sign in sign up
<<
Home , Encryption

SOLUTION BRIEF Endpoint Helps Keep Your Data Safe Drive encryption, file and removable media protection, and management of native encryption Advantages ® McAfee endpoint encryption solutions protect valuable ■■ Secure data on office desktop PCs, Macs, mobile laptops, VDI corporate data on user devices and shared servers with workstations, and collaborative tools like shared folders, USB drives, and comprehensive encryption and integrated, centralized cloud storage.

■■ Confidently ensure consistent and management; consistent policies; robust reporting; and persistent data protection across proof-of-protection. devices. ■■ Protect company intellectual property, and support compliance requirements.

■■ Simplify security management and enable broad yet granular visibility using McAfee ePO software for centralized deployment, management, policy administration, auditing, and reporting.

■■ Easily and consistently enforce company-wide security policies.

■■ Reduce total cost of ownership and complexity by using comprehensive data protection solutions integrated with centralized management.

Connect With Us

1 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

Support productivity while confidently protecting ■■ Management of native encryption: Manages the data stored on office desktop PCs and Macs, on- native encryption functionality offered by Apple File and Removable Media the-go laptops, and collaborative tools like shared FileVault on OS X and Microsoft BitLocker on Windows, Protection network files, USB storage devices, and cloud storage. directly from MVISION ePO or McAfee ePO software. The McAfee® ePolicy Orchestrator® (McAfee ePO™) Endpoint Encryption Solutions Typical use cases software management infrastructure masterfully File and folder encryption

enables centralized deployment, management, policy Industry-leading data protection solutions from McAfee ■■ I want to automatically encrypt administration, recovery, monitoring, reporting, are available as key components in our endpoint and all files on my and auditing for ease of management, consistent data protection suites for extensible, customized laptop. protection, and low total cost of ownership (TCO). protection to fit your security needs today and in the ■■ I want to encrypt all files in a future. specific folder on my laptop. McAfee encryption solutions are available as key Network sharing components in the following protection suites: Encryption Solution Key Features ■■ I want to transparently encrypt Drive Encryption ■■ Enforces strong access control with pre- ® and limit access to a particular ■■ McAfee Complete Data Protection—Advanced boot Full network folder to the human ■■ ■■ McAfee® Complete Data Protection for Microsoft Windows Uses -strength, certified laptops and desktop encryption (FIPS, Common resources team. PCs prevents the loss of Criteria) Removable media encryption Comprehensive Data Protection sensitive data, especially ■■ FIPS 140-2 and Common Criteria from lost or stolen ■■ I want to block copying of files EAL2+ certified for the Intel Advanced McAfee data protection offers multiple layers of equipment Encryption Standard–New Instructions to a removable media device protection against data loss and unauthorized access. (Intel AES-NI) implementation unless the drive is encrypted.

The cornerstone of data protection is encryption, which ■■ Enables automatic, transparent ■■ I want to read the encrypted encryption without hindering is used primarily to prevent unauthorized access from device on a home computer performance that does not have any McAfee outsiders, especially when a device is lost or stolen. ■■ Supports mixed device environments, including solid-state drives software installed. The range of encryption solutions available in McAfee ■■ ■■ Supports Trusted Computing Group I want to allow access to the protection suites include: (TCG) Opal v1.0 self-encrypting drives encrypted devices only within

■■ Enhances performance through my organization. ■■ Drive encryption: Encrypts data on desktop PCs, support for Intel AES-NI technology Self-extracting files laptops, and Microsoft Windows tablets. ■■ Provides for zero-day compatibility with ■ Windows updates and upgrades from ■ I want to send an encrypted ■■ File and removable media protection: Encrypts data Microsoft email attachment to my partner

on network files and folders, removable media, USB ■■ Upgrade from one major Windows and allow them to access the portable storage devices, and cloud storage. version to the next without having to attachment without requiring decrypt and re-encrypt the drive them to install any software.

2 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

Encryption Solution Key Features Encryption Solution Key Features

File and Removable ■■ Delivers policy-enforced, automatic, ■■ Live authentication via Active Directory Media Protection transparent encryption of files and from within McAfee Preboot for new folders stored or shared in PCs, file users or forgotten Policy-enforced servers, VDI workstations, of files, ■■ System recovery using BitLocker attachments, removable media (USB folders, removable recovery if pre-boot authentication fails drives, CD/DVDs, and ISO files), and media, and cloud cloud-storage services ■■ BitLocker To Go USB support storage ■■ Prevents unauthorized access to ■■ Seamless transfer of encryption on network servers and management from McAfee® Drive removable media Encryption to McAfee® Management of Native Encryption when both are ■■ Provides key-sharing mechanisms that installed allow users to share files securely ■■ Upgrade from one major Windows ■■ Reads and edits encrypted data on version to the next without having to media without installing any software; decrypt and re-encrypt the drive data is saved with retained encryption Apple FileVault ■■ Hardware independent—even the least expensive media can be protected ■■ Through MVISION ePO or McAfee ePO software, an IT administrator can Management of Native Microsoft BitLocker secure and manage all OS X Mountain Encryption ■■ Through MVISION ePO or McAfee Lion, Mavericks, Yosemite, El Capitan, Protects data with ePO software, an IT administrator can Mojave, High Sierra, and Sierra that Apple’s native secure and manage all Windows 7, support Apple FileVault encryption, FileVault, 8, and 10 PCs that support Microsoft ■■ Provides zero-day compatibility with for Macs, and with BitLocker OS X patches, upgrades, and firmware Microsoft’s native ■■ Manage BitLocker on Windows 7, 8, and updates from Apple encryption, BitLocker 10 systems directly from MVISION ePO for Windows ■■ Provides single sign-on from FileVault’s or McAfee ePO software, without the pre-boot environment directly into OS X2 need for a separate Microsoft BitLocker Management and Administration ■■ Upgrade from one major OS X version (MBAM) server to the next without having to decrypt and re-encrypt the drive ■■ Provides zero-day compatibility with Windows updates and upgrades from Microsoft

■■ Optional McAfee® Preboot authentication enforces user domain authentication before Windows starts to boot1

3 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

Drive Encryption ■■ Supports multifactor authentication via password or a 7 McAfee drive encryption solutions protect valuable wide variety of supported tokens and smartcards. data on PC laptops and desktop computers with full ■■ Simplifies operating system (OS) updates with the drive encryption and strong access control. When a PC optional ability to temporarily suspend pre-boot or Mac with managed encryption is lost or stolen, it’s authentication when deploying OS patches and the generally not considered to be a event because ability to do a major refresh on the OS without needing the data is “unusable, unreadable, or indecipherable to to decrypt and re-encrypt data on the PC.8 3 unauthorized individuals.” Without encryption or proof- ■■ Works with select third-party forensics tools.9 of-protection through managed encryption, the biggest security concern is the possibility of a . The Benefits breach of confidential corporate or customer data can ■■ Multiple storage and sharing options: Encrypts data result in loss of intellectual property, industry and legal on local disks, file servers, removable media, and in noncompliance penalties, and more. email attachments (whether or not the recipient has McAfee ), providing storage and Key features sharing options to meet a wide range of needs. ■■ Encrypts all data on PCs. ■■ Policy-based, scalable encryption: Encryption ■■ Enforces strong access control with pre-boot is automatically deployed in accordance with the authentication. organization’s policy and can ■■ Uses military-strength, certified encryption algorithms be set differently for separate individuals, groups, (FIPS, Common Criteria).4 or entire companies. Encryption policies are created

■■ Enables automatic, transparent encryption in the using McAfee ePO software and can be assigned background. to users based on information from Microsoft Active Directory. Encryption keys are generated and ■■ Enhances performance through support for Intel AES- managed centrally using McAfee ePO software. Users NI technology.5 cannot override policies. ■■ Supports environments with software- and hardware- ■■ Automatic, always-on encryption: Encryption based encryption, including solid-state and self- follows the document when transferred between encrypting drives.6 storage media to ensure that the data remains secure ■ ■ Optimizes policy enforcement automatically for each without user interaction. The encryption information client, regardless of whether the PC uses software- or travels with the file in a “file header.” Files are hardware-based encryption or if it’s a new or existing encrypted when they are created, preventing hidden device.

4 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

data loss through plain text temporary files, or system ■■ Removable media encryption: All data (or page files (virtual memory from the hard disk), for portions of data) on standard off-the-shelf USB example. Encryption is retained when copying, moving, and other removable storage devices can be and editing files on supported storage media. encrypted, modified, and saved on the device with

■■ Transparent end-user experience: Encrypted separate authentication and retained encryption, documents keep original file extensions and still without needing any software installation or local appear as “normal” to the authorized user, with a administrative rights on the device host. No files are minimum of user interaction. The user authentication left on the host PC because wiping is built in. is fully integrated with the Microsoft Windows logon, ■■ Multiple, configurable protection: Authentication meaning that any authentication token used for the (password, CAC, or PIV smart cards) and recovery Windows logon is automatically supported by file and methods can be used. Separately, McAfee also offers removable media protection, yielding a completely hardware-encrypted USB flash and hard drives. transparent and simplified user experience. File and Removable Media Protection ■■ Granular flexibility: Granular options to encrypt individual documents, entire folders, locations, and/or File and removable media protection delivers policy- file types provide more effective selection of valuable enforced, automatic, transparent encryption of files and data to encrypt based on policies, while also allowing folders stored or shared on PCs, Macs, file servers, email the user to encrypt additional files on demand. attachments, removable media (for example, USB drives and CD/DVDs), and on cloud storage. ■■ Encrypted document sharing: Authorized users can easily share encrypted documents among individuals Benefits or within groups enabled by the centralized key ■■ Protect removable media: Off-the-shelf USB management in McAfee ePO software. The encryption devices are small and inexpensive, so they’re easy to and decryption happen “on the fly” on the client side misplace or lose. With policy-based encryption and when accessing and saving protected documents. Self- McAfee ePO software, it’s quick and easy to enforce extracting files can be used for email attachments, organization-wide encryption policies for removable and, for user convenience, the recipient doesn’t need media to mitigate the risk of data loss. Encrypting to install any encryption software in order to read the removable media still permits the media to be used encrypted attachment. by the authorized owner outside the organization for retained portability.

5 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

■■ Protect local data: File and removable media ■■ Report compliance in various reports and dashboards protection offers PCs and Macs an extra level of in MVISION ePO or McAfee ePO software.

protection for sensitive data stored on a hard drive, ■■ Provide the FileVault Recovery Key, as required, when whether the computer is on or off. you need to use Apple-provided recovery tools and ■■ Protect data on network shares: If a cybercriminal workflows.

somehow gets into your network, having files and ■■ Allow administrators to manually import FileVault folders separately encrypted provides an extra layer Recovery Keys where users have already manually of protection, as the data it contains is unreadable and enabled FileVault. unusable to unauthorized parties. It is also possible ■■ Proof-of-compliance report in the event of a lost or to stack separately encrypted files in separately stolen laptop. encrypted folders for even more security.

■■ Protect data on cloud storage: Securely store Benefits for Mac encrypted data on cloud storage services such as Box, ■■ Ability to upgrade from one major OS X version to next Dropbox, Google Drive, and Microsoft OneDrive. without having to decrypt and re-encrypt the drive.

■■ Management of Native Encryption Ability to use single sign-on (SSO) from FileVault’s pre- boot environment directly into OS X. Management of Native Encryption allows customers ■■ to manage the native encryption functionality offered Zero-day compatibility with OS X patches, upgrades, by Apple FileVault on OS X and Microsoft BitLocker and firmware updates from Apple. on Windows platforms directly from MVISION ePO ■■ Zero-day support for new hardware from Apple.

or McAfee ePO software. It also provides an optional ■■ IT can enforce password policies for OS X. McAfee Preboot security layer for on-prem McAfee ePO ■■ Full compatibility in pre-boot for all languages users. supported by Apple.

Key features for Mac ■■ Support for a new bring-your-own-device (BYOD) ■■ Manage FileVault on any Mac hardware that can run mode where the device is not managed—only the OS X Mountain Lion, Mavericks, Yosemite, El Capitan, state of compliance is reported in MVISION ePO or Mojave, High Sierra, and Sierra directly from MVISION McAfee ePO software (suitable for contractors).

ePO or McAfee ePO software. ■■ Simple to administer and manage. ■■ Enforce a standard password complexity policy on local OS X users.

6 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

Key features for Windows ■■ Supports Microsoft eDrive.

■■ User-friendly McAfee Preboot authentication adds ■■ Consistent management interface for both FileVault pre-boot security to BitLocker, enforcing user-domain and BitLocker management. authentication at startup using the McAfee Preboot ■■ MVISION ePO or McAfee ePO software manages 10 authentication environment. BitLocker recovery keys, providing administrative ■■ Enhanced user log-on experience in McAfee Preboot workflows for recovery scenarios. will authenticate live against Active Directory over ■■ Integrates with McAfee® Data Protection Self-Service DXL—for users whose McAfee Preboot-cached Portal to allow user web-based recovery. credential is out of date or who are not yet provisioned ■■ Report compliance in various reports and dashboards to McAfee Preboot environment—mirroring the in MVISION ePO or McAfee ePO software. Windows user provisioning workflow.11

■■ Use BitLocker recovery if authentication at McAfee Benefits for Windows Preboot is not possible for any reason. ■■ Manage BitLocker and BitLocker to Go from MVISION ■■ BitLocker To Go USB support allows you to manage ePO or McAfee ePO software, without the need for removable media on BitLocker-encrypted client a separate Microsoft BitLocker Management and systems via MVISION ePO or McAfee ePO software Administration (MBAM) server. policies. ■■ McAfee Preboot security provides user domain ■■ Automatic unlock of data volumes on servers via authentication—a capability not provided by Microsoft network unlock. BitLocker.12

■ ■■ Seamless transfer of encryption management from ■ Live authentication via Active Directory over DXL from McAfee Drive Encryption to McAfee Management McAfee Preboot minimizes help desk calls around user of Native Encryption if they are both installed on an password sync issues and forgotten passwords and endpoint. eliminates the need to pre-provision all potential users to the system. ■■ Manage Microsoft BitLocker on Windows 7, 8, or 10 hardware directly from McAfee ePO software. ■■ Self-service portal allows users to recover their own machines. ■■ Utilizes the Trusted Platform Module (TPM) 1.2 and 2.0 hardware to provide a transparent user experience. ■■ Zero-day compatibility with Windows OS patches and updates from Microsoft. ■■ Supports FIPS 140-2 requirements in certain configurations. ■■ Zero-day support for tablet hardware from Microsoft.

7 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

■■ Support for certified Windows To Go devices. ■■ Checks for incompatible products before activating

■■ Support for a BYOD mode where the device is not the McAfee client and provides status reporting via the managed—only the state of compliance is reported in McAfee ePO platform. McAfee ePO software (suitable for contractors). ■■ Enables remote, no-touch Microsoft Windows XP to

■■ Simple to administer and manage. Microsoft Windows 7 migration, including keeping the user’s data and machine encrypted during the entire ■■ Seamless upgrade path from McAfee Drive Encryption process. (requires decrypt/re-encrypt). Shared infrastructure Integrated, Centralized Management with ■■ McAfee ePO Software Supports mixed encryption environments, enabling organizations to maintain a single policy The award-winning McAfee ePO software management and management infrastructure for the entire infrastructure provides centralized deployment, environment, regardless of whether it is software- or management, shared policy administration, password hardware-based encryption. recovery, monitoring, reporting, auditing, and proof-of- ■■ Share tasks, policies, and management infrastructure protection. McAfee ePO software works for encryption, regardless of the encryption mix. data loss prevention (DLP), and other McAfee products for ease of management, consistent protection, holistic Customizable, granular policies visibility, and low TCO. It’s security management you can ■■ Offers customization by user (individual, shared by rely on. groups, or the entire company), PC/Mac, or server.

Key features ■■ Enables you to specify a new encryption policy at any Enterprise-class scalability level of the organization to handle specific use cases.

■ ■ Enables efficient server utilization for larger ■■ Allows you to use scripting to customize a wide installations. range of management tasks, like user and password management.13 Simplified deployment ■■ Provides optional policy-based lockout of PC-to- ■■ Enables lower administrative overhead with single- network resources if there is no recent check-in by the console and common management agent for data endpoint to the network. protection and products.

■■ Identifies PCs and Macs that are not protected and then deploys the McAfee ePO software agent to protect PCs and Macs according to policies.

8 Endpoint Encryption Helps Keep Your Data Safe SOLUTION BRIEF

Status dashboards and full reporting McAfee data protection solutions deliver comprehensive ■■ Stores all audit and logging information on the McAfee protection with integrated, centralized management. ePO software console. These customizable solutions help organizations protect vast amounts of confidential business and compliance- ■■ Generates standard or custom reports on the entire related data today and are easily extensible to meet McAfee ePO software-managed network. evolving future security needs as well. Trust McAfee to Actionable reporting with the McAfee ePO software provide data protection solutions that will let you stay console and above focused on what you do best: running a successful ■■ Includes superior recovery tools, including user self- business. recovery. For more information about McAfee endpoint ■■ Empowers you to take immediate action directly from encryption and management solutions, please visit a report to perform tasks on targeted systems or www.mcafee.com/dataprotection, or call us at 888 resolve issues. 847 8766, 24 hours a day, seven days a week. ■■ Allows you to use the McAfee ePO software console rogue system detection option to determine which machines are unsecured, even if there is no agent running on the machine.

■■ McAfee delivers strong access control and encryption combined with robust management and proof-of-

protection so companies can be confident that their 1. Preboot capability available only in McAfee ePO. data remains secure. 2. Ibid. 3. Federal Register Notice, August 24, 2009. Hhs.gov. 4. Supported on McAfee Drive Encryption for PCs only. 5. Ibid. 6. Ibid. 7. Ibid. 8. Ibid. 9. Supported on McAfee Drive Encryption for PCs only. Third-party forensic solutions are required at additional cost. 10. Preboot capability available only in McAfee ePO. 11. Ibid. 12. Ibid. 13. Supported on McAfee Drive Encryption for PCs only.

2821 Mission College Blvd. McAfee and the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks of McAfee, LLC or its subsidiaries in the US and other Santa Clara, CA 95054 countries. Other marks and brands may be claimed as the property of others. Copyright © 2019 McAfee, LLC. 4375_1019 888.847.8766 OCTOBER 2019 www.mcafee.com

9 Endpoint Encryption Helps Keep Your Data Safe