Get in contact with a Data Security Specialist
Cybersecurity challenge
The need for data in motion encryption
The exponential growth of big data, cloud services and use of remote data centres has resulted in an unprecedented movement of data throughout networks. Transmitted data is increasingly valuable and bandwidth demands are constantly increasing.
Organisations need effective, affordable data in motion encryption solutions that can mitigate the risks without slowing down the network or frustrating customers.
57 %
of security leaders say network security is the most effective way of protecting sensitive data from cyberattacks.
Level up your network security
You don't have to choose between security and speed. Thales' comprehensive network encryption solutions use encryption at Layers 2, 3 and/or 4 to secure data in transit without slowing down the network.
Ensuring maximum throughput with minimal latency, the Thales High Speed Encryptors allow you to protect data, video, voice and metadata from eavesdropping, surveillance and overt and covert interception.
What high speed encryptors can do for your business
Strongest Key Management
HSEs have an integrated CA, protected in a tamper responsive hardware boundary. All keys are generated and protected in FIPS 140-3 Level 3* chassis.
Access controls
Apply granular, least-privileged user access policies that protect data from external attacks and misuse by privileged users.
Automated updates
All HSE traffic keys are updated every hour (default) and are zeroised if under security critical alarm.
Bandwidth efficiency
HSEs use a certified security protocol to provide 2x bandwidth optimisation over legacy security protocols such as IPsec or MACsec.
Minimise latency
HSEs utilise a cut-through architecture that minimises latency and jitter and provides consistency among all data frame sizes.
Reduce complexity
Complex environments increase surface attack areas. HSEs are set and forget – NO active management or regular patching/updates required.
Strongest solution
HSEs provide fully authenticated end-to-end encryption and are 3rd-party certified to the highest commercial standards. (AES-GCM 256, EDSA/ECDH, SHA)
Crypto agile
As standards and threats evolved a crypto agile platform is required. HSEs use FPGA technology to update security without performance compromise.
Meet compliance mandates
Because HSEs are crypto agile, you'll always be compliant with current standards and regulations (e.g. GDPR, HIPAA, NIST, CJIS).
42.2% savings
per protected Gb
Miercom Independent Laboratory reports Thales High Speed Encryptors demonstrate superior performance and cost-efficiency compared to traditional IPsec encryption.
HIGH SPEED ENCRYPTION BENEFITS
Data in motion security at speeds up to 100 Gbps
Prepare for Quantum & other modern threats
Say goodbye to legacy encryption solutions that are:
- Outdated like IPSec and MACsec (15-25 years old)
- Not designed for modern networks such as SDN, 5G and cloud
- Fail to provide end-to-end security or compliance
- Cause network limitations
Customers using Thales High Speed Encryption solutions get out-of-the-box Post-Quantum Cryptography (PQC) and support for customisation and advanced security features.
Achieve compliance
Organisations must remain in compliance with applicable data protection regulations or face security risks and fines for non-compliance.
Thales High Speed Encryption solutions provide advanced audit reporting and support for a broad range of compliance needs – FIPS, NATO, CJIS, HIPAA, NERC and many more.
Plan for business continuity and disaster recovery
Sensitive and regulated data is constantly traversing the network from headquarters to branch offices. Organisations need real-time transmissions of sensitive data to disaster recovery sites, on premises and in the cloud.
Thales High Speed Encryption solutions ensure the information remains totally secure without slowing down the network and interfering with other business functions.
IMPROVE NETWORK DATA SECURITY
Find out how Thales HSEs can help your business
Connect with a Thales data security expert for help tailoring a data-in-motion encryption plan to your network needs.
NETWORK ENCRYPTION PRODUCTS
Select the high speed encryptor that's right for you
CN4000 series
Small form factor for remote locations.
- 100 Mbps - 1 Gbps Ethernet encryptor
- Certified, high-performance
CN6000 series
Optimises private networks and DC interconnects.
- 1 Gbps to 4x10 Gbps Ethernet encryptor
- Rack-mountable, fully redundant robust design
CN9000 series
Designed for next gen datacentres and core networks.
- Multipoint 100 Gbps encryption
- Fully interoperable with CN product range
CN9000 Series
Designed for next gen datacenters and core networks.
- Multipoint 100 Gbps Encryption
- Fully interoperable with CN product range
Virtual HSE
Ideal for Cloud, Software Defined Networks (SDN) and server-to-server communications.
- Hardened virtual encryption function
- CipherTrust integration
High Speed Network Encryption – eBook
Read this eBook to learn how Thales High Speed Encryptors can help a wide variety of industries, including:
- Finance
- Technology
- National Government
- Critical Infrastructure
- Healthcare
- Local Government
- Manufacturing
RESOURCES & FAQS
Learn how to secure your data in motion
Frequently Asked Questions
Thales High Speed Encryption (HSE) solutions are designed to minimise performance impact on the network. They operate at the physical limit of the network, reaching up to 100 Gbps without any noticeable bandwidth reduction. Unlike traditional solutions like IPsec, which rely on tunnelling and add bulk to data packets, HSE employs a thin layer of encryption that minimises drag. Independent tests have proven HSE's superior performance and low latency compared to legacy solutions like IPsec.
What are the advantages of Thales HSE verses other network encryption solutions?
Thales HSE offers several advantages over other network encryption solutions:
- Higher Speed: Thales HSE can encrypt data at speeds of up to 100 Gbps, with superior efficiency and bandwidth utilisation, as compared to legacy solutions like IPsec and MACsec.
- Greater Flexibility: Thales HSE is more flexible and can be used to encrypt a wider range of traffic types (Layers 2, 3 and 4).
- Stronger Security: Thales HSE provides stronger security by using certified, standards-based encryption, aligned with security best practices and also supports quantum-resistant algorithms.
- Lower Latency: Thales HSE has a lower latency than IPsec and MACsec.
How does Thales HSE compare to legacy encryption solutions like IPsec?
Legacy solutions like IPsec were built for specific tasks and often rely on tunnelling, which adds extra layers of encapsulation and slows down data transfer. Thales HSE, with its lean architecture and certified standards-based encryption, minimises overhead and ensures data travels at maximum speed, even while encrypted. IPsec only operates at Layer 3, whereas Thales HSE offers Transport Independent Mode (TIM) network layer independent (Layer 2, Layer 3, and Layer 4) and protocol agnostic data in motion encryption. TIM being a tunnel-free solution is able to traverse network layers 2, 3 and 4.
How does Thales HSE differ from MACsec?
MACsec is suitable for point-to-point connections and simpler network setups but lacks the flexibility and scalability of Thales HSE. Managing complex networks with MACsec can be cumbersome and potentially lead to security gaps. MACsec only operates at Layer 2, whereas Thales HSE offers Transport Independent Mode (TIM) network layer independent (Layer 2, Layer 3, and Layer 4) and protocol agnostic data in motion encryption. TIM being a tunnel-free solution is able to traverse network layers 2, 3, and 4. Also, while MACsec can offer high speeds, it may not be as efficient in terms of overhead, especially for smaller data packets.
How does Thales HSE work with TLS?
Thales HSE and TLS serve different purposes and can complement each other, working together to provide comprehensive data protection. TLS operates at the application layer, securing specific tasks like web browsing or email. Thales HSE, on the other hand, secures the entire network infrastructure, regardless of the applications running on top.
Thales offers centralised management for the entire suite of Thales network encryptors. The management platforms for its network encryptor can be configured as a Certificate Authority for encryptors running on the network, simplifying key management and ensuring secure communication.
Thales HSEs are engineered for high reliability. The systems are built with no single point of failure, meaning that if one component malfunctions, others seamlessly take over. This ensures continuous operation and uninterrupted security, even in case of hardware issues. The devices are proven to have a high MBTF (mean time between failures) and with fewer or even no problems over your equipment's extensive lifetime, you benefit from lower costs related to repairs or downtime. In fact, our devices are considered "set and forget" by our customers.
Data-in-motion encryption is a highly secure method of protecting data as it travels across a network. It uses strong encryption algorithms to transform data into an unreadable format, making it impossible for unauthorised parties to access the information.
Thales HSE solutions are crypto-agile, supporting a wide range of encryption algorithms, including customisable encryption for various elliptic and custom curves, and post-quantum encryption to enable quantum-safe solutions today, and into the future. For specific algorithm support, please refer to the latest product briefs on our website.
Data-in-motion encryption with Thales HSE solutions can effectively prevent various types of attacks, including:
- Man-in-the-middle attacks: Where attackers intercept and potentially alter communications between two parties.
- Eavesdropping: Unauthorised listening to or interception of network traffic.
- Data breaches: Attempts to steal sensitive information transmitted over the network, including Harvest Now, Decrypt Later (HNDL) attacks. By encrypting the data, these attacks are rendered ineffective, as the attacker cannot access or understand the information without the proper decryption keys.