ESET Endpoint Encryption offers full compliance reporting and audit logging, targeting small and midsized business with the ability to scale with all sized organizations. Endpoint Encryption is FIPS 140-2 Level 1 validated so companies from different sectors can utilize it. Companies with multiple organizations or locations can manage them from a single management server with the data completely siloed.
The encryption server connects with ESET’s enterprise server proxy that exists in the cloud, and its endpoints connect to its cloud server proxy as well. Both servers are secured with 1024-bit encryption and pass outgoing communication only.
Many clients have remote employees and expressed a desire to control those remote devices. If a remote employee is terminated, the employer needs the ability to control that employee’s access and to wipe their device(s) clean. This is typically a challenge for small-midsized business and the ability to manage, maintain, and protect data in a remote workforce is this product’s biggest draw.
Endpoint Encryption also focuses on full disk encryption and user-proof removable media. Full disk encryption is its number one selling point and the easiest way to help customers reach compliance. They increased security with a pre-boot screen that can be turned off. User-Proof Removable Media gives customers the ability to use any removable storage device, while still having fully encrypted and protected data. It also includes email encryption, file and folder encryption, encrypted virtual disks, text and clipboard encryption, and secure file shredding to ensure data is properly deleted.
Endpoint Encryption uses its own key sharing system. Most encryption solutions ask you to utilize a password to encrypt an item, leaving password security to the discretion of the user, creating a point of vulnerability if they choose an easy-to-remember password. This key sharing system allows users to have multiple encryption keys shared among different groups, removing the need to re-encrypt data when new employees are hired. Keys are created on the centralized management server and distributed to users with installers pushing the keys to the endpoints. Keys can be removed from the end user’s computer entirely because they are not tied to individuals, they are tied to groups. This paralleled concept of physical keys in the real-world applied to the computer encryption realm adds simplicity to this key sharing system. When you move users from one operational unit to another, they automatically gain access to whatever encryption keys to which that unit should have access.
Removable media encryption separates home and work data. If an employee plugged a USB from home into a work computer, the home data will not be visible, and the USB will look completely blank. ESET creates an encrypted folder on the device and mounts it as the root. If anything from the work computer is dragged onto that USB, it will automatically be encrypted in that folder. When that employee brings a USB device home and plugs it into a home computer, they will be able to see home data, but work data is going to be encrypted and hidden. Encrypted data can only be opened on a device with ESET Endpoint Encryption installed.
With remote device wiping, the only commands being sent to the cloud proxy are disable or enable keys. Encryption keys can be added and revoked at any time on Port 443, regardless of the user’s current network connection. You can even kick an employee out of their workstation. This can be done for a single user or an entire group.
Endpoint Encryption supports a variety of Windows 32 and 64-bit platforms, as wells as BIOS and UEFI, MBR and GPT disks, and email attachment and file encryption support for Apple iOS 7 and up. Your emails will be encrypted, and when you log out of DesLock, all you will not be able to see encrypted content. This takes the responsibility and option of encryption out of the user's hands and forces emails and attachments to be encrypted. At the time this article was written, they were looking into Linux support, but we're not seeing current market demand here. The company is also working on Mac support but will initially be tying it into FileVault directly. There are no restrictions and customers can leverage, utilize, and support cloud-based systems like DropBox so long as they are syncing to endpoints.
Tested by: Matthew Hreben