A Few of the Reasons why Encryption is not Enough

  1. You can't encrypt systems (binaries, configuration files, routing tables etc)
  2. You can't audit encryption
  3. Encryption gives you a false sense of security
  4. To break encryption you simply need to compromise credentials.
  5. You can't encrypt data in use
  6. You can't prove encryption is working

Click here for the full article on encryption in data security.

So if encryption isn't enough, what else is there?

Data-Centric Security

There has never before been a native forensic capability that is based on the provability of systems and data integrity. This capability exists today. The move to data-centric security is a paradigm shift in thinking.

  • From 100% Protection is Impossible  to 100% Detection is Possible
  • From Encryption to Systems & Data Integrity
  • From Perimeter-Centric to Data-Centric
  • From Confidentiality to Integrity
  • From Trust-based, Human-based security to Math-based, Machine-based security
  • From Hope to Proof

Security Operations Centers (SOCs) are not a new concept. What is new is Guardtime's approach of instrumenting integrity - of systems and the operational rules that define their use, and then detecting a breach in real-time and being able to act up on it. At the heart of our SOC offering is Black Lantern, designed to monitor and enforce integrity across an enterprise.