“This is the best encryption technology we have used that integrates with Windows Server Active Directory and enables us to easily manage laptops simply by making changes to Group Policy objects that are sent to users immediately.”

—Oliver Rebollido, Network Engineer, Fenwick & West LLP, Mountain View, California.

GuardianEdge Hard Disk Encryption

home > products > GuardianEdge hard disk encryption

request info email this page

Enterprise Endpoint Data Loss Protection for PCs

Data stored in an unprotected state on laptop and desktop PCs invites unacceptable risks—and the costs of data loss go beyond endangering critical IP or competitive data. With the advent of tough new privacy laws worldwide, compromising customer or employee data through a security breach can subject organizations to stiff fines, crippling remediation costs, and embarrassing public disclosures.

Strong encryption provides the only sure way to protect your organization’s critical information from falling into the wrong hands. It also provides a “safe harbor” from disclosure requirements in the event a machine containing legally protected data is lost or stolen.

By deploying GuardianEdge Hard Disk Encryption, organizations can:

Prevent data loss due to theft or accidental loss of laptop and Desktop PCs by ensuring all data on the hard disk is encrypted
Assure that intellectual property and sensitive or legally protected information is accessible only to authorized users
Meet regulatory compliance requirements through strong, centrally managed encryption, including FIPS 140-2 certified and AES 128 bit/256 bit encryption

Leverage Microsoft Active Directory and other existing infrastructure to reduce the cost and complexity of deploying and managing an endpoint data protection solution
Benefit from the “safe harbor” provided by encryption to eliminate the legal liability, customer service costs and brand erosion associated with data breach disclosures when laptops and desktops are lost or stolen
Safeguard intellectual property by using full disk or multi-partition encryption to protect data
Implement a Microsoft Single Sign-On integrated pre-boot authentication environment to ensure that only authorized users can gain access to data
When combined with GuardianEdge Advanced Authentication, extend pre-boot environment access control with multi-factor authentication for enhanced access protection
Transparently manage endpoint security policies with system policies and user policies through full integration with Active Directory GPO

Client Environment

No additional log-in required (integrated with Microsoft Single Sign-on)
Negligible performance impact
Secure client/server communications
Power failure protection for computers without a battery or backup power source during initial encryption

Pre-boot Authentication

Microsoft Single Sign-on integration
Password authentication
Wake on LAN capability for seamless operation with enterprise patch and update management tools
Lockout on maximum time-since-last-check-in exceeded (configurable)
Password entry delay on failed password attempt threshold (configurable)
Multiple user and administrator accounts (50 each)

Encryption

Full disk or multi-partition including: master boot record, OS and system files, swap/hibernation files
256-bit or 128-bit AES
FIPS 140-2 validated cryptographic library
Common Criteria EAL4 pending

Key/Password Administration and Recovery

Secure, self-service Authenti-Check™ or administrator-assisted password recovery
Recovery of encrypted data in the event of lost tokens or passwords

Administrative tools

MMC management snap in architecture
GPO policy deployment extensions
Remotely disable authentication of a targeted user
Hard drive access tool to allow OS repair
Integrated with forensic data recovery tools to retrieve data from crashed or evidential hard drives
Remote, one-time password capability
Integration with enterprise-grade deployment tools such as SMS, Tivoli, Altiris
Real-time audit logging: policy changes, user actions (succeeded/failed authentication, attempts to uninstall the product, password recovery, change of password)

GuardianEdge Data Protection Platform

Single Management Console - Provides a single, Active Directory integrated management console for administering the GuardianEdge suite of end point data protection controls
Shared Services - Shared security and management services across data protection applications
Auditing and Reporting - Unified auditing and reporting environment

Active Directory Integrated Administration and Management

Tightly integrated with Active Directory, enabling GPO-based policy deployment
Role-based policy administration
Detailed audit records to verify policy enforcement
Role-based control over security policies and recovery of encrypted disks and data

Client Computers

Microsoft Windows™ XP Professional, Windows XP Tablet Edition, Windows 2000

GuardianEdge Management Server

Microsoft Server 2003 Standard or Enterprise
Microsoft XP Professional

GuardianEdge Server

Microsoft Server 2003 Standard or Enterprise for Active Directory Application Management module

GuardianEdge Advanced Authentication Integration

Extend data protection with certificate-based multi-factor user authentication by combining GuardianEdge Hard Disk Encryption with GuardianEdge Advanced Authentication.

Key features enabled by this combination: