Symantec Endpoint Encryption 6.

0
The Problem with Data

Data is Pervasive and Portable:

– Desktops and Laptops
– Computer hard drives
– Removable storage devices, such as CDs or USB drives
Risk for organizations:
– Loss of data and associated expenses

Data at Risk puts your Business at Risk

Symantec Endpoint Encryption 2
Symantec Endpoint Encryption 3
Market Drivers

• Disclosure is mandatory, costs are gigantic

Cost of – USA: SB1386 — 36 State laws, 5 Federal bills
Disclosure – Encryption is the only “safe harbor”

• Growing notification requirements, penalties

Stricter – FSA, BASEL-II, Data Protection Act (UK / EU), EU
Directive 95/46/EC
Compliance
– SOX, HIPAA, GLBA

• Fast-growing, mobile work force

Increased – 93M laptops, 2008 - 170M USB dev., 50% CAGR
Mobility

Average tangible cost per breach: ~$7.5 Million

1/15th as expensive to prevent

Symantec Endpoint Encryption 4

What is Endpoint Encryption and How it
Works
Product Overview
• Symantec Endpoint Encryption 6.0 provides advanced
encryption for desktops, laptops and removable storage
devices. It offers scalable security and prevents
unauthorized access to endpoints.

Symantec Endpoint Encryption

Full Disk Edition

Symantec Endpoint Encryption

Symantec Endpoint Removable Storage Edition
Encryption 6.0
Symantec Endpoint Encryption 6
 Endpoint Encryption
Business Benefits
Reduce Risk
Legal Liability
• Protect sensitive, proprietary or protected data
• Prevent erosion of trust, brand, goodwill and image
Brand Erosion
• Eliminate the legal liabilities of a data breach
• Prove that no information has been lost
Save Money and Time Disclosure
(SB1386)
• Reduce time and cost of privacy compliance
• Eradicate the customer service costs of data breach Remediation
disclosure Cost
• Use data security as a competitive advantage

Symantec Endpoint Encryption 7

 Endpoint Encryption key Highlights

• Pre-boot Protection
• Centralized Management
• Support for 3rd party Authentication
• Seamless Key sharing
• Secure user recovery
• Enforceable policies
• Extensive Reporting
• Multiple encryption algorithms

Symantec Endpoint Encryption 8

Symantec Endpoint Encryption
Full Disk Edition

• Full disk encryption

– Encrypts all disk sectors

– Supports standby and hibernation modes

– Excellent performance
• Mandatory pre-boot authentication
– Hardened pre-boot operating system
– Single Sign-on
– Token support
– Automatic recovery

Symantec Endpoint Encryption 9

Symantec Endpoint Encryption
Full Disk Edition - continued
• Multiple user / administrator accts.
– Supports multiple users

• Password recovery
– Two recovery methods

• Self Service

• Help Desk assisted

• Automatic client reporting

and audit trail

Symantec Endpoint Encryption 10

Symantec Endpoint Encryption
Removable Storage Edition

• Transparent, policy-based file

encryption
• Multiple devices/media
– USB flash drives, USB hard
drives, SD cards, CF cards,
CDs/DVDs, iPods, etc.

• Portability
– Password protected executable
to decrypt even if you don’t have
the application
– Self-extracting files

Symantec Endpoint Encryption 11

Symantec Endpoint Encryption
Removable Storage Edition - continued
• Monitoring and logging
– Policies
– Activity

• Kiosk Mode Operation

• Flexibility

– A personal key, group

key, or key for entire
organization

Symantec Endpoint Encryption 12

Removable Storage –
CD/DVD Burning

Symantec Endpoint Encryption 14

Architecture

• Adam
– Unique Instance
– Does not require
Schema
Modification to AD
– Allows for
Keys Application
Specific Needs
Reporting
Computer
Policies Users, Computers
and Groups/OUs
– Supports
State Replication
Active
ADAM Directory • Active Directory
– Authentication
– User Identities
– Group Policies
Symantec Endpoint Encryption 15
 Administrative Roles

• Active Directory (AD) Administrators

– Overall AD administrators
– Perform initial Management Console installation
– Delegate control to specific Symantec Endpoint Encryption Policy Administrators

• Symantec Endpoint Encryption Policy Administrators

– Create Client Setup (.msi) files and deploy to users’ computers
– Create and deploy policy updates to clients
– Audit clients with Symantec Endpoint Encryption Client Monitor
– Establish Symantec Endpoint Encryption Client Administrators

• Symantec Endpoint Encryption Client Administrators

– Perform administrative tasks on clients
– Unregister users
– Extend a scheduled lockout condition
– Initiate data recovery operations
– Unlock a machine

Symantec Endpoint Encryption 16

Managed Through GPOs

 Client Admin Accounts

 Autologon Timeframe
 Immediate Decryption
 One-Time Password Off or On
 Authenti-Check Off or On
 Authenti-Check Questions
 Reporting Interval
 ADAM Client Account
 Single Sign-On or Password Policy
 Max Incorrect Password Attempts
 Registration Password & Logon
Assistance Messages
 Decryption Rights
 Required Network Access Time Limit
 Display Last User Name at Logon
Symantec Endpoint Encryption 17
Additional Endpoint Protection

Network Access
Control
Results:

Device Control

Increased
Protection, Control &
Intrusion
Manageability
Prevention

Firewall
Reduced
Cost, Complexity &
Risk Exposure

Antispyware Symantec Endpoint Symantec Network

Protection 11.0 Access Control 11.0

AntiVirus
Single Agent, Single Console
Symantec Endpoint Encryption 18
Additional Data Loss Protection

Symantec Endpoint Encryption

Thank You !