search cancel

How Symantec Encryption Products stand out above the competition

book

Article ID: 201122

calendar_today

Updated On:

Products

Drive Encryption Desktop Email Encryption Encryption Management Server PGP Command Line

Issue/Introduction

This article will cover how Symantec Encryption Products stand out above the competition

Resolution

Encryption Solutions to meet every encryption need
Symantec Encryption Products provide organizations with a mature set of encryption products that include features to cover most encryption needs.  Some of these features include File Share Encryption (for Microsoft NTFS shares), Individual File Encryption, Virtual encrypted containers, Removable Media Encryption, Email Encryption, Drive Encryption (AKA Whole Disk Encryption) as well as On-Premise Email encryption in the Gateway.  All of these products combined are on premise solutions and allow organizations to have complete control over what is deployed and how.

As you would expect, all of these features and components can be managed centrally from the Symantec Encryption server console allowing incredible control of endpoints you are wanting to secure.

All Encryption products are managed by an Encryption Server, which offers granular control over the plethora of features available.  This means that if you can conceive the policy or scenario, you can achieve it with our Encryption Management Servers.  Every feature we offer is fully customizable and allows you to tweak just about anything to meet your security needs and existing security policies.  

Highest Security Standards and world-class on-premise encryption solutions
Symantec Encryption solutions use the highest security standards available allowing you to be rest assured your data is secured.  Using Symantec Encryption products will ensure that not only are you using world-class on-premise encryption solutions, you will be supported by a dedicated team to ensure success in any deployment.

 

File Share Encryption for NTFS and traditional network shares
If you have shares on a fileserver on the network that need to be accessed in the more traditional non-cloud method and also need to be secured, such as NTFS shares in the network, Symantec File Share is available to secure these shares and will allow collaboration with other File Share users via Group Keys and central management with the Encryption Server.  This solution allows you to easily secure these shares by a solution so unique it is difficult to beat.

 

Email Encryption Solutions
Email encryption solutions allow you to automatically encrypt email using POP, IMAP and MAPI using trusted security standards to secure your data with other PGP or SMIME users.  Our Email encryption solutions are available on endpoints as well as in the Gateway for on-premise deployments.  

When our Symantec Encryption solutions are deployed in your gateway on-premise, you have the ability to encrypt email content to recipients without requiring those end users to purchase any additional information via the Web Email Protection feature of Symantec Encryption Management Server.  Secure PDF messages are also available to easily send sensitive documents w/out requiring the end users to purchase any additional software.


Automated Powerful File Encryption or on-the-fly
Individual file encryption is also available to end users as well as to powerfully encrypt files automatically with PGP Command Line.  Integrating PGP Command Line with our server allows you to manage all encryption keys on a secure server without having to store encryption keys locally where the encryption is taking place. 

Symantec Encryption Solutions also offer the organization the ability to encrypt individual files with easy wizard-like steps.  If you need to store a group of files in a hidden Virtual Disk accessible only when authenticated, this is also available.


Drive Encryption Solutions with Connectionless Recovery
One of our most popular products, Symantec Drive Encryption allows you to encrypt drives on desktop and laptop machines to ensure data stored is completely safe.  When comparing the features of native Windows Drive Encryption and Symantec Drive Encryption you can see the Symantec Encryption products have a robust suite of encryption solutions to meet just about every encryption need.  Many of these solutions are not available until you deploy many solutions or enroll into multiple ecosystems.

Native Windows Drive Encryption and Symantec Drive Encryption are most similar out of the various solutions above, however there are some differences that make using Symantec Encryption Drive Encryption a better choice.  Symantec products make complex security and management problems easy to solve making the Symantec Drive Encryption component superior to native Windows Drive Encryption.

A benefit of using Symantec Drive Encryption over native Windows Drive Encryption is that with native Windows Drive Encryption if you use it without TPM, all systems must use a common PIN.  This means that if multiple users use the same machine they must all share the same PIN.  If only one user is using the machine, they must enter the PIN and then login with their Windows credentials.  This is authenticating two times.  Symantec Drive Encryption products integrate Single Sign-On (SSO) functionality so once authenticated, the user is automatically logged in to Windows by entering credentials only once.

Other benefits of using Symantec Drive Encryption include making life easier for the Administrator by adding client administration features for user management for many scenarios.  A common scenario client administrators have include the ability to authenticate a machine if an end user cannot making recovery a breeze.

If native Windows Drive Encryption is used with a TPM chip, there is no preboot screen the user sees.  This means that the operating system will boot up and will land you on the Windows Login screen without the user having to enter any passphrase. This is akin to an "Autologin" feature that skips the preboot screen and is considered less secure.  While this may be convenient, it is not considered the most secure method to secure a system.  Although Symantec Drive Encryption products have this autologon functionality, in normal deployments the preboot screen comes up before the system will even load the operating system making this the most secure method of encryption.


Recovery is another benefit over native Windows Drive Encryption.  Most Drive Encryption solutions require the client to be connected to the server in order to manage the recovery keys in case a user forgets their passphrase. Symantec Encryption products incorporate "connection-less recovery", which will allow a system to be encrypted even without contacting the management server and if a user forgets the passphrase, recovery is still possible.
Symantec Encryption solutions also offer Removable Media Encryption to encrypt optical media, USB drives, or similar devices.

Because Symantec Drive Encryption uses its own proprietary and state of the art FIPS validated security, which is all software based, many of the known security flaws in hardware are completely irrelevant.  When there is a flaw in TPM or otherwise, you can rest assured you are using an encryption solution that will continue to provide you with robust security at a sector-by-sector level.

While we will always recommend you use Symantec Drive Encryption products due to the robust feature list, Symantec Encryption also allows you to manage the recovery keys for both Microsoft's Bitlocker and Apple's File Vault encryption, all without the need to configure complex GPOs or have additional proprietary management servers.  All your Encryption needs can be handled in one interface that is both feature rich, and easy to use and manage, cutting down on the total IT cost of ownership.  


All of the above components have many additional features included to help meet all your needs to securing your data at rest as well as in motion.  Of great importance, doing business with Symantec Enterprise Division will ensure you are working with the leader of security solutions to support you along the way from a trusted brand that has proven its reputation.  Please reach out to your Symantec team for assistance to help you take advantage of all of these components and features.

Documentation and references:

Symantec Endpoint Encryption

Symantec Encryption Management Server

PGP Command Line

Additional Information

151074 - Symantec Endpoint Encryption and PGP Encryption Solutions Comparison