Featured Eseminar Auditor Download GuardianEdge Federal GuardianEdge

“With GuardianEdge Encryption Anywhere Hard Disk installed on all of our notebook PCs, we have an invaluable asset for mitigating the risk of proprietary data loss for our mobile workforce.”

—Joe Rumpler, IT shareholder, Clark Schaefer, Hackett & Co.

GuardianEdge Hard Disk Encryption

Enterprise Endpoint Data Loss Protection for PCs

Data stored in an unprotected state on laptop and desktop PCs invites unacceptable risks—and the costs of data loss go beyond endangering critical IP or competitive data. With the advent of tough new privacy laws worldwide, compromising customer or employee data through a security breach can subject organizations to stiff fines, crippling remediation costs, and embarrassing public disclosures.

Strong encryption provides the only sure way to protect your organization’s critical information from falling into the wrong hands. It also provides a “safe harbor” from disclosure requirements in the event a machine containing legally protected data is lost or stolen.



By deploying GuardianEdge Hard Disk Encryption, organizations can:

  • Prevent data loss due to theft or accidental loss of laptop and Desktop PCs by ensuring all data on the hard disk is encrypted
  • Assure that intellectual property and sensitive or legally protected information is accessible only to authorized users
  • Meet regulatory compliance requirements through strong, centrally managed encryption, including FIPS 140-2 certified and AES 128 bit/256 bit encryption
  • Leverage Microsoft Active Directory and other existing infrastructure to reduce the cost and complexity of deploying and managing an endpoint data protection solution
  • Benefit from the “safe harbor” provided by encryption to eliminate the legal liability, customer service costs and brand erosion associated with data breach disclosures when laptops and desktops are lost or stolen
  • Safeguard intellectual property by using full disk or multi-partition encryption to protect data
  • Implement a Microsoft Single Sign-On integrated pre-boot authentication environment to ensure that only authorized users can gain access to data
  • When combined with GuardianEdge Advanced Authentication, extend pre-boot environment access control with multi-factor authentication for enhanced access protection
  • Transparently manage endpoint security policies with system policies and user policies through full integration with Active Directory GPO
 
Client Environment
  • No additional log-in required (integrated with Microsoft Single Sign-on)
  • Negligible performance impact
  • Secure client/server communications
  • Power failure protection for computers without a battery or backup power source during initial encryption
Pre-boot Authentication
  • Microsoft Single Sign-on integration
  • Password authentication
  • Wake on LAN capability for seamless operation with enterprise patch and update management tools
  • Lockout on maximum time-since-last-check-in exceeded (configurable)
  • Password entry delay on failed password attempt threshold (configurable)
  • Multiple user and administrator accounts (50 each)
Encryption
  • Full disk or multi-partition including: master boot record, OS and system files, swap/hibernation files
  • 256-bit or 128-bit AES
  • FIPS 140-2 validated cryptographic library
  • Common Criteria EAL4 pending
Key/Password Administration and Recovery
  • Secure, self-service Authenti-Check™ or administrator-assisted password recovery
  • Recovery of encrypted data in the event of lost tokens or passwords
Administrative tools
  • MMC management snap in architecture
  • GPO policy deployment extensions
  • Remotely disable authentication of a targeted user
  • Hard drive access tool to allow OS repair
  • Integrated with forensic data recovery tools to retrieve data from crashed or evidential hard drives
  • Remote, one-time password capability
  • Integration with enterprise-grade deployment tools such as SMS, Tivoli, Altiris
  • Real-time audit logging: policy changes, user actions (succeeded/failed authentication, attempts to uninstall the product, password recovery, change of password)
GuardianEdge Data Protection Platform
  • Single Management Console - Provides a single, Active Directory integrated management console for administering the GuardianEdge suite of end point data protection controls
  • Shared Services - Shared security and management services across data protection applications
  • Auditing and Reporting - Unified auditing and reporting environment
Active Directory Integrated Administration and Management
  • Tightly integrated with Active Directory, enabling GPO-based policy deployment
  • Role-based policy administration
  • Detailed audit records to verify policy enforcement
  • Role-based control over security policies and recovery of encrypted disks and data
Client Computers
  • Microsoft Windows™ XP Professional, Windows XP Tablet Edition, Windows 2000
GuardianEdge Management Server
  • Microsoft Server 2003 Standard or Enterprise
  • Microsoft XP Professional
GuardianEdge Server
  • Microsoft Server 2003 Standard or Enterprise for Active Directory Application Management module
GuardianEdge Advanced Authentication Integration

Extend data protection with certificate-based multi-factor user authentication by combining GuardianEdge Hard Disk Encryption with GuardianEdge Advanced Authentication.

Key features enabled by this combination:

  • Pre-boot environment multi-factor authentication
  • Smartcard/Common Access Card (CAC) support
  • Extensive support for readers and tokens
  • PKI environment support