CYBERCRYPT D1
WE PROTECT
YOUR DATA
HOLISTICALLY

Protection of data in applications is a necessary layer of defense against today’s attackers. We protect your databases, messages, object storage, and more across data centers, cloud environments, devices, and apps.
deep dives

LEARN MORE ABOUT CYBERCRYPT D1

Watch our experts talk about the principles behind Zero Trust and Application-Layer Encryption in the context of preventing data breaches.
show more
FEATURES

DATA PROTECTION IN CYBERCRYPT D1

FIPS-Compliant Cryptography

CYBERCRYPT D1 protects data with FIPS-compliant cryptography using cryptographic mechanisms according to FIPS 197, NIST SP 800-38D, NIST SP 800 133, NIST SP 800-38F, NIST SP 800-56C, and more.

Key Management through KMS/HSM

CYBERCRYPT D1 integrates with the existing KMS/HSM in your environment such as AWS KMS, GCP KMS, Azure KMS, cloud HSM, KMIP, etc. to enable individual data-point keys.

Quantum-Resistant Algorithms

CYBERCRYPT D1 encrypts and authenticates data using cryptographic algorithms that will remain secure even under the quantum threat to ensure the long-term security of your data.

Searchable Encryption

CYBERCRYPT D1 allows for efficient search of encrypted data using cutting-edge searchable encryption techniques. That is, you don’t need to decrypt your data to perform searches on it.

Relational Databases

CYBERCRYPT D1 adds another full layer of protection around your relational data stored in traditional Relational Database Management Systems (RDBMS) based on the principles of zero trust and defense in depth.

Blob Storage

Object storage is not limited to S3, so CYBERCRYPT D1 also supports any generalized blob storage such as Azure Blob Storage, Google Cloud Storage, local file systems such as ext4 and NTFS, etc.

S3 Storage

S3 objects should be protected with application-layer encryption to ensure data is only accessible to workloads and processes that are explicitly authorized, which thwarts double extorsion ransomware attacks, among others.

OAuth 2.0 / OIDC

CYBERCRYPT D1 integrates with any modern IAM solutions supporting OIDC, including Azure AD, AWS IAM, GCP IAM, Keycloak and more. It supports claim-based authorization flows, among others.

Object-Level Authorization

Access to each individual object protected with CYBERCRYPT D1 is subject to a unique authorization. This object-level authorization can be user-based, group-based or claim-based.

Scope-Level Authorizations

You can define the scope of the operation, e.g., read or write, for each authorization. This allows for a very strong least-privileged access model: For instance, the data producer may not need read access to the data.

Cryptographic Enforcement

Access to data — both reading and writing — is cryptographically enforced for each data point with the right combination of a unique individual key and an individual authorization claim.

Kubernetes

CYBERCRYPT D1 is a microservice designed and enabled for easy deployment into existing Kubernetes clusters. It can be deployed in various modes such as stand-alone service or sidecar-injected containers.

Docker

All CYBERCRYPT D1 components are built with Docker in mind and comply with the OCI specification. All images are built using minimal images leveraging Distroless images as base or even Scratch.

Helm Charts

CYBERCRYPT D1 comes with Helm charts out of the box, allowing you to get started quickly. The defaults in the Helm charts are easily replaceable with customer configuration and integrations.

Easy Getting-Started scripts

Deploying a microservice architecture can quickly become complicated, however with the CYBERCRYPT D1 release there is a collection of ready-made scripts that will make any deployment much easier to handle.

SIEM Integration

The CYBERCRYPT D1 services are built with the Twelve-Factor App principles in mind, including logs, which are treated as event streams, making it an easy task to integrate the services into any SIEM solution.

Auditable Access

All access events in CYBERCRYPT D1 are exported as auditable events making it straightforward to monitor access to any data protected with the service. Along with access, the scope requested is also logged together with the event sequence during access.

gRPC for In-Cluster

The default API for CYBERCRYPT D1 is exposed using the gRPC protocol, enabling automatic creation of clients in nearly any language. The protocol is well suited for transfering of large binary data over the network.

Ready for Edge Computing

CYBERCRYPT D1 can be deployed as part of your edge computing environment to enable protection of data as close to the source as possible. This ensures integrity and confidentiality of the data all the way through to collection and processing.

Microsegmentation

CYBERCRYPT D1 is designed to work in microsegmented networks where the zone of trust is as small as possible. This improves breach containment and reduces the attack surface of your deployments.

Secure Key Distribution Channel

Optionally, your DevSecOps team can establish a secure connection from CYBERCRYPT D1 to your centralized key management system using CYBERCRYPT K1. This allows for integrations with your existing on-premise HSMs or with cloud KMS systems in other environments.

DEPLOYMENT

SEAMLESS INTEGRATION WITH IAM AND KEY MANAGEMENT

CYBERCRYPT D1 supports deployment into popular cloud providers such as AWS, Azure, and GCP using the cloud provider’s IAM, key management, and databases.
  • Generic
  • AWS
  • Azure
  • Google
A diagram showing how D1 integrates in Generic Cloud.
A diagram showing how D1 integrates in Generic Cloud.
A diagram showing how D1 integrates in AWS Cloud.
A diagram showing how D1 integrates in AWS Cloud.
A diagram showing how D1 integrates in Azure Cloud.
A diagram showing how D1 integrates in Azure Cloud.
A diagram showing how D1 integrates in Google Cloud.
A diagram showing how D1 integrates in Google Cloud.
integrations

ENCRYPTION ACROSS A WIDE RANGE OF TECHNOLOGIES

Databases

Azure SQL
AWS RDS
MySQL
PostgreSQL
MariaDB
Azure Cosmos DB
DB2
Oracle
SQL Server
SQLite

Object Storage

Azure Blob Storage
AWS S3
Google Cloud Storage
MinIO
Ceph Object Gateway
TiKV
Redis
MySQL
PostgreSQL
SQLite
ETCD

Cloud Providers

Microsoft Azure
Amazon Web Services
Google Cloud
Alibaba Cloud
Digital Ocean

IAM

Azure AD
AWS Cognito
GCP IAM
Keycloak
OIDC / OAuth 2.0

Key Management

Azure Key Vault
AWS KMS
GCP KMS
HSM (KMIP)

Deployment

Azure AKS
AWS EKS
GCP GKE
Kubernetes
Helm
Docker Swarm
Docker

Languages

C#
Java
Go
Python
TypeScript
F#
VB.NET
Kotlin
Scala
JavaScript

Frameworks

Entity Framework
Hibernate
Gorm
SQLAlchemy
Sequelize
expand all
Testimonials

Aztrix* NV company logo
We appreciate CYBERCRYPT’s approach to security, which follows defense-in-depth and zero-trust principles, especially when processing sensitive data like PII, which became an integral part of our product development strategy
Karel Ribbens
Founder & Managing Partner,
Aztrix* NV
GET IN TOUCH

HOW CAN WE HELP YOU?

Let us know if you have any questions about supported integrations, platforms we can run on, your exposure to data breaches, our process to help you, or your concerns with compliance. We will answer these or any other questions you may have.
A picture of Andrey Bogdanov, PhD.
Andrey Bogdanov, PhD
CEO & Founder
Get in touch