ADVA added cloud-native, virtualized encryption for multi- and hybrid-cloud environments to its core security suite that can now protect data across Layers 1, 2, 3, and 4. The platform offers more flexibility and a lower cost compared with IPSec-focused appliance-based systems, according to the company.
The cloud update is being made to ADVA’s ConnectGuard platform. The cloud security component uses Senetas’ transport-independent encryption engine. This supports dynamic software encryption at multiple layers and allows users to manage security needs at remote sites.
The encryption technology is software based, and the system’s key generation can use a hardware device that is shared among multiple endpoints to support broader random number generation.
ADVA Ensemble CTO Prayson Pate explained that the software is hosted on standard servers or cloud infrastructure. He noted that the company plans to support multiple public cloud platforms with announcements coming “at a later time.”
It also takes advantage of the zero-touch provisioning capabilities of ADVA’s Ensemble Connector platform. ADVA’s Ensemble Connector platform is its network functions virtualization infrastructure (NFVI) software platform. ADVA gained the Ensemble platform from its acquisition of Overture Networks in early 2016.
Pate explained that the ADVA platform also differed from encryption used on optical transport platforms – like the Wavelength system from CenturyLink – in that it goes from an enterprise into a public data center and can travel over public IP access.
“Our software-based solution can go from end-to-end, all the way from the customer site into the data center,” Pate said. “It provides a great complement to physical layer encryption.”
IPSec, or Internet Protocol Security, is a network protocol model that authenticates and encrypts data packets sent over a network.
Pate said the enhanced security platform’s advantages over IPSec are that it can be hosted on universal customer premise equipment (uCPE) or in the cloud; operates with a lower overhead for better performance; has better computational efficiency so it can run on lower cost platforms; allows for sharing of secured networks by multiple applications; and offers automated key management for operational simplicity.
Fighting Spectre, Meltdown
ADVA’s broader ConnectGuard platform includes encryption across line speeds of up to 200 GB/s and provides for network isolation. That network isolation can help reduce the attack surface from lower layer processor vulnerabilities like the recently discovered Spectre and Meltdown impacting certain processors.
“These layers reduce the attack surface at the network edge and provide additional barriers to entry,” explained Ulrich Kohn, director of technical marketing at ADVA, in a recent blog post.