Bloombase Spitfire StoreSafe Storage Security Server

Bloombase Technologies

Bloombase Spitfire

StoreSafe Storage

Security Server

Bloombase Spitfire

KeyCastle Key

Management

Server

Bloombase

Spitfire SOA

Security Server

Bloombase

Keyparc

Bloombase Spitfire

Message Security

Server

Bloombase Spitfire

Identity Security

Server

Bloombase Spitfire

Edge Security Suite

Overview

Enterprise Data At-Rest In Risk

Sensitive data are stored

in clear-text in storage

systems with minimal

access control vulnerable

to core attacks

Hosts and applications

require data access in

plain

How StoreSafe Protects Your Data

On-the-fly non-

disruptive

application

transparent

encryption and

unencryption

Proxy

Bump-in-the-

wire

Why Traditional Methods Are Inadequate

File encryption utilities mcrypt, ccrypt, zip

Only for static files, not for dynamic files, e.g. database

Database encryption tools Oracle crypto package

Tremendous 2nd development efforts at database tier

Huge performance impact, not for business intelligence

Crypto tools openssl, JCE, Microsoft capicom, HSM

Very steep learning curve

Tremendous 2nd development efforts at application tier

Not for business intelligence applications

Security = High cost + SkillN +Slow + Instability + Insecure

StoreSafe Benefits

Secures operational data in databases

Protect backup/offsite/remote data from electronic and

hardware theft

Meet IT governance compliance requirements

Assure digital corporate assets integrity

Protects websites from deface and assure data integrity

Enforce effective change management

High ROI lawsuits and worst, bankruptcy

Low TCO - One solution for all applications

StoreSafe Benefits

Management

Immediate regulatory compliance

Hardware and software independent

Application transparent

On-the-fly encryption/decryption

No programming required

No application changes

No user behavior changes

OS independent

Hardware independent

Functions and Features

Transparent Encryption and Unencryption

Fully automated data

encryption and

unencryption for

authorized clients

On-premises: SAN,

NAS, DAS, CAS, Object

Store, etc

Cloud: RESTful

Features

StoreSafe virtualizes physical storage systems

Virtual storage sub-system created providing

trusted/decrypted/verified replica of physical storage

Supports SAN, DAS, NAS, CAS and cloud storage

Data protection

Access control

Privacy

Integrity

Features

Level of protection

Disk / Block

File

Object

Hardware and software independent

Application transparent

On-the-fly encryption/decryption/watermark verification

Features

No programming required

No application changes

No user behavior changes

File-system independent

Works with all file-system types supported by the OS

Entensive OS support

Application independent

Works with virtually all applications

Features

Plug-in architecture for future cipher upgrades

Web-based management console

NIST FIPS 140-2 validated cryptographic module

PKCS#11 hardware security module support

Chinese National OSCCA crypto module support

Industry Proven Security

Industry standard cipher algorithm support

Regional and special cipher support

IEEE 1619 compliant

OASIS KMIP support

NIST FIPS 140-2 validated

Security Accreditations

Security

NIST FIPS 140-2 validated

(NIST Certificate #1241)

Algorithms

NIST FIPS-197 AES encryption and decryption (NIST Certificate

#1041)

RSA and DSA public key cryptography (NIST Certificate #496)

SHA hash generation (NIST Certificate #991)

Hash Message Authentication Code HMAC (NIST Certificate #583)

Random Number Generator (NIST Certificate #591)

Security Accreditations

Algorithms

NIST FIPS-46-3 3DES encryption and decryption

NTT/Mitsubishi Electric Camellia encryption/decryption

DES, RC4, RC2, CAST5 encryption and decryption

512, 1024 and 2048 bit public key cryptography

MD5 hash generation

Standards

IEEE 1619 storage in security

Unified Storage Support

Block storage

based, file based,

object based

FCP, FCoE, iSCSI

NFS, CIFS

HTTP, WEBDAV

RESTful cloud

Unified Storage Support

Fiber Channel Protocol (FCP)

Small Computer System Interface (SCSI)

Internet SCSI (iSCSI)

Network File System (NFS)

Common Internet File System (CIFS)

File Transfer Protocol (FTP)

Hyper Text Transfer Protocol (HTTP)

Representational State Transfer (REST)

Storage System Support

Storage Area Network (SAN)

Network Attached Storage (NAS)

Direct Attached Storage (DAS)

Just a Bunch Of Disk (JBOD)

SCSI-based local disk arrays

Content Addressable Storage (CAS)

Cloud storage

Object storage, etc

Proprietary Object and Cloud Storage Support

EMC Atmos

EMC Centera

Microsoft Windows Azure

Amazon Elastic Block Store (EBS)

IBM Cloud

Caring CAStor / Dell DX Object Storage, etc

File System Support

File system independent

Raw / Uncooked

Solaris UFS

Symantec Veritas VxFS

IBM JFS

HPFS

Red Hat GFS

XFS

Linux Ext3

Windows NTFS, FAT32 and FAT

CDFS, etc

Database Support

Supports all database systems

Oracle

IBM DB2

IBM Informix

Sybase

Microsoft SQLServer

MySQL

Hadoop, etc

Application Support

Native Java client library

Native C client library

Java RMI connectivity

Web Services connectivity

Socket connectivity, etc

Appliance Platform Support

Hardware architecture

Intel x86-based

Intel Itanium-2

AMD64 based

IBM PowerPC based

Appliance operating platform

Bloombase SpitfireOS

Operating Platform Support

IBM AIX

IBM z/OS

IBM i5/OS

HP-UX

Oracle Sun Solaris

Linux

Windows

Mac OS X, etc

Virtual Platform Support

VMware ESX, ESXi, Server

Red Hat KVM

Citrix XenServer

Oracle VirtualBox

Microsoft Hyper-V

IBM PowerVM, etc

Compute Cloud Platform Support

EMC Atmos

Windows Azure

Amazon Elastic Compute Cloud (EC2), etc

Key Management

Stored separately from

encrypted information

Key vault protected by

AES-256 strong

encryption

Supports 3rd party

PKCS#11 HSMs and

KMIP-compliant key

managers

Host Security and Access Control

User-based

authentication: LDAP,

MSAD, Kerberos,

CHAP

Host-based

authentication:

network address,

LUN mask

High Availability

Spitfire High Availability Module to provide

Automated failover of nodes or load-balancing

Cluster monitoring

Cluster management

Configuration synchronization

Spitfire Quorum Server to strengthen robustness of Spitfire cluster and avoid potential split-brain scenario

Management

Web-based and CLI

management consoles

Privilege-based

administrator access

control

Separation of duties

(SoD)

Recovery quorum

Operator smart tokens

Network Management

SNMP (v1, v2, v3)

Email

Syslog

Windows Event Monitor

Audit trail

Log viewer and export

Dashboard

Audit Trail and Logging

Customizable system log

Full storage access audit trail

Web-based management console accessible

Log export and digital signing

2005-02-20 20:23:47,798 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,801 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,804 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,807 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,810 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,812 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23:47,815 DEBUG audit.storesafe - read file : /mnt/storesafe/vs0\Movie_0001.wmv, from : /192.168.1.30, by : demo1

2005-02-20 20:23: