1 / 31

The Leader in Endpoint Data Protection

GuardianEdge Removable Storage. The Leader in Endpoint Data Protection. Presenter Name Title. Agenda. About GuardianEdge Product Overview Product Introduction Encryption and Key Management Comprehensive Device / Media Support Recovery Best-in-class Portability Administration

vivien
Download Presentation

The Leader in Endpoint Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GuardianEdge Removable Storage The Leader in Endpoint Data Protection Presenter Name Title

  2. Agenda • About GuardianEdge • Product Overview • Product Introduction • Encryption and Key Management • Comprehensive Device / Media Support • Recovery • Best-in-class Portability • Administration • Reporting and Auditing • Differentiation • Summary

  3. GuardianEdge The most cost-effective protection for critical mobile data Laptops Desktops Removable Media Smartphones "The industry is moving away from point security tools and towards an integrated data protection solution with true enterprise-class capabilities." Paul Stamp, Senior Analyst

  4. GuardianEdge Data Protection Platform • Data loss prevention • Laptop & desktop disk encryption • Removable device & CD-DVD encryption • Smartphone / PDA encryption • Device and port access control • Monitoring & enforcement of data flow • Compliance & file type inspection • Activity logging & file shadowing • Enterprise grade management • Native Microsoft Active Directory™ integration • Novell eDirectory™ and non-domain PC support • Single console administration • Deploy and manage with existing infrastructure Centralized – Integrated Management Console • AD Integrated • eDirectory support • Non-domain computer support • Altiris Connector PDAs / Smartphones Policies Auditing Port, device and file type controls Device Control Laptops & Desktops Removable Storage Encryption Hard Disk Encryption

  5. Business Problem Addressed • Business need to allow some usage of portable media • Distribute information to third parties • Take work home • Share data with co-workers • The risks for organizations: • Loss of data and associated expenses • Key challenge: Protecting data without negatively impacting user productivity • Minimal disruption of the user’s workflow • Support for users’ devices • Ability to access data on computers without GERS software

  6. GuardianEdge Removable Storage Encryption Protects data on PC removable media in case of physical loss or theft • Transparent end user operation • Comprehensive encryption support • Policy based encryption for removable media • FIPS certified AES 256 bit or 128 bit, CC EAL4 pending • Encrypt plain text data on devices • Best-in-class storage media support • Flash drives, Hard drives, SD cards • CF cards, CDs/DVDs, iPods, etc. • Portability • Access utility – Install by policy, read / write encrypted data • Self-extracting archives • Group and Kiosk mode operation • Centrally managed data recovery Centralized – Integrated Management Console • AD Integrated • eDirectory support • Non-domain computer support • Altiris Connector Auditing Policies Smartphone Protection Policies Auditing Advanced Authentication Port, device and file type controls Device Control Hard Disk Encryption Removable Storage Encryption

  7. Encryption • File level encryption • FIPS 140-2 certified algorithms • 256 bit and 128 bit AES • File Encryption Key (FEK) • Unique key per file • Key protection / user authentication • Passwords • Certificates with GuardianEdge Advanced Authentication • Workgroup key • Administrative data recovery certificate

  8. Key Management

  9. Comprehensive Device / Media Support • Devices that attach file systems • USB port-based • FireWire port-based • Internal floppy drives • Storage device / media examples: • USB flash drives • USB hard drives • Secure Digital cards • Compact Flash cards • External floppy drives • Apple iPods • CDs/DVDs • Access on GERS and non-GERS computers

  10. CD/DVD Encryption • GERS CD/DVD Burning Application • Key considerations: • Data files only • One password per CD/DVD • Up to 12 levels of nested folders • One session per disc • Will not block unencrypted writes from other burning applications • Leverages GERS policies: • Encryption • Encryption Method • Group Key • Administrative Data Recovery Certificate • Auto-copying of GERS Access

  11. CD/DVD Encryption

  12. Recovery of Encrypted Data • Administrative access to encrypted data • Lost / destroyed password • User left company • Recovery Key • Certificate distributed with software install • Administrator controls private key • Requires Certificate Authority but not PKI

  13. Best-In-Class Portability • Comprehensive device / media support • Support for other transfer mechanisms • Email • FTP • Network share • Ease of use • Accessing encrypted data • Encrypting data • Transfer of entire folder subdirectories • Strong security • FIPS-certified algorithms • Administrator-defined password strength settings • Ability to force two-factor authentication

  14. Access Utility • Two-way data distribution • Transfer encrypted data, modify it, re-encrypt, transfer it back • Common use cases • Take work home • Work at client or partner • Auto-copy to devices / media • Automatic Opening • Requires auto-run to be enabled and user to select • Explorer-like window for intuitive operation • Navigation in left pane, data in right pane • Up to 12 levels of nested folders • File name, size, type, date modified, and whether encrypted or not • Red lock, yellow lock

  15. Access Utility • Device Default Password • Encrypt / decrypt • Per application session • Password caching • Cache new passwords that are entered for decryption • Per application session • Carry-over of Framework and GERS settings • Limit Password Attempts • Enable Password Management • Encryption Strength • Group Key • Master Certificate

  16. Access Utility

  17. Access Utility

  18. Self-Extracting Archives • Secure one-way distribution of archives • Recipient double-clicks archive and enters password • Common use cases: • Distribute data to third parties • Contractors, Auditors, Etc. • Distribute data internally • Flexible distribution options • Storage devices / media • Email • FTP servers • Policy-driven option • User can be granted right to create self-extracting files

  19. Self-Extracting Archives • Multiple files / folders • Up to 12 nested folders • User options – right-click files / folders • Create self-extracting archive • Save to storage device / media – not double-encrypted • .exe file extension • Save to hard drive – encrypted • Send by email • Changes .exe extension to default of .rse • Archive modification • Add / delete files and folders from GERS-protected computers

  20. Self-Extracting Archives

  21. Self-Extracting Archives

  22. Administration • Management console • Natively integrates Active Directory • Users and groups and Group Policy Objects (GPO) • Novell eDirectory • Automated import and synchronization of Novell eDirectory computers and hierarchy • Integrates GuardianEdge applications into a single console • MMC snap-in, standard and familiar administrative interface for lower TCO • Create client installer packages • Create and deploy security policy • Fast and simple compliance reporting • Automatic communication of endpoint encryption state • Standard reports and views of endpoint state data • Policy administration • Active Directory Group Policy Objects • Create and edit policy using standard Microsoft environment • AD organization tree natively integrated into GuardianEdge Manager • eDirectory computer objects and group hierarchy • Deploy policy at any level within the AD or eDirectory trees • Native policy for endpoints that are not members of Active Directory

  23. Native Active Directory Integration Close integration with Active Directory Users and Groups and Group Policy Management enable deployment, administration and reporting within a common and familiar user interface.

  24. Novell eDirectory Integration An event-driven connector for Novell eDirectory computer and group objects enables a common interface for policy management and reporting using native policy objects.

  25. Reporting Reporting allows you to confirm that GuardianEdge Removable Storage is installed on computers, the correct policies are in place, and query individual computers.

  26. Auditing • Confirms policies are functioning correctly • Logged events • Encryption events • Encrypted file • Self-extracting archive • Other events • Copying of GERS Access • Policy synchronization • Etc.

  27. GuardianEdge Removable Storage Differentiation • Strong Security • 256-bit AES encryption • FIPS-certified encryption • Certificate authentication with GuardianEdge Advanced Authentication • Best-in-class Device/Media Coverage • USB hard drives and CDs/DVDs, as well as USB flash drives, SD cards, CF cards, floppy disks, iPods, etc. • Best-in-class Portability • Encrypt and decrypt data from computers without GERS • Send by email or put on FTP servers or network shares • Transfer entire directory structures • Enforce two-factor authentication on non-GERS computers

  28. GuardianEdge Removable Storage Differentiation • Global Deployability • 128-bit allows product to be deployed in China, France, etc. • Enterprise-grade Manageability • Single console for data protection administration (HD, DC, and RS) • Integrates into existing environment • Does not create separate administrative system • Minimal learning curve • Scales operationally • Scales physically

  29. Competitive Removable Storage Overview Full Support  Some Support O No Support X *Requires separate license for GuardianEdge Advanced Authentication

  30. GuardianEdge – Protecting Critical Mobile Data • The only vendor focused strictly on Endpoint Data Protection • Proven ease of operation in the real-world • Highest success rate for deployments • Lowest total cost of management • Transparent to end users • Proven and respected service expertise • Hands-on deployment & technical support assistance • ‘Getting it Right’ the first time – makes the difference! Johns Hopkins University

  31. The Leader in Endpoint Data Protection

More Related