• Contacts
  • Contact Details
  • Contact Us
  • Home
• Encryption Solutions
  • Enterprise Encryption
  • Laptop Encryption
  • PC Encryption
  • PDA/SmartPhone Encryption
  • Email Encryption
  • Portable Media Encryption
  • Services
• Solutions for email
  • Email Archiving
  • Webroot E-mail Filtering Service
  • E-mail Firewalls Anti-SPAM
  • Anti-Virus
• Enterprise Mobile Solutions
  • Application Development
  • Mobile Device Management
  • Mobile Device Security
• Security Solutions
  • Remote Access SSL VPN
  • Password & Identity Management
  • Internet Firewall
  • Secure DNS Server
  • Document Collaboration
  • Web Content Management
  • E-commerce
  • Alumni Membership
  • Network File Encryption
  • USB Memory Drives
  • Smart Cards & Single Signon
  • Aladdin eToken
  • URL Web Filter
  • Fault Tolerant IP
  • SSL Acceleration
  • Tape Backup
  • Network Storage
  • Wireless Networking
  • Domain Names
• Resources
  • Library
  • Product Data Sheets
  • Customer Projects
  • Articles & Links
  • Credit Card Systems
  • Nominet T&C's
  • Accessibility
• Site
  • Home
  • News
  • Events
  • Contact Details
  • Contact Us

Enterprise Encryption

The challenge in managing any successful security policy is in designing and implementing it such that it does not affect day to day operations within your organisation and therefore have a negative impact on the business. This means that any solution needs to be able to adapt itself to your existing processes and practices, support current and future technology whilst providing a high degree of audit capability.

Sophos SafeGuard Enterprise is a highly scalable platform that has various modules that form an integrated security solution. It takes the concept of encryption to a new level as Enterprise focuses at the data level (and its content) and can take steps to secure it in various ways depending on many factors - this multi-dimensional approach is far removed from previous technology which was focused on securing the device rather than the data.

ecommnet quickly realised that implementing SafeGuard Enterprise would be one of the most effective ways of securing organisations from data leakage across a broad variety of endpoints whilst providing the flexibility to continue to use current business processes and practices and existing hardware that organisations had already made an investment in.

ecommnet have had a number of successful implementations of Enterprise across various clients with projects ranging from a few hundred users to many thousands of users. We have developed a methodology for deployment of SafeGuard Enterprise that has proven to be very successful whilst also reducing the risks inherent. This has made ecommnet technically one of the most proficient Sophos partners in Europe.

Components of SafeGuard Enterprise

Management Centre

Management Centre is the software which as the name suggests allows centralised management of the Sophos client products. This is useful not only for roll-out but also for any amendments in policy that need to be addressed quickly thus saving time completely re-installing users machines or asking the end-user to make changes to policies on their machine.

Management Centre also allows the IT team to examine what is happening across the estate by recording the activity of users against the policies in place and providing an audit trail of usage, attempted infringements and changes of policy.

Management Centre is also the tool for providing users access to their passwords via a helpdesk operative of via the Internet using a sophisticated challenge/response questionnaire system. This feature reduces the cost of managing people’s passwords as it allows self-service for users who have forgotten their password or lost their authentication credentials.

It is also possible to lock down machines that have not communicated with Management Centre for a period of time so that a dormant or stolen machine cannot be accessed. Support for Wake On LAN initiative means that normal tasks such as patch management can continue to occur normally without any changes in administration practices.

Device Encryption

This is the module that facilitates hard disk encryption and is the successor to SafeGuard Easy. Device encryption supports many different operating systems (including Vista) and can leverage Vista BitLocker if desired by use of the Partner Connect module. Device Encryption protects data on notebooks, desktops, servers, removable media including USB sticks, memory cards, CD/DVDs.

Full-disk or file-based encryption allows encrypted only or a mix with plain data. Suspend to disk and hibernation files are also encrypted for maximum security. It has its very secure and efficient own pre-boot process which ensures enhanced security.

Device Encryption supports a wide choice of authentication processes including use of two-factor authentication from vendors such as Aladdin.

Configuration Protection

SafeGuard Configuration Protection controls and secures endpoints and devices over every interface and guarantees flexible, easy-to-use, information leakage prevention. SafeGuard Configuration Protection monitors real-time traffic and applies customised granular security policies for all types of interfaces and external storage devices such as: USB, FireWire, PMCIA, Parallel, Serial, WiFi, Bluetooth, Infrared (IrDA) and external storage devices such as Removable Media, CD/DVD, Floppy Drives, etc.

It prevents data leakage and theft, enterprise penetration, and introduction of malware. The control detects and restricts data transfer by device type, device model, and unique serial number thus allowing use of only certain approved devices. As the product looks at the data it inspects and controls the transfer of unauthorised file types to and from external storage devices. It also protects data in motion by encrypting data on external storage devices and tracking offline use.

Use of devices is detected and stored in the Management Centre, administrators can then choose to allow devices, block devices or allow read only use of devices thus protecting the endpoints and preventing leakage. The Port Auditor tool allows administrators to see who and what is connected to end-points.

Data Exchange

Data Exchange allows users to securely share data across the organisation by providing file encryption of removable media and USB devices such as memory sticks. It also allows users to very easily encrypt attachments which can then be sent securely by email from a range of Microsoft Clients.

Private Crypto is a lightweight application reader that when installed on a suitable machine allows the encrypted files on the removable media to be read without any other installation needed making it simple for someone to read secure data on a machine which has not got the full Data Exchange Client installed on it.

SafeGuard LeakProof

This is a standalone product having been developed by Trend Micro but is very complimentary to the Sophos Enterprise Product set. It allows administrators to find and identify sensitive data across the Enterprise which is one the first stages in developing suitable policies for control of use of data.

LeakProof then uses a process of content analysis and fingerprinting at the end-point to protect against any leakage of data. Through classifying and categorising data it allows very tight monitoring to prevent improper use protecting intellectual property and company assets. Through using customisable dialogues end-users can be educated on the proper use of data and warned when attempting to breach a policy. It provides visibility of sensitive data to the corporate security and compliance team and through the tracking, logging and blocking where necessary prevents breaches.

copyright © 2009 ecommnet