search cancel

How Symantec Encryption Products stand out above the competition

book

Article ID: 201122

calendar_today

Updated On:

Products

Drive Encryption Desktop Email Encryption Encryption Management Server PGP Command Line

Issue/Introduction

This article will cover how Symantec Encryption Products stand out above the competition.


For a brief overview of our portfolio, please enjoy the Symantec Encryption Overview Video

Resolution

Encryption Solutions to meet every encryption need
Symantec Encryption Products provide organizations with a mature set of encryption products that include features to cover most encryption needs.  Some of these features include PGP File Share Encryption (for Microsoft NTFS shares), Individual File Encryption, Virtual encrypted containers, Removable Media Encryption, Email Encryption, Drive Encryption (AKA Whole Disk Encryption) as well as On-Premise Email encryption in the Gateway.  All of these products combined are on premise solutions and allow organizations to have complete control over what is deployed and how.

As you would expect, all of these features and components can be managed centrally from the Symantec Encryption server console allowing incredible control of endpoints you are wanting to secure.

All Encryption products are managed by an Encryption Server, which offers granular control over the plethora of features available.  This means that if you can conceive the scenario, you can achieve it with our Encryption Management Servers with policies and ease of use.  Every feature we offer is fully customizable and allows you to tweak just about anything to meet your security needs and existing security policies.  

Highest Security Standards and world-class on-premise encryption solutions
Symantec Encryption solutions use the highest security standards available allowing you to be rest assured your data is secured.  Using Symantec Encryption products will ensure that not only are you using world-class on-premise encryption solutions, you will be supported by a dedicated team to ensure success in any deployment.

 

File Share Encryption for NTFS and traditional network shares
If you have shares on a fileserver on the network that need to be accessed in the more traditional non-cloud method and also need to be secured, such as NTFS shares in the network, Symantec File Share is available to secure these shares and will allow collaboration with other File Share users via Group Keys and central management with the Encryption Server.  This solution allows you to easily secure these shares by a solution so unique it is difficult to beat.

 

Email Encryption Solutions
Email encryption solutions allow you to automatically encrypt email using POP, IMAP and MAPI using trusted security standards to secure your data with other PGP or SMIME users.  Our Email encryption solutions are available on endpoints as well as in the Gateway for on-premise deployments.  

When our Symantec Encryption solutions are deployed in your gateway on-premise, you have the ability to encrypt email content to recipients without requiring those end users to purchase any additional information via the Web Email Protection feature of Symantec Encryption Management Server.  Secure PDF messages are also available to easily send sensitive documents w/out requiring the end users to purchase any additional software.


Automated or On-the-Fly Encryption offers a Powerful way to Secure your data
Individual file encryption is also available to end users as well as to powerfully encrypt files automatically with PGP Command Line.  Integrating PGP Command Line with our server allows you to manage all encryption keys on a secure server without having to store encryption keys locally where the encryption is taking place. 

Symantec Encryption Solutions also offer the organization the ability to encrypt individual files with easy wizard-like steps.  If you need to store a group of files in a hidden Virtual Disk accessible only when authenticated, this is also available.


Drive Encryption Solutions with Connectionless Recovery
One of our most popular products, Symantec Drive Encryption allows you to encrypt drives on desktop and laptop machines to ensure data stored is completely safe.  When comparing the features of native Windows Drive Encryption and Symantec Drive Encryption will quickly see the Symantec Encryption products have a robust suite of encryption solutions to meet just about every encryption need.  Many alternative solutions are not available until you deploy many solutions or enroll into multiple ecosystems.  Symantec Encryption was designed to make your life easier while you secure your data!

Native Windows Drive Encryption and Symantec Drive Encryption are most similar out of the various solutions above, however there are some differences that make using Symantec Encryption Drive Encryption a better choice.  Symantec products make complex security and management problems easy to solve making the Symantec Drive Encryption component superior to native Windows Drive Encryption.

The Web Portal with Dashboard available for administration offers a beautiful and slick design to manage your endpoints, which was designed with simplicity in mind.

A benefit of using Symantec Drive Encryption over native Windows Drive Encryption is that with native Windows Drive Encryption if you use it without TPM, all systems must use a common PIN.  This means that if multiple users use the same machine they must all share the same PIN.  If only one user is using the machine, they must enter the PIN and then login with their Windows credentials.  This is authenticating two times. Symantec Drive Encryption products integrate Single Sign-On (SSO) functionality so once authenticated, the user is automatically logged in to Windows by entering credentials only once.

Other benefits of using Symantec Drive Encryption include making life easier for the Administrator by adding client administration features for user management for many scenarios.  A common scenario client administrators have include the ability to authenticate a machine if an end user cannot making recovery a breeze.

If native Windows Drive Encryption is used with a TPM chip, there is no preboot screen the user sees.  This means that the operating system will boot up and will land you on the Windows Login screen without the user having to enter any passphrase. This is akin to an "Autologin" feature that skips the preboot screen and while this may seem convenient, it is not considered the most secure method to secure a system.

Although Symantec Drive Encryption products have this autologon functionality, in normal deployments the preboot screen comes up before the system will even load the operating system making this the most secure method of encryption.  If a native Windows Drive Encryption system is using TPM and the drive has some issues, recovery is very difficult.  Symantec Encryption offers a variety of recovery options to make data access possible.

Passphrase Recovery is another benefit over native Windows Drive Encryption.  Most Drive Encryption solutions require the client to be connected to the server in order to manage the recovery keys in case a user forgets their passphrase. Symantec Encryption products incorporate "connection-less recovery", which will allow a system to be encrypted even without contacting the management server and if a user forgets the passphrase, recovery is still possible. 

Removable Media Encryption Provides Seamless Data Security
Symantec Encryption solutions also offer Removable Media Encryption to encrypt optical media, USB drives, or similar devices.  Training users to use RME is simple because they continue to use their removable devices as they always have and is completely seamless for them. All encryption takes place automatically behind the scenes and the users hardly notice their data being secured.


FIPS Validated and Architected for Best-In-Class Security
Because Symantec Drive Encryption uses its own proprietary and state-of-the-art FIPS validated security, which is all software based, many of the known security flaws in hardware are completely irrelevant.  When there is a flaw in TPM or otherwise, you can rest assured you are using an encryption solution that will continue to provide you with robust security at a sector-by-sector level.


All-In-One Encryption Management
While we will always recommend you use Symantec Drive Encryption products due to the robust feature list and expanded flexibility in management, Symantec Encryption also allows you to manage the recovery keys for both Microsoft's Bitlocker and Apple's File Vault encryption, all without the need to configure complex GPOs or have additional proprietary management servers.  All your Encryption needs can be handled in one interface that is both feature rich, and easy to use and manage, cutting down on the total IT cost of ownership.  


Product and Support Teams Dedicated to Success
All of the above components have many additional features included to help meet all your needs to securing your data at rest as well as in motion.  Of great importance, doing business with Broadcom/Symantec will ensure you are working with the world leader of security solutions to support you along the way from a trusted brand that has proven its reputation year after year.

Reach out to your Symantec Encryption team for assistance to help you take advantage of all of these components and features. 

Visit our company web page for Encryption and data sheets.


Documentation and references:

Symantec Endpoint Encryption

Symantec Encryption Management Server

PGP Command Line

Additional Information

151074 - Symantec Endpoint Encryption and PGP Encryption Solutions Comparison

Symantec Encryption Overview Video