Check Point Full Disk Encryption vE80.20
Strengths: Covers fixed drives, removable media and port management.
Weaknesses: There’s a lot of overhead and configuration for an encryption solution.
Verdict: Stronger if you use it with the rest of the endpoint protection suite; more complicated as a standalone encryption solution.
SummaryCheck Point Endpoint Security is a suite of software modules (called "Software Blades") building comprehensive control of threats and unifying endpoint security under a single console. The Full Disk Encryption Software Blade provides automatic security for all information on endpoint hard drives, including user data, operating system files, and temporary and erased files. For maximum data protection, multifactor pre-boot authentication ensures user identity, while encryption prevents data leakage. The Media Encryption Software Blade provides centrally enforceable encryption of removable storage media - such as USB flash drives, backup hard drives, CDs and DVDs - for maximum data protection. Port control enables management of all endpoint ports, plus centralized logging of port activity for auditing and compliance.
The product is integrated with Active Directory (AD), but that portion took some time to get working as it requires one to provide a read access account to the deleted objects OU, and then a directory scanner runs on a defined interval to populate machines to which the admin can deploy clients. The client-side AD integration did provide single sign-on with AD Sync to make it easy to provide the same one-time login with which most users are familiar.
Endpoint Security is priced at $10-$60 per seat for the base container, and $20 per seat for Full Disk Encryption (includes support) or $30 per seat for Total Endpoint Security (all Software Blades).
As part of a suite, we liked the overall endpoint integration. As a standalone product, it is a bit more work to set up and manage.