  - Managing AWS Reports
- Azure Resources
  - Prerequisites
    - Prerequisites for Azure Cloud
    - Prerequisites for Azure Stack Cloud with Azure AD
    - Prerequisites for Azure Stack Cloud with Azure ADFS
  - Managing Azure Vaults
  - Managing Azure Keys
  - Scheduling Operations
  - Managing Azure Reports
  - Viewing Azure Subscriptions
  - Performance Summary
- Luna HSM Resources
  - Managing Luna HSM Partitions
  - Managing Luna HSM Keys
  - Scheduling Operations
- DSM Resources
  - Managing DSM Domains
  - Managing DSM Keys
  - Scheduling Operations
- Google Cloud Resources
  - Google Cloud Projects
  - Google Cloud Key Rings
  - Google Cloud Keys
  - Google Cloud Reports
  - Scheduling Operations
- Google Cloud External Key Manager Resources
  - Managing Google EKM Endpoints
  - Managing Google EKM Endpoint Policies
  - Google EKM Performance Summary
- Google Workspace CSE Resources
  - Access Policies
  - High Level Architecture
  - Licensing
  - Prerequisites
  - Clustering for Google Workspace
  - Encrypting Data Encryption Keys
  - Decrypting Data Encryption Keys
  - Endpoints
  - Identity Providers
  - Records
  - Related APIs
    - Creating an Issuer
    - Viewing Issuers
    - Viewing Details of an Issuer
    - Deleting an Issuer
    - Creating KACLS Endpoints
    - Viewing KACLS Endpoints
    - Viewing Details of a KACLS Endpoint
    - Updating a KACLS Endpoint
    - Disabling a KACLS Endpoint
    - Enabling a KACLS Endpoint
    - Archiving a KACLS Endpoint
    - Recovering a KACLS Endpoint
    - Deleting a KACLS Endpoint
    - Encrypting Data Encryption Keys (wrap)
    - Rotating Endpoint Keys (rotate-key)
    - Decrypting Data Encryption Keys (unwrap)
    - Decrypting and Downloading Document (privileged_unwrap)
    - Viewing KACLS Endpoint Perimeters
    - Updating a KACLS Endpoint Perimeter
    - Viewing the KACLS Endpoint Status
  - Performance Summary
    - Google Calendar
    - Google Drive
    - Google Meet
- Salesforce Resources
  - Managing Salesforce Organizations
  - Managing Salesforce Tenant Secrets
  - Scheduling Operations
  - Managing Salesforce Reports
  - Managing Salesforce Cache-Only Key Endpoints
- SAP Resources
  - Managing SAP Groups
  - Managing SAP Keys
  - Scheduling Operations
  - Managing SAP Reports
  - Viewing Linked SAP Applications
- Oracle Cloud Resources
- Migrate from CCKM Appliance
CDP Administration
- Interfaces
- Concepts
- Configuring Oracle Databases
- Configuring DB2 Databases
- Configuring SQL Server Databases
- Configuring Teradata Databases
- Troubleshooting
CipherTrust Intelligent Protection
- Overview
- Configuration
- Concepts
- Scans
- Reports
- CTE Policies
- File Operations with CIP
- Backup and Restore
- Troubleshooting
CTE UserSpace Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Clusters
- Making loginuid Immutable
- Operations
CTE Administration
- Overview
- Interfaces
- Concepts
- Data Transformation
- Managing Profiles
- Managing Clients
  - Enabling Live Data Transformation
  - Setting Client Locks
  - Client Settings
  - CTE Linux Authentication and Client Settings
  - Changing Client Password
  - Managing Membership
  - Deleting Clients
  - Kernel Compatibility Matrix
- Managing LDT Communication Groups
- Managing Client Groups
- Managing Signature Sets
- Managing Policies
  - Creating Policy Elements
  - Viewing Policy Elements
  - Creating Policies
  - Modifying Policies and Rules
- Managing GuardPoints
  - Secure Start GuardPoints
  - Considerations Before Creating GuardPoints
  - Creating GuardPoints
    - Creating Standard GuardPoints
    - Creating LDT GuardPoints
    - Creating Cloud Object Storage GuardPoints
    - Creating IDT GuardPoints
    - Creating GuardPoints for Efficient Storage Devices
  - Enabling Secure Start for GuardPoints
  - Protecting Teradata Appliances
  - Automatic and Manual GuardPoints
  - Viewing GuardPoints
  - Viewing GuardPoint Status
  - Changing SMB Connection
  - Removing GuardPoints
  - Disabling GuardPoints
  - Enabling GuardPoints
- Managing Kubernetes Storage Groups and Clients
  - Managing Kubernetes Storage Groups
  - Managing Kubernetes Clients
  - Protecting Kubernetes Clients
- Operations
- Common Scenarios
- Reports
  - Clients Health Report
  - Clients Keys Report
  - Clients Profiles Report
  - Clients Policies Report
  - Policies Keys Report
  - GuardPoints Report
  - Clients GuardPoint Status Report
- Backup and Restore
- Troubleshooting
- Integrating CTE Logging with Splunk
- Migrating CTE Configuration from Data Security Manager
- Migration Summary
- Communication with CipherTrust Manager
- Permissions
- API Examples
  - Creating Keys
  - Creating Policy Elements
  - Creating Policies
  - LDT Use Cases
  - Creating GuardPoints
- API Response Codes
DDC Administration
- Solution Architecture
- Interfaces
- Concepts
- User Groups
- Managing Branch Locations
- Managing Information Types
- Managing Classification Profiles
- Managing Data Stores
- Local Data Stores
- Network Data Stores
- Database Data Stores
- Big Data Data Stores
- Cloud Data Stores
- Server Data Stores
- Managing Scans
- Managing Reports
- Managing Agents
- Logging
- Operations
- Troubleshooting
- Appendix
- Deployment Security
ProtectFile Administration
- Interfaces
- Client Profiles
- Clients
- Access
- Keys
- Rules
- Client-Rule Associations
- Network Shares
- Clusters
- Operations
- Migration from KeySecure Classic to CipherTrust Manager
- Migrating ProtectFile to CipherTrust Transparent Encryption
ProtectV Administration
- Interfaces
- Concepts
- Operations
- Managing Images
- Managing Instances
- Viewing Encryption Keys
- Configuring a Keystore
- Configuring Key Management Settings
- Configuring Global Autoscaling
- Using Proxy with ProtectV Clients

CipherTrust Manager
Administration
CipherTrust Intelligent Protection
Overview

Overview

Companies face many challenges today when managing all of the customer and sensitive data that they possess. Data volumes are exploding across endpoints, clouds, applications, storage, Big Data, IoT, digital services, etc.

Many companies lack the capabilities to scan, audit and protect the entire enterprise. Understanding the content of the organization’s data is critical for maintaining the strong security of the organization’s assets, complying with government regulations, and ensuring customers’ sensitive data is protected no matter where it is stored.

CipherTrust Intelligent Protection enables organizations to assess all of their data, discover and protect sensitive data, and classify data according to various data privacy laws, by using the CipherTrust Intelligent Protection solution with CipherTrust Data Discovery and Classification for finding and classifying sensitive data, and CipherTrust Transparent Encryption for encrypting that data.

This protects customer data, achieves compliance, and best practice requirements. It helps a company avoid devastating financial, legal and reputational consequences that can occur if an organization’s network is breached and sensitive data is stolen.

CipherTrust Data Security Platform enables CipherTrust Intelligent Protection by integrating the intelligent data classification and risk visualization capabilities of CipherTrust Data Discovery and Classification, and integrating it with the policy-based data at rest encryption capabilities of CipherTrust Transparent Encryption to provide adaptive protection to the company’s data.

Data Security Challenges

The CipherTrust Intelligent Protection solution solves a company's biggest problems including the following.

Lack of Visibility

Lack of visibility on where sensitive data resides, especially in the Cloud, and when a business has large volumes of data. This creates business risks because sensitive data is not adequately protected throughout the enterprise. Customers need to know that their sensitive data is protected.

Solution

Guarding top-level directories enables CipherTrust Intelligent Protection to automatically remediate all of the assets based on classification risk defined during data discovery.

Large Volumes of Data

Data continues to accumulate exponentially.

Solution

Organizations require an automatic process for understanding the location and the type of data they hold. CipherTrust Intelligent Protection offers Adaptive Protection. It applies the most appropriate remediation method automatically, based on the classification risk, thereby improving operational efficiency CipherTrust Intelligent Protection reduces complexity. It leverages an integration platform with common policies from a single vendor.

Compliance

Requirements are not being met because of the volume and lack of visibility.

Solution

CipherTrust Intelligent Protection streamlines compliance. It discovers and then remediates data in a single step, with no manual intervention.

Associated Roles

The primary users for CipherTrust Intelligent Protection fulfill the following types of roles in their companies:

Chief Information Security Officer (CISO)
Ensures security across the process, including the security of each data location and assisting in the interpretation and application of this process.
Chief Compliance Officer (CCO)
Aligns the process with laws and regulatory requirements. Monitors the entire process once implemented.
Data Protection Officer (DPO)
Aligns the organizational data protection goals. Monitors the compliance with privacy laws concerning the protection of personal or customer data, ensuring they are consistent with the data classification process defined.
Chief Information Officer (CIO)
Delivers information technology services that meet the requirements stated in this guide, are involved in the risk analysis and provide information for security planning and implementation.
IT
Configures the defined policies in the CipherTrust Data Security Platform.

Remediation Workflow

The following describes and illustrates the workflow for CipherTrust Intelligent Protection.

CIP Workflow

Illustration Steps

CTE admin: Creates a Policy, with a Classification-based Resource Set, on CTE Connector and applies the GuardPoint on the CTE agent.
CTE: CTE Agent scans the GuardPoint and uploads the list of files to the Thales Data Platform.
DDC admin: Adds a DDC data store with CipherTrust Manager on the server where the CTE agent resides.
DDC admin: Creates and Initiates a scan on the data store, at the specified GuardPoint, setting the scan path to the GuardPoint path, and enables remediation.
DDC: After the scan finishes running, DDC stores the scan results in the Thales Data Platform, including the classification for each of the files in the GuardPoint.
DDC: DDC Connector notifies CTE Connector that new scan results are ready.
CTE: CTE Connector notifies CTE Agent there are new classifications ready.
CTE: CTE Agent downloads the classification information from Thales Data Platform.
CTE: CTE Agent applies the security rules, to enforce access control, based on policy and classifications.
CTE: Encrypts each file according to the policy key rule. Each time a file is encrypted, the file’s status information is sent to the Thales Data Platform and updated.

On this page

CipherTrust Manager

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com