Protection for Data-in-Transit

for Banking
Protecting Branch Banking Networks
To ensure the privacy of branch voice, video and data
communications, financial institutions must protect their branch
banking and interbank networks. Branches need to access
voice-over-IP (VoIP), desktop virtualization, Active Directory, and
software-as-a-service (SaaS) applications securely.
While companies are using IPsec and TLS Virtual Private
Networks (VPNs) to secure communications between branches,
corporate offices and hosted application services, encrypted
VPNs are only as secure as the devices and methods used to
encrypt and decrypt the network traffic. Malicious actors target
system vulnerabilities that allow them to:
- Steal plaintext keys that reside in memory
- Decrypt IPsec VPN tunnels
- Impersonate devices with stolen/predicted credentials
- Compromise mission-critical data and applications
Cybersecurity breaches continue to increase by attacking
vulnerabilities in defense-in-depth security solutions that expose
unencrypted data in system memory, the CPU, network and
storage. Attackers that gain access to a gateway or network
device, may be able to compromise backend systems and
customer data.
VPNs can be difficult to manage and are prone to performance
challenges due to:
- High IPsec VPN overhead that reduces throughput
- Shared CPU resource utilization for encryption that slows
firewall performance
- Application layer protocols that are impacted by IPsec and GRE
- Chatty security protocols increasing latency
- Complex configuration of IPsec and GRE tunnels
- Security and compliance policies
There is an urgent need for solutions that can withstand
persistent, sophisticated, and costly cyber threats without
compromising performance or flexibility. VPNs need to be
hardened to protect data at rest and in transit.
Cyphre BTX Security Platform
Cyphre BTX is a hardware-based network encryption solution
for site-to-site communications that is delivered as an appliance.
Deployed at each site, BTX appliances leverage Cyphre’s
patented BlackTIE® security engine that offloads encryption
operations to hardware in a way that protects plaintext
encryption keys from ever being exposed in the CPU or system
memory.

Branch Banking Networks Are Vulnerable to Attacks

Inbound and
Side Channel Attacks and Eavesdropping
Man-in-the-Middle Attacks

Corporate VPN Untrusted VPN Branch VPN Untrusted VPN Branch Edge & IIoT
Office Device Network Device Office Device Network Device Office

Cache Memory Attacks Fireware and Software Vulnerabilities

06/2020
Cyphre BTX appliances are available in multiple form factors to
protect remote, edge and cloud deployments. The BTX extends
defense-in-depth approaches and provides:
- Tamper-resistant hardware-based security that never exposes
private keys and encryption keys to the CPU or memory
- Resistance to side-channel, cache memory and MITM attacks
- Better application performance over high latency, low
bandwidth links
- Reduction of typical IP VPN packet overhead by more than
50%
- Offload of crypto operations to hardware to reduce CPU load
for encryption and decryption
- Simple VPN configuration and tunnel management
- Support for any IP-based network
Cyphre, a RigNet company (NASDAQ:RNET), is a cybersecurity
company deploying disruptive data protection innovations by
enhancing industry standard encryption protocols with our
patented BlackTIE® technology.
For more information
visit our website www.cyphre.com
or contact us at info@cyphre.com
© 2020 RigNet. RigNet is a registered trademark of RigNet, Inc.
Cyhpre’s turnkey solution is comprised of:
- Cyphre BTX Security Appliances available in multiple form
factors for data center or edge deployment
- Cyphre BlackTIE Technology hardware-based Security Engine
that is integrated with the BTX appliance
- CyphreLink Application secure site-to-site encryption solution
that leverages BlackTIE
By handling cryptographic operations in hardware and not
exposing keys in the CPU and memory, Cyphre is able to ensure
trustworthy communications to protect critical assets.
FIPS
VALIDATED
140-2
IT Schedule 70
Enabling Intelligence. Delivering Results.