web analytics
  Featured Eseminar Auditor Download GuardianEdge GuardianEdge Federal

    “Encryption technology plays a key role in our regimen of internal controls for greater security as well as in promoting customer satisfaction. You expect that when you visit your doctor, all of your confidential information stays confidential. It's our job to meet that expectation."

    —Eric W. Cowperthwaite, CSO, Providence Health & Services.
    Encryption, Now More than Ever



    GuardianEdge Data Protection Platform


    Platform Offers Endpoint Data Encryption and Device Controls


    November 30, 2007

    Courtesy of Datamation

    The flagship offering of GuardianEdge Technologies, the GuardianEdge Data Protection Platform provides a centrally managed platform for the policy-based enforcement of data encryption and device controls for Windows based endpoints. The platform is integrated with and requires a Microsoft Active Directory-based infrastructure and leverages A/D Group Policy Objects for the administration and deployment of access and encryption policies and authentication credentials synchronization.

    The platform consists of four components.

    At the heart of the offerings is the GuardianEdge Data Protection Framework, which provides the core management capabilities for each of the platform's individual components. The Data Protection Framework provides tools for the packaging and deployment of the other components (in traditional or MSI-based packages), the creation and distribution of enforcement policies (which are stored/deployed as GPOs via a policy-management MMC snap-in), user registration and management, authentication synchronization (the end user's login credentials for the data protection components are automatically synchronized with their A/D credentials), and client auditing and reporting. Endpoints communicate to the central GuardianEdge server such information as the state of the applications, compliance with assigned policies, and the security posture of protected machines. System events are accessible through the Windows System Event Viewer.

    Other features of the framework include key management and escrow capabilities, a self-service password recovery function (challenge-response) for users utilizing the full-disk encryption module, help-desk support for the deployment of one-time passwords enabling a user to access a locked machine, support for local administrative access to protected machines, and role-based administration.

    Onto this core framework is loaded the customer's choice of four functional components (which can be mixed as needed).

    The GuardianEdge Hard Disk Encryption component (Windows 2000 Pro(sp4)/XP Tablet/XP Pro/Vista) provides the ability to fully encrypt the end point's hard drive using 256-bit AES encryption (FIPS 140-2 validated). Users access the drive via pre-boot authentication (both passwords and smartcard/token-based authentication are supported), with Single Sign-On supported to the network domain. Encryption and decryption is transparent to the end user, and targeted users can be remotely disabled by administrators, among other features.

    GuardianEdge Device Control (Windows NT4/2000/XP/Server 2003) enables the selective, policy-based control of input/output operations on endpoint machines; the vendor lists USB, FireWire, serial, parallel, infrared, CD/DVD, floppy disk, tape, WiFi, and Bluetooth communications as supported. Policies can be implemented broadly (allow or deny all), or via parameters allowing for such actions as permitting read-only access to specific devices at specific times. Other features include support for white-lists by pre-defined devices and device models, class, type, or serial numbers; and data movement tracking and auditing.

    New features in the latest release of GuardianEdge Device Control include file type controls that allow for the controlling of reading/writing based on file types; support for "shadow files," by combinations of specified file types, computers, or groups, that target specific files for file movement logging and/or automatic mirroring to the central repository; support for CD/DVD white lists; alerting and logging for internal port access (IDE, SCSI, ATA, etc.); eDirectory support; and support for internal or external SQL databases.

    The newest entry in the product portfolio, GuardianEdge Smartphone Protection (Palm, Pocket PC, Windows Mobile, Symbian) extends the platform's protective features to Enterprise smartphones; including policy-based encryption of data on smartphones (files, DBs, removable media), controlling of access to applications, ports, WiFi, and external devices from the smartphone, and network access controls that ensure the device is compliant with corporate policies before allowing it to connect to the enterprise network. Additional features include support for device wiping based on extended device inactivity, password failure thresholds, or Over-The-Air administrative actions; support for application-specific passwords; and a self-service portal for resetting forgotten passwords.

    Visit the vendor's Web site for further information.