ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Endpoint Encryption

    Scheduled Pinned Locked Moved IT Discussion
    encryption
    20 Posts 8 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      Sophos SafeGuard Encryption
      http://www.sophos.com/en-us/products/safeguard-encryption.aspx

      1 Reply Last reply Reply Quote 0
      • thanksajdotcomT
        thanksajdotcom @A Former User
        last edited by

        @Hubtech May I ask why you're encrypting? If you're using Windows 8 or 8.1, TrueCrypt doesn't work last I knew. If you really need encryption on 8, it might be worth looking into getting a version that supports Bitlocker.

        If it's not 8, what is getting corrupted?

        1 Reply Last reply Reply Quote 0
        • BudB
          Bud
          last edited by

          My first question to people asking about an encryption solution is: Do you need a centrally managed solution or are you good with a version that is managed on a machine-by-machine basis?

          Here, we use a centrally managed solution. We use McAfee Endpoint Encryption. Yes, it is a McAfee product. It's pretty straightforward. The only issue we've had with it is we changed one group to a single sign-on after we deployed and it wound up corrupting the token. Big deal? Nope. Still works. Just have to perform a recovery operation with them on the phone that takes about 15 minutes.

          Plus, when the person is no longer employed by us and we receive their laptop, we can decrypt the laptop and back up everything we need to for long term storage.

          thanksajdotcomT 1 Reply Last reply Reply Quote 0
          • thanksajdotcomT
            thanksajdotcom @Bud
            last edited by

            @Bud Their encryption is commonly pre-loaded on a lot of new HP Probooks/Elitebooks. It's okay. Never used the fully managed version though.

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              Windows 7 pro. Medical office with 20 laptops. Hippa. Sorry this so choppy I'm on my cell.

              thanksajdotcomT 1 Reply Last reply Reply Quote 0
              • thanksajdotcomT
                thanksajdotcom @A Former User
                last edited by

                @Hubtech said:

                Windows 7 pro. Medical office with 20 laptops. Hippa. Sorry this so choppy I'm on my cell.

                Ok. 7 Ultimate does have Bitlocker but again, what is getting corrupted on the HDD when using that? What's the pattern? Is it after a certain amount of time? A certain program? I have seen where encryption programs will conflict, even at different levels. So while the HDD may be encrypted, if there is something else INSIDE Windows with its own encryption that can do it.

                Another example I saw once was an HP laptop that encryption kept screwing things up. The machine was one BIOS update behind and it happened to be that that BIOS update had fixed encryption issues. Look there.

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User
                  last edited by

                  Laptops will not boot. I assume the file system corrupts. That's why I was recuva Ing this weekend. Central management would be nice.

                  thanksajdotcomT BudB RoguePacketR 3 Replies Last reply Reply Quote 0
                  • thanksajdotcomT
                    thanksajdotcom @A Former User
                    last edited by

                    @Hubtech said:

                    Laptops will not boot. I assume the file system corrupts. That's why I was recuva Ing this weekend. Central management would be nice.

                    Do they POST or not even to that point? What is the model/are the models?

                    1 Reply Last reply Reply Quote 0
                    • BudB
                      Bud @A Former User
                      last edited by

                      @Hubtech said:

                      Laptops will not boot. I assume the file system corrupts. That's why I was recuva Ing this weekend. Central management would be nice.

                      McAfee, Symantec, Sophos, all have centrally managed solutions. I'm sure that Kapersky and others do as well.

                      If the laptops post, but the login screen does not launch, it sounds as if the partition that has Bitlocker may be corrupted. It could also be something within the file that got screwed up.
                      CAVEAT - I've never used Bitlocker, so I'm just trying to make some assumptions based on other things I've used. Is it integrated with AD? If so, did users reset their passwords while off the network and does that affect Bitlocker? What mode does Bitlocker run (my understanding is that there are various modes)?

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User
                        last edited by

                        they are currently running vdi and local computers aren't on a domain. Something I'm changing soon. I'm not really looking for troubleshooting, just products. Thanks

                        thanksajdotcomT 1 Reply Last reply Reply Quote 0
                        • thanksajdotcomT
                          thanksajdotcom @A Former User
                          last edited by

                          @Hubtech said:

                          they are currently running vdi and local computers aren't on a domain. Something I'm changing soon. I'm not really looking for troubleshooting, just products. Thanks

                          Ok, my bad. Then yea, several options are out there but I'm far from an expert on the matter of centrally managed encryption.

                          1 Reply Last reply Reply Quote 0
                          • BudB
                            Bud
                            last edited by

                            Here's a decent comparison chart: http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

                            Depending on which A/V solution you are using, you might want to go with that. Our philosophy here is to not put all our eggs in the same basket, so we use McAfee for encryption and Symantec for A/V. YMMV.

                            PackMatt73P 1 Reply Last reply Reply Quote 0
                            • ?
                              A Former User
                              last edited by

                              I'm using Vipre via GFI Max at this particular client. I've been asking them to add endpoint encryption to their offering. they really listen to their subscribers. just a waiting game though

                              scottalanmillerS 1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @A Former User
                                last edited by

                                @Hubtech said:

                                I'm using Vipre via GFI Max at this particular client. I've been asking them to add endpoint encryption to their offering. they really listen to their subscribers. just a waiting game though

                                That's pretty cool. Will they be offering centralized management when they do?

                                ? 1 Reply Last reply Reply Quote 0
                                • ?
                                  A Former User @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @Hubtech said:

                                  I'm using Vipre via GFI Max at this particular client. I've been asking them to add endpoint encryption to their offering. they really listen to their subscribers. just a waiting game though

                                  That's pretty cool. Will they be offering centralized management when they do?

                                  that's the plan. I've been riding them for a little while now asking to be on their beta team:) i'm such a gfiFanboi

                                  1 Reply Last reply Reply Quote 0
                                  • RoguePacketR
                                    RoguePacket @A Former User
                                    last edited by RoguePacket

                                    @Hubtech Using Symantec PGP since before it as Symantec's.

                                    Backend is not for the faint of heart. Not inexpensive overall. Central management and policy enforcement was a mandatory component for the clinical users/HIPAA. Has a reasonable wrapper for multiple logins to access the encrypted HDD, can do remote revocation, tracks usage/callbacks, and makes our OCR monitor happy. Have an agreement for data recovery & encryption key exchange if/when that needs to occur. Has a CD boot option to decrypt drives. Works for external HDDs. Policy has high number of options, which we have much limited for manageability.

                                    Generally have problems with:

                                    • new laptop models,
                                    • new OSes,
                                    • dual boot machines, and
                                    • firmware/BIOS/UEFI updates.

                                    Some I.T. admins have got it on dual boot machines, but most in the organization make do with VMs for those users. Can take 3-6 months for a PGP update to catchup to the "new" OS or laptops.

                                    1 Reply Last reply Reply Quote 0
                                    • hutchingspH
                                      hutchingsp
                                      last edited by

                                      BeCrypt DiskProtect is worth looking at - used heavily in defence and government (with higher grade approved encryption).

                                      1 Reply Last reply Reply Quote 0
                                      • PackMatt73P
                                        PackMatt73 Vendor @Bud
                                        last edited by

                                        @Bud said:

                                        Here's a decent comparison chart: http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software

                                        Depending on which A/V solution you are using, you might want to go with that. Our philosophy here is to not put all our eggs in the same basket, so we use McAfee for encryption and Symantec for A/V. YMMV.

                                        Always a good move. Of course all us vendors want everyone using every product but come on...we know that diversity in applications keeps you safe.

                                        If you need anything w/r/t your SEP, hit me up.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Long time follow up here. But for those stumbling on there, VeraCrypt would be an important tool to consider today.

                                          1 Reply Last reply Reply Quote 0
                                          • 1 / 1
                                          • First post
                                            Last post