REDWOOD CITY, Calif. -- Decru, Inc., the leader in storage security, announced availability of Decru Client Security Module, an endpoint security solution that enables end-to-end security for applications and storage. DCS software, which can be deployed selectively on servers and desktops, works in conjunction with Decru DataFort(TM) storage security appliances to enforce policies and protect endpoint machines from threats including insider breaches, viruses, worms, misconfiguration, and hacker tools.
The optional Decru Client Security software incorporates application whitelists, cryptographic authentication, granular access controls, and hardware-based integrity checks to ensure that only authorized users and applications can access sensitive data. Security administrators can define access policies based on user, application, machine, and time of day, and customize this for each Cryptainer(R) storage vault.
By default, unauthorized applications including malware and root kits are prevented from running, and DCS blocks administrators and unauthorized applications from improperly accessing applications or storage. DCS endpoint policy enforcement complements Decru DataFort's transparent, wire-speed encryption capabilities across all enterprise storage environments, including SAN, NAS, DAS, and tape.
"Enterprises increasingly realize that applications need end-to-end security behind the firewall. Decru DataFort appliances provide a powerful model for protecting data at rest and in flight; DCS extends this security to the application and user level on endpoint machines," said Jon Oltsik, senior analyst, information security, for Enterprise Strategy Group. "Decru is the only vendor to combine selective client security with transparent wire-speed encryption, providing customers with maximum security and flexibility."
In networked computer systems, security is only as strong as the weakest link. Decru Client Security Module integrates seamlessly with Decru DataFort storage security appliances to protect the entire data path, including:
-- Application and Database Servers: Granular access controls and cryptographic enforcement ensure that only authorized users and applications can access sensitive data in both SAN and NAS environments. Application whitelists with cryptographic fingerprinting prevent unauthorized applications from running or accessing data on host servers. This approach provides powerful protection against viruses and worms, including zero-day attacks which signature-based anti-virus systems fail to address.
-- Networks: Data in flight can be encrypted with either IPsec or SSL, ensuring that data cannot be observed on the network. In SAN environments, DataFort can be deployed in-line directly behind sensitive servers to encrypt data with AES-256 before it enters the Fibre Channel fabric.
-- Storage: Data at rest is secured and compartmentalized with wire- speed AES-256 encryption. DataFort is deployed transparently in-line, and is agnostic with respect to operating systems and applications. Cryptainer(R) vaults enable secure consolidation of multiple groups onto shared storage, while preventing access by unauthorized users or administrators.
-- Backup and Disaster Recovery: All replicated copies of data are protected with AES-256 encryption, and the Decru solution can be deployed in a wide variety of backup and disaster recovery topologies.