Safe-T Data’s Integrated Data Security Platform (IDSP) provides the foundation for Safe-T’s Safe-T High-risk Data Security (HDS) solution, providing it all the technology components required to create a true Cyber Dome. Enterprises that deploy IDSP can scale up according to business needs by adding key products and services that integrate seamlessly with the platform.
The Safe-T IDSP enables customers to benefit from an advanced security architecture, policies and workflows, strong data encryption, high availability, roles management, reporting, and detailed audit trails.
Community SDK Platform
The Safe-T security platform is designed to allow system users to integrate with almost any third-party security product such as anti-malware scanners, sandbox solutions, and data leak prevention solutions. Safe-T IDSP offers low cost of ownership and is a cost-effective layer of security dedicated to safeguarding valuable enterprise networks against the threat of disastrous cyber-attacks.
Safe-T’s IDSP is comprised of four modules:
Safe-T IDSP supports native and SDK based support for all common enterprise file transfer and business applications’ protocols – HTTP/S, SSH, FTP/S, SFTP, ICAP, SMB, REST, etc.
It’s unique architecture and design supports real-time application/protocol conversion within a single flow. For example – HTTP to SFTP or SQL to DropBox.
The Unified Protocol module exposes a standard API to the programmer and makes the data transfer process completely transparent, regardless of the protocol or application used, either as source or as destination. Furthermore, the API allows system users can easily integrate new RFC protocols or modifying existing ones.
Safe-T IDSP supports a robust built-in multi-factor and multi-tier authentication and authorization (MFA) authentication gateway. The gateway allows performing user authentication and authorization enforcement actions through multiple authentication engines, as part of any data exchange or access workflow.
The authentication engine supports the following built-in authentication mechanisms:
- Anonymous login
- Basic authentication
- Microsoft Active Directory
- Open ID / SAML
- Microsoft Radius server
- Kerebos authentication server
- Challenge-Response authentication based on information from external sources.
- One Time Password (OTP)
- Any users DB – SQL, MYSQL, Oracle, CSV/XLS files, etc.
It is also possible to connect to external authentication and authorization system.
SecureStreamTM policy and workflow engine
Safe-T SecureStream policy and workflow enforcement engine enables enterprises to easily enforce security policies on any data exchange and data access workflow.
Each workflow is fully controlled and monitored, providing complete auditing and tracking who, what, where, when, how information.
Administrators can create policies and workflows for secure data access and exchange that can be integrated intuitively into existing business workflows.
SecureStream enables system users to build multiple application tasks defined as a series of automated actions that can be triggered to occur based on specific events or behavior. System users can integrate virtually any task and application with any other task with minimal integration effort, regardless of the protocols and languages each one uses.
For example, SecureStream allows brokering traffic to 3rd party security (DLP, AV, Anti-malware) and IAM products
Combining Safe-T Connectors and Authentication Engine with Safe-T’s SecureStream, allows creating robust workflows, for example:
- Automatically enforce security policies on outgoing/incoming data exchange flows
- Easily create multi-factor authentication and authorization workflows
- Receive an uploaded file from a user and store it in a SFTP folder
- Store a file received from a document management system in an NTFS location
- Pass an email attachment to a DLP to be scanned and then to an encryption solution to be encrypted
Safe-T supports out of the box Safe-T Connectors designed specifically for the enterprise, the connectors are divided into three types:
By utilizing Safe-T’s connectors, Safe-T HDS solution offers the industry’s most integrated data security platform, allowing it to integrate with the entire enterprise eco system – business applications, data storages, web sites, security solutions, etc.
The Connectors module exposes a multi-language standard API (REST/SOAP/WS/etc), allowing system users to easily develop new connectors, modify existing ones, and integrate with new enterprise solutions.
SmarTransfer™ SIFS (Secure Internet File System) – Secure NTFS File Share and Access with Internal and External Entities
SmarTransfer SIFS is a Secure Internet File System, whereby internal and external users can gain transparent access to secure storage. What appears as a standard mapped network drive is actually a secure, encrypted and access-controlled channel to interact with files – upload, download, copy, open, delete, etc. while not relying on vulnerable protocols such as SMB.
All transactions are subject to the policy enforcement and workflow engine of Safe-T’s SDE (Secure Data Exchange) product, thereby ensuring secure and controlled access to any file type and content meeting governance and audit requirements.
Benefits of SmarTransfer SIFS
- An extension of the HTTP Protocol
- Supports file I/O operations on remote file servers with full file function capabilities such as:
upload, download, copy, create, open, move, delete and NTFS complimentary permissions associated to users and groups
- Clientless capabilities minimize the complexity of managing desktop client installations and upgrades, and it is transparent to any operating systems (Windows/Mac/Linux) by using HTTP URL only and authenticating using standard authentication methods: Kerberos/Negotiate/NTLM/Multi-factor/IDP/Header-Auth/AUTH2/Smart-Cards/etc.
- Server side capabilities maximize the security on overall users file transmissions
- Ensures secure and controlled access to any file types and content
- It acts as a secure file gateway between users and remote file servers while enabling third party integration and enforced policies (AV/DLP/etc.) to help prevent any unauthorized access or usage (changing file original format, encrypting files, Ransomware attacks, etc.)
- From the user’s perspective, it acts as any mapped drive, including sharing links to the mapped drive with other users