Full Disk Encryption

Protect data where it’s the most vulnerable 

Automatic encryption of laptop and desktop hard drives protects critical information and prevents corporate data breaches. Check Point Full Disk Encryption provides the highest level of data security with multi-factor pre-boot authentication and the strongest encryption algorithms. The entire hard drive contents - including the operating system and even temporary files - are automatically encrypted for a completely transparent end-user experience. What’s more, centralized deployment, management and logging simplify policy administration, streamline compliance and reduce TCO. Now supports Windows 7.

Enquire about this product

---

---

Key Features

• Protects corporate information from unauthorized access and prevents costly data breaches when laptops are lost or stolen
• Fast compliance with the highest security certifications - FIPS 140-2, Common Criteria EAL4 and BITS
• Comprehensive platform support—including Windows 7, Mac OS X 10.6 (Snow Leopard) and Linux
• Highly scalable—proven in data security deployments of more than 200,000 seats
• Rapid deployment—as fast as 50,000 seats per month
• Trusted, market-leading data security—9 years in a row in the Leaders Quadrant of the Gartner Magic Quadrant for Mobile Data Protection

 

---

Full Disk Encryption

Automatic encryption of all hard drive contents, including the operating system, system files and temporary and erased files. All logical partitions are boot-protected and encrypted, sector-by-sector. As a result, attempts to copy individual files, or introduce rogue programs for brute force attacks, are made impossible - even if the hard drive is physically transferred to another computer. And, transparent encryption and a single user interface provide a simple and seamless user experience. Check Point Full Disk Encryption has been awarded the highest security certifications - including Common Criteria EAL4, FIPS-140-2 and BITS – thereby enabling compliance with global data privacy rules and regulations.

Pre-boot Authentication

Prevents unauthorized users from accessing or manipulating information stored on a protected computer. Users must provide all required credentials – username, password, certificate, token, etc. – before the operating system boot process will even begin. For the strongest security, Check Point Full Disk Encryption supports multi-factor authentication options such as certificate-based SmartCards and dynamic tokens.

Single User Interface

Whether deploying the full suite of Check Point Endpoint Security protections or only Check Point Full Disk Encryption, users will always have a single interface accessed via a single tray icon. The interface enables a user to view security status and log files, as well as make basic configuration changes as allowed. Supports multiple languages for global deployments.

Central Management and Logging

Check Point Full Disk Encryption is centrally managed from a single console enabling central policy enforcement and logging for easy compliance and simple administration. Central configuration and support for multiple deployment options streamlines initial installation for the lowest user impact.

Secure Remote Help

Remote Password Change and One-Time Logon remote help options are available for users who may have forgotten their passwords or lost access tokens. In addition, web-based remote help scenarios are supported.

---

Gartner Magic Quadrant for Encryption Products

Gartner Magic Quadrant for Mobile Data Protection 2007

---

Testing the Effect of Encryption on Disk Performance

Full-disk encryption testing shows no performance difference from systems without encryption.

Disk Performance Testing

In practical business use, the performance effect of most disk encryption products is negligible. Efficient encryption algorithms such as AES, combined with the faster performance of modern laptops and desktops, make the case for disk encryption ever more appealing. A staggering performance increase in CPUs relative to the stagnating performance of data transfer rates of hard drives makes full-disk encryption the obvious choice over selective encryption products, which often leave sensitive data unencrypted.

In conclusion, for the average business user, testing clearly shows that protection of data using full-disk encryption includes no practical penalty in performance of the PC.

Additional Whitepapers for Full Disk Encryption

Return On Investment from Encryption

Total Cost of Ownership for Encryption

Protecting stored cardholder data

Check Point Full Disk Encryption

Compliance Standards

 

Requirement 3: Protect stored cardholder data

GCSX No 6 Access Control

GCSX No 10 Mobile / Home Working

GCSX No 15 Removable Media 

A.7.1 Responsibility for assets 

A.9.2 Equipment security 

A.10.7 Media handling

A.10.8 Exchange of information

 

Using the ntegra FDE deployment solution ensures best practices are fully exploited, providing a solid foundation to ensure your encryption and security requirements are met without business disruption

Deployment of Check Point FDE needs to be carefully planned because:

• You need a smooth roll out, minimising disruption to users
• Impact on support overheads need to be kept to a minimum within the organisation
• Unplanned scenarios could preclude to at least excessive support overheads, if not actual loss of data

Planning your deployment of Full Disk Encryption

Depending on complexity of the business & security policy, adopting our approach ensures this preparation can usually be completed in one day. Roll out can then be performed as aggressively as required/appropriate

ntegra technical solution overview for a CheckPoint FDE deployment

Efficient & Transparent Encryption

Encryption Rate Approximately 12-15 GB / Hour

• Regardless of info amount on the hard drive
• Only 3-5% system performance degradation after disk is fully encrypted (Invisible to the end user)
• Configurable algorithm – AES, CAST, Blowfish, 3DES

Throttled Background Encryption Service

• Low priority process
• Allows other applications priority to access processor
• Continued end user productivity

Fault Tolerant

• User may shut down during encryption process
• Power outage does not effect encryption process

Highly Scalable, Easy To Deploy & Manage And Enforceable

• User may not un-install without administrator approval
• Lowers total cost of ownership (Configure and forget)

Suspend, Hibernation, Mouse Support

---

Central Sponsor for Information Assurance (CSIA)

The CSIA is a unit of the Cabinet Office with responsibility for providing a strategic direction for the UK in managing risks to information.  Full Disk Encryption is CSIA tested and approved.

 CSIA Certification for Pointsec PC

Full Disk Encryption Specifications