Sensitive Ecosystems Legend Sensitive Ecosystems Inventory ...
October 2019 Competitive Analysis Protegrity · Today, Eclypses’ MicroToken Exchange technology...
Transcript of October 2019 Competitive Analysis Protegrity · Today, Eclypses’ MicroToken Exchange technology...
October 2019
Competitive Analysis
Protegrity
C Company
Protegrity is an enterprise data security company
which provides cloud data security software for
data-centric encryption and tokenization targeted to
protect sensitive data while maintaining usability.
Its corporate headquarters is in Stamford, CA. with
international offices in the U.K, Sweden and
Singapore.
Protegrity’s primary markets revolve around
businesses that require specific compliances such as
PCI, GDPR, and HIPPA/HITECH. These primary
markets include financial, healthcare, insurance,
retail and telecom industries.
Key Points
• Founded: 1996
• Headquarters: Stamford, CT.
• CEO: Suni Munshani
• Parent Organization : Xcelera Inc.
Summary Overview of Protegrity Products
Protegrity is most ly concerned with big data and prides itse lf by securing
large amounts of data while mainta ining flex ibi l ity and quick interactions
with the data.
• The company has pre -written apps that customers can download and
use without reprogramming their current appl ications , requir ing less
in -depth integration.
• The fact that their software can be downloaded is appeal ing to
customers because it is how most software in the world works
(download a complete appl ication that interfaces with predefined
software packages and serv ices ).
Protegrity states that they are a
“Data-First” Security Solution.
Their services claim to protect sensitive
enterprise data at rest, in motion and data
discovery, as well as de-identification and
governance.
Listing of Products
With respect to their products and serv ices , Protegrity offerings encompass a
number of solutions and serv ices for data storage, encryption, and key
management. The l isting is as fol lows:
Protegr ity Vault less Tokenization (PVT)
Protegrity tokenizes indiv idual pieces of data and incorporates bus iness rules
that a l low the secured data to be handled very quick ly and efficient ly.
• They can encrypt rows of a database, files , t rees , directories , and
appl ication data and these tokens can be used to secure data in “t rans it”
by primari ly focus ing on pars ing files .
• Their definition of data in t rans it a lso refers to the fact that a PVT token,
which is a substitute value for a piece of data, can be passed to another
person or part of the appl ication without reveal ing the real data.
• This token can then be t rans lated back into real data when it is needed to
be used in this new location, much l ike Eclypses ’ private dig ita l vault.
Protegrity states that their offering includes the
fol lowing:
Enterprise Pol icy and key management , Moni-
toring and Auditing. Additional ly , Application,
Database, F i le and Maintenance Protectors.
The company a lso offers four C loud Gateways
and a Data Security Gateway.
Listing of Products - Continued
This technology is used in a multitude of apps that the company offers and
they are l isted below.
Application Protector – Allows app developers to encrypt and decrypt sens itive
data without ever control l ing the encryption keys , crypto a lgorithms, or the
sens itive data itse lf. Offered in C , C++, Java, and .NET programming languages.
Avatar for Hortonworks – Is an application that integrates with Hortonworks
open-source data management software to prov ide highly t ransparent file -
level AES 256 encryption. I t a lso includes a centra l ized data security
administration software which encompasses comprehens ive monitoring ,
auditing, and pol icy and key management. They secure in two ways “Course-
grained” and a l l or nothing approach or “Fine-Grained” which is encrypting or
tokeniz ing at a field/column level.
Big Data Protector – Hadoop security that protects assets and meets
regulatory compliance without compromis ing performance. Bas ica l ly , i t does
the same thing as Avatar but for Hadoop systems.
Database Protector – Utilizes their PVT to protect data within the database.
I t is an appl ication the customer must download and work through to interact
with their DBs. It real istical ly does
much of the same thing as Avatar and
Big Data but for DBs.
Fi le Protector – is an appl ication that
enables encryption for files , t rees , or
directories.
Listing of Products - Continued
Mainframe Protector – An application that is very s imilar to Database
protector but for IBM DB2s . It automatical ly protects and unprotects data that
is inserted or removed into/from a row. I t is configured as a secured row and
the entire row is encrypted. And it combines the DB, Application, and F i le
protectors to secure an entire mainframe.
Gateways – This is Protegrity ’s “data- in trans it” solution. The data is secured
before it is t ransmitted across a network or up to the c loud. For files , Gateways
breaks the data into smaller pieces and encrypts the indiv idual pieces much l ike
Eclypses ’ “data in t rans it ” solution, with one major difference, the MTE
proprietary and patented methodology for key management.
(See Differentiators section below).
Protegrity states that their data protec-
tion platforms offer complete data
protection, from acquis ition to deletion
and every point in between.
Differentiators
Protegrity products compete with Eclypses ’ Certa inSafe and Private Dig ita l
Vault.
• Their Gateway products attempt to, but fa l l short , in competing with
Ec lypses ’ “data in t rans it ” solution regarding the pars ing of large pieces
of data, files , f .eg. , into indiv idual ly secured smaller ones.
• Eclypses MTE Commander is a point to point technology that takes over
a l l the “key management” between endpoints that wish to send and
receive information. While each indiv idual ized piece of data, in most
cases , is sti l l parsed into small chunks or s l ices , each piece requires its
own disparate decryption key in order to be ful ly decrypted and
reassembled. With the deployment of MTE, the “real keys” are NEVER
sent , therefore cannot be intercepted.
• The MTE process , in short , is that the sending endpoint sends over an
MTE MicroToken packet , which contains a secret one -time use command,
that instructs the receiv ing endpoint on how to bui ld a decryption key , on
the fly and just in time. Once the indiv idual key is bui lt , i t is consumed
and becomes instant ly obsolete, thereby worthless. Within mil l iseconds ,
the keys no longer ex is t , mitigating any chance unauthorized use or
reuse. Eclypses believes this is a dynamic and s ignificantly d ifferent
capability than anything Protegr ity can provide.
.
Eclypses serv ices prov ide a new, higher
level of data security while mainta ining
flexibi l ity , adaptabil ity , and access ibi l ity
through use of our own MicroToken
Exchange (MTE) proprietary patented
MicroEncryption ® and MicroTokenization ®
solutions .
Differentiators - Continued
• Portions of the Protegrity solutions util ize open source technology.
• Eclypses DOES NOT use open source in any of their source code l ibraries ,
mainta ining control thus minimiz ing vulnerabi l ity. Paraphras ing cyber
security programmer and author, Jarrod Overson , the open-source system
is eas i ly exploited and adds a certa in level of vulnerabi l ity. He states ,
“Some open source products can have its coding a ltered so that those who
wish to exp lo it others can do so. Th is may inc lude identity theft, v irus
t ransfers, and other activities that irr itate open source software users. ”2
• An additional differentiator between the two is that Protegrity is focused on
bui lding and se l l ing appl ications that l ink to other software bus inesses use.
Ec lypses focuses on making their security solution fit into any s ituation ,
running a longs ide ex isting applications . As a result of this focus on build ing
applications, Protegr ity ’s secur ity does not seem as robust as Eclypses’ ,
inc luding the fact that they pr imar i ly use AES 256 encryption .
.
“With the method of key generation, even if the attacker intercepts the initial key/pin, they would
need to brute force their way to the discovery of the algorithm, with that being said, it would take
nation state actors to even attempt to break the encryption process without having access to the
source code . . . . In other words, very improbable.”1 – H2L Solutions
(Military Penetration Testing Facility)
Strengths of Eclypses
As compared to Eclypses MTE, the fol lowing l ist i l lustrates where Protegrity fa l ls
short.
• Eclypses can fit into many more architectures because they do not have
their own apps that re ly on interfacing with other specific software.
• Eclypses can a lso secure command and controls and l ive streams of data
which Protegrity can not do.
• Eclypses software is a lso much more customizable and flex ible , a l lowing
customers to maintain their current UI and/or create a custom one that fits
their specific needs.
• Eclypses bel ieves strong ly that Eclypses ’ Certa inSafe GUI is much better
v isual ly and functionally than Protegrity ’s.
References .
H2L Solutions , Mil itary Penetration Testing Faci l ity , 2018
Overson, Jarrod, “Exploiting Developer Infrastructure is Ridiculous ly Easy ”.
Medium, Nov 26,2018
Eclypses provides services that solve successful data breaches and miti-
gate vulnerabilities for data at rest and in transit.
Governments, military, individuals and business enterprises continue to
face the daily challenge of securing their intellectual property, data, and
systems. MicroToken Exchange (MTE) solves the problem by providing
simpler, yet, more secure solution, that is rapidly deployable &
adaptable.
About Eclypses
Eclypses ’ industry leading dis ruptive cybersecurity
software replaces user data with MicroTokens us ing
Micro Encryption to prov ide the highest level of data
pr ivacy avai lable. With the company ’s patent proven
MicroToken Exchange (MTE) technology , rea l data is never
exposed when t ransmitted or whi le stored on servers and
remote dev ices .
Applications range from secure command and control needs , inc luding Internet
of Things (IoT) , to secure storage and retr ieval of sens itive data, such
as credit card information and healthcare records .
Today, Ec lypses ’ MicroToken Exchange technology is helping enterprises and
government agencies protect their most sens itive and private information from
cybercriminals and cyber terroris ts as wel l as fac i l itate their abi l i ty to become
GDPR compliant .
2005 Aero plaza Dr. Colorado Springs, CO. 80916
www.eclypses.com [email protected]