Barac Encrypted Traffic Visibility (ETV) Platform assists in the monitoring and meeting of compliance standards

Cryptography Is Becoming The Norm

Cryptography is the science of secret communication. Its fundamental objective is to enable communications over an insecure channel in such a way that a potential adversary cannot understand what is being conveyed.

The world is run on codes and ciphers. From emails to ATMs, entertainment and shopping online, cryptography inhabits our every waking moment and is a critical component of modern IT systems and networks.

The Encryption Compliance Challenge

All software products that use cryptographic keys have a basic key management functionality. In these “standalone environments”, keys are typically managed by proprietary systems, whose primary purpose is to generate one or more keys and certificates to be used for encryption or authentication, e.g. processing card payments. A proprietary interface works adequately for managing and maintaining a rather limited number of keys in a highly defined and isolated setting that is not expected to change over time.

The situation is different for large numbers of business applications utilizing a variety of keys and certificates. In this setting, there are considerable overheads in training staff to operate dozens of different proprietary key management interfaces, which may have subtle incompatibilities, so a general-purpose key management system will be more suitable.

The IoT Problem

Making matters worse, the Internet of Things (IoT) is providing new ways to gain access to systems and data. Every IoT device is an endpoint, and a potential back door for hackers. They can also be used as weapons; millions of devices — everything from routers, security cameras and DVRs to medical devices, cars and more — have can be infected with malware and repurposed as zombie armies by cyber attackers looking to direct their power towards targets of their choosing. Manufacturers are not doing enough to protect devices, and consumers are backing away from companies that have been breached.

It is becoming essential for Network Managers to be able to identify those IoT devices that are not compliant or using weak encryption.

Barac ETV: Encryption Compliance Visibility and Audit

Internal and external Audits are resource demanding activities. Companies typically undergo several audits yearly from different compliance authorities. With an homogeneous assembly of different systems the particularities of each will be investigated and the full logs and documentation set examined.

“ In very complex organizations with a large number of platforms, servers and solutions, compliance is a huge challenge and organizations need an easy way of verifying cryptography compliance on across their whole network in real time”

Barac has recently launched a new feature to assist with encryption auditing. As part of the Barac ETV platform, the Cryptographic Compliance feature set allows organisations to identify and monitor  encryption quality across the network. This provides CISO’s and Network Managers with 

  • A real time visibility across all the TLS and SSL traffic of an organization
  • Audit for all the TLS/SSL policy violation 
  • Passive detection of cypher suits vulnerabilities
  • Systems agnostic and continuous monitoring of all the traffic across all different systems

Compliance Standard

Barac “Encryption Compliance” feature helps you being compliant with:

  1. ​GDPR – To address the GDPR compliance requirements, organizations may need to employ one or more different encryption methods within both their on-premises and cloud infrastructure environments
  2. PCI DSS for financial institutions, payment companies and retailers on their APIs, Mobile applications and Web applications where they need to have a visibility in their encrypted traffic and encryption status
  3. FIPS 140-2 in the US where organizations need to give the American authorities updates and reports about their software and system securities.

By collecting all their traffic, we can offer them visibility from the different systems and software and send them vulnerability reports to help them be more compliant, save them time and money and give them a real time visibility.