Data security in Vantage

It is important to understand how Vantage keeps your data secure.

Data privacy

For more details, see Nozomi Networks Vantage Data Privacy.

Data segregation and encryption

Data segregation is a key element of data security in Vantage. Every Vantage implementation has its own database. Access to an instance's database requires an encryption key that is only used for this instance.

FIPS support

The National Institute of Standards and Technology (NIST) develops Federal Information Processing Standards (FIPS), which are publicly-announced standards for use in computer systems in-use with non-military United States government agencies and government contractors. The FIPS 140 series specifies requirements for cryptography modules within a security system protecting sensitive, but unclassified, data.

For implementations that adhere to FIPS, Nozomi Networks provides FIPS-compliant Vantage instances that use the FIPS-140-2 approved cryptography module.

Implementations that are FIPS-compliant are entirely separate from other Vantage instances and sensors:
  • A FIPS-compliant Vantage instance only accepts connections from FIPS sensors
  • A non-FIPS Vantage instance accepts only connections from non-FIPS sensors

While a FIPS-compliant sensor cannot connect to a standard, non-FIPS Vantage instance, an unlicensed sensor can connect to a FIPS-compliant Vantage instance. This allows Vantage to assign a license and enable FIPS mode on the sensor. Vantage now manages the sensor's license, and it can only connect to a FIPS-compliant Vantage instance.

To learn more about FIPS, contact Nozomi Networks.

FIPS-compliant Vantage and SAML configuration

When you use security assertion markup language (SAML) to Configure Vantage for SSO, you must specify its assertion consumer service (ACS) uniform resource locator (URL).

If your Vantage instance is FIPS-compliant, its ACS URL differs from the ACS URL of non-FIPS instances. For example:
  • The ACS URL of a standard, non-FIPS Vantage instance is similar to: https://customer1.customers.us1.vantage.nozominetworks.io
  • The ACS URL of a FIPS-compliant Vantage instance is similar to: https://nozominetworkscom.customers.us1.vantage-govcloud.nozominetworks.io

For more details about ACS URLs, see IdP configuration for SAML integration.