NMA ZSentry is a Sans Target platform for "instant on" regulatory compliance, utility, and mobility, with no changes to user systems, services, or devices. ZSentry is U.S. Certified as a Health IT EHR Product, ARRA and HIPAA compliant.
Given the march of technology, the only way to truly protect information is through the absence of a target — because no firewall is good enough, and no defense is strong enough, to stop every attacker from inflicting harm.
For example, as used with ZSentry for Google Apps and Outlook, the ZSentry Single-Sign-On (SSO) operation occurs behind the scenes, in-between clicking Send and the email being actually sent. If the user notices anything, it will be the absence of an intermediate login step.
ZSentry Maximizes Value for Customers. Because ZSentry is indeed a complement to Microsoft, Google, and other platforms, a user's setup can use any or all of them, and change the mix at any time. This can allow users to more easily "route around" and overcome a failure affecting a system or its network. For example, a cell phone can be used to send and receive secure email if the office Internet line is down. Benefits include more functionality, allowing users to do more, redundancy with Microsoft and Google serving as two independent IT systems, improved availability, reduced risk, potentially less cost (vs single-sourcing), and the capacity to add more platforms (for example, Oracle, SAP, IBM, iPad, mobile) as needed. You can also setup a redundant ZSentry system, that you physically control, with ZSentry Director.
Enable organizations and people to meet their needs without changes.™
We provide improved functionality, usability, security, mobility, and regulatory compliance in any platform, product and service.
Our objective is to enable organizations to limit risk online for everyone and deliver superior products and services with much lower cost. Our products are designed to be broadly applicable, without changes to existing products or services, and allow users to do more with less cost. Our customers can securely reach any user, worldwide.
With ZSentry, at no cost or effort larger than a mouse click anyone can read a secure email Zmail (ZSentry Mail), and reply securely. If the sender allows, people can reply securely without cost or even registration.
The User Experience Shall Not Be Modified.
We implement our Strategy by following the simple Premise of not changing the user experience. By not requiring changes, we also enable the user experience to change at will as organizations and end-users may want.
Applications and systems that can use ZSentry as a middleware can seamlessly span desktop, cloud, web and mobile platforms. Examples include AOL, Apple (Apple Mail, Safari, iPhone, iPad), Blackberry, Google (Google Apps, Gmail, Gmail Mobile, Android), Linux (Ubuntu and other distributions, in Mail clients and Web Browsers), Microsoft (IE, Hotmail, Live, Outlook, Word), Mozilla (Firefox and Thunderbird), Yahoo Mail, and security standards such as PKI and PGP.
We want to reduce user frustration in having to use a different tool if one needs security and regulatory compliance. We make it simple to protect both senders and recipients against spam, eavesdropping, forgery, impersonation fraud ("identity theft"), phishing, and other attacks, while offering more integration and more choices than any other product.
Our approach also helps reduce the focus on security, so that people can long at last focus on what they want to do, not how they have to do it.
NMA ZSentry is at the same time affordable, secure, and usable,
by organizations as well as by their employees, customers, partners, and visitors.
We are at your disposal to help you identify new ways to enable your organization to spend less and communicate better, while minimizing the risk of exposure. Please Contact Us.
ZSentry, ZSentry Mail and secure email Zmail are NMA technology and trademarks since
2001. Since 2004, Zmail has been trusted worldwide with millions of secure messages.
About Our Technology
Why yet another secure email technology?
Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), developed ca. 1996, are well-known cryptographic protocols that support secure communications on the Internet, usually by means of Public-Key Infrastructure (PKI, X.509 standard) server certificates. SSL/TLS is very successful in ecommerce today. Because of its simplicity, SSL/TLS is used by some secure email providers including Gmail and Postini. However, SSL/TLS falls short of basic email security requirements. For example, because SSL/TLS messages are only encrypted in-between end-points, third parties can compromise message security and integrity at the security-gaps created at each SSL/TLS end-point (i.e., not only at Gmail or Postini but also at the recipient's ISP), and at the recipient's machine.
Password-based email encryption is cumbersome to use, has no first-contact capability, and is trivially open to exploits by spoofing and phishing attacks. In addition, because users are likely to choose a weak password (even though it may look strong) and not periodically expire them, password-encrypted email may be rather easy to crack by the same automatic dictionary attack tools already in use to crack password files effectively.
Regarding security technologies that have been developed specifically for the needs of email security, lack of a usable and secure solution for managing cryptographic keys has been a major failure point.
For example, with PKI and Pretty Good Privacy (PGP, as used by PGP and Hushmail), a user's private-key is embedded in a password-protected file that can be attacked and cracked.
PKI/X.509 end-user certificates provided for example by VeriSign or Thawte, which are required in order to use PKI for email security, have a number of well-known problems (including cost, lack of revocation status assurance, spoofing, and lack of first-contact capability).
PGP, even though it can be used without any cost, lacks a reliable facility for certificate revocation status, uses a web-of-trust certificate issuance method that does not scale beyond small groups, and lacks first-contact capability.
With Identity-Based Encryption (IBE, as used by Voltage and MessageGuard), the private-keys of all users must be stored in the servers and may be available to third-parties without user authorization (this is called mandatory key-escrow).
Even though conventional PGP and PKI/X.509 solutions are notoriously far too difficult to use, a number
of providers use servers to automate some of the tasks that were previously done manually. While this does improve
ease-of-use, it may compromise HIPAA/HITECH Safe Harbor conformance, and still has to deal with several limitations
of the underlying technologies PGP and X.509/PKI.
Therefore, for the conventional email security solutions, when the key management solution is secure (PKI, PGP), it is not usable (complexity, counter-intuitive behavior when compared to postal mail, unreliable key certificate revocation, and other known issues). When it is usable (SSL/TLS, password-based, IBE, Voltage, MessageGuard), it is not secure (security-gaps, weak passwords, open to phishing and spoofing, mandatory key-escrow, no key revocation, and other known issues).
NMA developed ZSENTRY to allow any two parties, possibly with no previous contact, to establish a secure and private communication channel (e.g., a secure email message exchange using Zmail) without the usability and security shortcomings of conventional technologies such as passwords, PKI, PGP, IBE, and SSL/TLS.Read About Our Technology >>
Notice: This page is intended to outline our general direction with NMA ZSentry. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for NMA's products remains at the sole discretion of NMA.
|Main Technical Notes|