CryptoStor® FC Disk

High-Performance Storage Security Appliance

NeoScale CryptoStor® FC Disk is storage security appliance delivering wire-speed security of SAN-attached disk arrays without requiring complex host agents or re-mapping of storage devices. CryptoStor Disk enforces policies for primary storage access control and data-at-rest encryption; this enables organizations to protect against inadvertent or malicious information access and to achieve regulatory compliance.

CryptoStor FC Disk, click for larger image

PDF Icon View/Download the CryptoStor FC Disk datasheet
PDF Icon View/Download a review of CryptoStor FC Disk by SC Magazine
PDF Icon View/Download a review of CryptoStor by Computer Technology Review
   
Enterprise Class Data Security

  • Storage firewall access control
  • Primary storage encryption
  • True wire-speed performance
  • Fully transparent protection
  • Centralized policy management
  • Clustering
  • Strong appliance security
Benefits

  • Increased storage consolidation and expansion options
  • Audit and regulatory compliance
  • SAN segregation and administrative access controls
  • Reliable security for sensitive, trusted, and regulated information
  • Cost-effective security deployment

Critical Storage Exposures

To achieve greater storage consolidation, accessibility, recovery and management benefits, enterprises are migrating from direct-attached storage (DAS) to storage networks (SAN, NAS), geographically dispersed storage, and managed services. Organizations must comply with financial, commerce and healthcare privacy legislation which requires new mechanisms for protecting stored data. While enterprise security has focused on front-end system exploits and network attacks, storage also requires a layered security model that addresses stored data protection to reduce the costs, risks and liabilities of unauthorized data access.

Security Built for Storage

Operating as a fully pass-through (not proxy), inline storage appliance, CryptoStor Disk inspects storage traffic and applies data access controls and strong encryption to the data payload at full fabric throughput with nominal latency. Now storage data privacy policies can be centrally managed employing user-defined rules. Since CryptoStor Disk operates invisibly, it complements replication, virtualization and storage management applications.

Global Key Management

NeoScale's Global Key Management delivers a tiered strategy for complete key security while ensuring recovery of encrypted information.

  • Appliance – FIPS operation mode ensures unencrypted keys never leave the appliance and supports M of N (shared secret) backup and recovery of system keys.
  • Data Center – CryptoStor Disk clustering automatically shares keys and policy data to ensure data is accessible via any clustered storage security appliance.
  • Enterprise-wide – Recovery through any authorized, networked CryptoStor appliance

Policy-based Storage Protection

Non-Intrusive – Deep frame inspection allows access and encryption policies to be dynamically and selectively applied at wire-speed. User-defined storage security rules may include WWN, SID, DID, LUN, Volume, SCSI command, and block range.

Reliable – True full duplex 2Gbps throughput with low latency, completely invisible operation, clustered failover, and complete data and encrypt key recovery options ensure uninterrupted, scalable storage data protection.

Secure – Strong 3DES/AES 256 stored data encryption with true random number key generation and extensive key management. The appliance invisibly blocks unauthorized storage access and scales to support hundreds of rules.

Fibre Channel Deployment Options

Key Applications

Consolidated Storage

  • Protects classes of data and segregates administrative data access

Secure Replication and Disaster Recovery

  • Encrypts data locally and mirrors to remote location

Managed Storage Resources

  • Extend protection beyond zoning, masking, virtualization
  • Alleviate shared 3rd-party management trust issues

Enterprise Data Security

  • Support for any stored data including databases and files

Valued/Trusted/Regulated Storage Data

  • Ensure data protection within all storage functions
  • Enforce regulatory compliance

Product Specifications

Security

  • Storage firewall access control
  • Industry-proven certified cryptographic processing engine
  • Dynamic 3DES/AES-128/AES-256 encryption
  • Smartcard authenticated access and auto key escrow
  • M of N key recovery

Storage

  • Invisible to storage applications
  • In-line, redundant deployment for high availability
  • Native Fibre channel performance with low latency delays
  • Optional host agent with protection for spoofing and application access control

Management

  • Intuitive Web GUI, CLI, and LCD display
  • Authenticated user SSL/SSH remote access
  • Built-in clustering with secure enrollment and configuration
  • Secure key, key catalog and configuration export
  • Appliance and software-only data recovery options
  • Filtered logging, secure audit log and full alerting
  • Role-based users: administrator, security officer, recovery officer

Physical

  • 2U, 27 lb, 19" rack mountable (17"x22.5"x3.5")
  • Redundant, hot-swappable power supplies/fans
  • 100/240 VAC, 50/60Hz, 200W

Certifications

  • FIPS 140-2 Level 3: Complete appliance
  • FIPS 197: Advanced Encryption Algorithm
  • FIPS 46-3:Triple DES Encryption Algorithm
  • FIPS 180-2: Secure Hash Standard
  • FIPS 186-2: Random Number Generator

 

PDF Icon View/Download the CryptoStor FC Disk datasheet

 

* The FIPS 140-2 level 3 certification pertains to FC2002 and Tape 70x.