Symantec Endpoint Encryption combines strong full-disk and removable media encryption with an intuitive central management platform to protect sensitive data from loss or theft.
Built with PGP (Pretty Good Privacy) cryptographic technology, Symantec Endpoint Encryption is an intuitive central management platform with strong disk and removable media encryption, innovative compliance reports and key recovery options to protect sensitive data across endpoints. As a component of the Symantec Encryption Family, it supports advanced intrusion prevention, firewall protection, and anti-malware functions. Endpoint Encryption also helps IT administrators prove a device was encrypted should it become lost or stolen.
Endpoint encryption, in general, is available in 4 different types:
- Drive (whole disk) encryption is the most traditional method to protect data-at-rest if end user devices are lost or stolen. All hard drive data (operating system (OS), applications, drivers, user data) is encrypted sector-by-sector, rendering it unreadable and unusable by unauthorized users.
- Removable media encryption protects sensitive data on USB drives, removable hard drives, DVD’s, and other portable storage devices. Its automatic encryption capability secures lost or stolen data if the device has been dislocated in transition.
- Mobile encryption is specific to mobile device data. In addition to on-device data encryption storage, some mobile encryptions prevent costly data leakage. Extra protection includes cut-and-paste controls that are policy-driven, or controls that prevent unauthorized apps from opening or accessing data.
- Engine encryption addresses interoperability and OS patching that many third-party solutions are likely to encounter. When it comes to advanced endpoint encryption, many manufacturers are likely to build encryption engines within the operating system (OS) default settings.
Symantec Endpoint Encryption, in particular, is characterized by:
- Maximum protection that encrypts each drive, by sector, to ensure no files are left unencrypted. Endpoint Encryption supports TPM authentication with Auto-logon to protect the computer system state from detrimental change.
- Strong cryptography that employs a FIPS 140-2 validated cryptographic module, which helps customers comply with government and industry requirements like Continuous Diagnostics and Mitigation (CDM), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and the EU General Data Protection Regulation (GDPR).
- Ease of use that allows users to enter their password once for single sign-on access to their main screen. As users access their information, instant decryption and re-encryption make for a seamless experience; and smart cards can be utilized for additional user authentication.
- Multiple recovery options that enable companies to mix self-recovery and help-desk user support. Local self-recovery lets users set up customizable questions and answers to regain access. Web-based help-desk support features a single-use token that a user can insert into their machine
- Flexible removable media that lets users access data on any Windows or Mac system, even if encryption is not installed on their device. Endpoint Encryption supports multiple removable media types (e.g., USB drives, external hard drives, CD/DVD/Blu-ray, etc.
Symantec Endpoint Encryption supports the AES (Advanced Encryption Standard) algorithm containing 128-bit or 256-bit keys. AES is a symmetric block cipher the US government utilizes to protect classified information it implements on hardware and software. It is considered to be more mathematically efficient and algorithmically elegant than its predecessor, the DES (Data Encryption Standard) algorithm, which only contains a 56-bit key.