Symantec Endpoint Encryption Overview
Symantec Endpoint Encryption is a comprehensive security solution designed to protect sensitive data on endpoint devices, including desktops, laptops, and servers, as well as removable storage media such as USB flash drives and external hard drives.
Key Functionality
- Full Disk Encryption (FDE): Symantec Endpoint Encryption ensures that all data on the internal hard drives of desktops, laptops, and servers is encrypted, making it inaccessible to unauthorized parties when the device is powered off or in a hibernate state.
- Removable Media Encryption: The product extends its encryption capabilities to removable storage devices, protecting data stored on USBs, external hard drives, and memory cards.
Encryption and Authentication
- Advanced Encryption Standard (AES): Symantec Endpoint Encryption uses the AES encryption algorithm with either 128-bit or 256-bit keys, providing strong protection against current and emerging threats.
- Multi-Factor Authentication: The product supports multi-factor authentication, including passwords, cryptographic tokens, and smart cards. It also integrates with Active Directory services for seamless authentication.
- Pre-Boot Authentication: Pre-boot password or smart card-based authentication ensures that only authorized individuals can access the device’s data.
Centralized Management
- Symantec Endpoint Encryption Management Server: The solution is designed for centralized management through the Symantec Endpoint Encryption Management Server, which must be hosted in an Active Directory domain. This allows for easy deployment, administration, and management of encryption policies across the enterprise.
- Policy Administration: Administrators can configure and update various policies, including password authentication, communication intervals, and encryption settings, through the Management Console. This includes automating individual and group policies and syncing them with Active Directory.
Additional Features
- Single Sign-On (SSO): Symantec Endpoint Encryption supports SSO to avoid the need for users to remember and enter multiple passwords, enhancing user convenience and security.
- Brute-Force Attack Mitigation: The system can be configured to add delays between authentication attempts or lock out users after a specified number of failed attempts, protecting against brute-force attacks.
- Compliance and Reporting: The product helps achieve regulatory compliance with various standards such as PCI, SB1386, and HIPAA. It also provides extensive logging, auditing, and reporting capabilities to ease the burden of proof for administrators.
- User-Friendly and Transparent: The encryption process operates transparently to users, with minimal performance impact, and does not require end-user training. Initial encryption can occur in the background while users continue working.
System Requirements and Support
- Platform Support: Symantec Endpoint Encryption is supported on newer Windows operating systems, including Windows 8.1, Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008.
- Hardware and Software Requirements: The Management Server requires specific hardware and software configurations, such as Intel Pentium 4 processor and 512 MB RAM, and must be connected to a Domain Controller running Microsoft Windows Server 2003 or later.
In summary, Symantec Endpoint Encryption is a robust solution that offers strong encryption, flexible authentication options, and centralized management, making it an effective tool for protecting sensitive data across various endpoint devices and removable media in enterprise environments.