Security Minisite

Enterprise Data Loss Protection for PCs

In addition to the danger of losing critical IP and customer or competitive information, data stored in an unprotected state on your laptop and desktop PCs puts your organisation at risk of becoming the next data breach headline. The only sure way to counter these threats is with strong encryption of all data on hard disks, which also provides a “safe harbour” from the high-profile public disclosures and costly remediation mandated by privacy laws.

GuardianEdge Hard Disk Encryption provides exceptionally manageable, policy-controlled protection against loss or theft of data on laptop and desktop PCs.This mature solution builds on over 13 years of experience in creating and deploying hard disk encryption products. It delivers strong encryption as well as transparent operation to end users, pre-boot authentication, single sign-on integration, multiple user/administrator support, and a rich administrative and management environment. When combined with GuardianEdge Advanced Authentication, it also provides extensive token card and reader support for extended access security with multi-factor authentication. As a key component of the GuardianEdge Data Protection Platform, GuardianEdge Hard Disk Encryption delivers enterprise-grade manageability with fully integrated data protection controls and close integration with Microsoft Active Directory.

GuardianEdge HDD Encryption provides full disk encryption, meaning that the software encrypts every sector on the drive, including the master boot record, OS and system files and temp/swap/hibernation files.

Key Features

Client Environment

• No additional log-in required (integrated with Microsoft Single Sign-on)
• Negligible performance impact
• Secure client/server communications
• Power failure protection for computers without a battery or backup power source during initial encryption

Pre-boot Authentication

• Microsoft Single Sign-on integration
• Password authentication
• Wake on LAN capability for seamless operation with enterprise patch and update management tools
• Lockout on maximum time-since-last-check-in exceeded (configurable)
• Password entry delay on failed password attempt threshold (configurable)
• Multiple user and administrator accounts (50 each)

Encryption

• Full disk or multi-partition including: master boot record, OS and system files, swap/hibernation files
• 256-bit or 128-bit AES
• FIPS 140-2 validated cryptographic library
• Common Criteria EAL4 pending

Key/Password Administration and Recovery

• Secure, self-service Authenti-Check™ or administrator-assisted password recovery
• Recovery of encrypted data in the event of lost tokens or passwords

Administrative tools

• MMC management snap in architecture
• GPO policy deployment extensions
• Remotely disable authentication of a targeted user
• Hard drive access tool to allow OS repair
• Integrated with forensic data recovery tools to retrieve data from crashed or evidential hard drives
• Remote, one-time password capability
• Integration with enterprise-grade deployment tools such as SMS, Tivoli, Altiris
• Real-time audit logging: policy changes, user actions (succeeded/failed authentication, attempts to uninstall the product, password recovery, change of password)

GuardianEdge Data Protection Platform

• Single Management Console - Provides a single, Active Directory integrated management console for administering the GuardianEdge suite of end point data protection controls
• Shared Services - Shared security and management services across data protection applications
• Auditing and Reporting - Unified auditing and reporting environment

Active Directory Integrated Administration and Management

• Tightly integrated with Active Directory, enabling GPO-based policy deployment
• Role-based policy administration
• Detailed audit records to verify policy enforcement
• Role-based control over security policies and recovery of encrypted disks and data

 

GuardianEdge Advanced Authentication Integration

Extend data protection with certificate-based multi-factor user authentication by combining GuardianEdge Hard Disk Encryption with GuardianEdge Advanced Authentication.

Key features enabled by this combination:

• Pre-boot environment multi-factor authentication
• Smartcard/Common Access Card (CAC) support
• Extensive support for readers and tokens
• PKI environment support

 

 

More information

Please call us on 01752 895100 or email security@avanquest.co.uk