The principal concern with is that a device containing sensitive information could be lost or stolen, allowing a person with malicious intent to recover that data. Any organization of any size with sensitive data at rest to protect (e.g., financial information, customer records, medical records and other sensitive data that could lead to major breaches and cost thousands or millions of dollars) can benefit from using software. As long as the device in question is not in a booted state, FDE software can mitigate risk. Since FDE doesn’t encrypt data in use, it is often used alongside other storage-encryption types, such as virtual disk encryption, volume encryption and file encryption. Organizations in the process of making the decision to deploy FDE technology should bone up on the. That way, when it comes time to select the right FDE product, the company will be well-versed on what FDE product features (deployment methods, management capabilities, OS and application compatibility, integration with existing authentication services, cryptographic robustness and key recovery, brute-force password attack mitigation, among others) best match its environment and storage encryption needs.
As with so many other IT security technologies, it can be difficult to choose the right product from so many competing products. Here is a list of the top full disk encryption products in the market to help enterprises get started.
May 25, 2018 - Disk Drill 3.5.890 for Mac – Encrypted APFS – Data Recovery. Yes, there's another update in the pipeline of Disk Drill for macOS. Disk Drill 3.3 preps for macOS 10.13 High Sierra Fusion Drive Support in Disk Drill.
Check Point Full Disk Encryption Check Point Full Disk Encryption is an FDE product for enterprises running Windows. It comes in a single version and is part of a modular software-based security product that can encompass a wide variety of security controls.
Check Point Full Disk Encryption supports the recommended (AES) with 256-bit key encryption algorithm and is Federal Information Processing Standard 140-2-certified (meaning it was independently verified to meet certain cryptographic standards), can be centrally managed through the Check Point Endpoint Policy Management Software Blade, and supports self-service recovery by end users. To learn more about Check Point Full Disk Encryption, read the.
Dell Data Protection Encryption The Dell Data Protection Encryption product provides FDE capabilities for various desktop and laptop Windows and Mac OS hard drives. Intended for Dell and non-Dell hardware, Dell Data Protection Encryption comes in various flavors - from a Personal to an Enterprise edition - all of which support AES 128-bit and (the preferred) AES 256-bit encryption algorithms. While all the commercial products in this article support - including smart cards and cryptographic tokens - Dell Data Protection Encryption is noteworthy in that it also specifically supports. To learn more about Dell Data Protection Encryption, read the. McAfee Complete Data Protection The McAfee Complete Data Protection provides the ability to fully encrypt hard drives on desktops, laptops and servers. In addition to FDE, it delivers storage encryption capabilities for individual files and for removable media. Like Dell Data Protection Encryption and Sophos SafeGuard, McAfee Complete Data Protection offers the option to improve upon OS-based FDE by adding central management features to these end-user-based hard-disk encryption applications.
The product comes in two versions: McAfee Complete Data Protection and McAfee Complete Data Protection Advanced, the latter of which adds (DLP) capabilities. Both editions can be centrally managed through McAfee ePolicy Orchestrator software, support AES 256-bit encryption, and have been FIPS 140-2-certified. To learn more about McAfee Complete Data Protection, read the. Sophos SafeGuard The Sophos SafeGuard line of FDE products comes in three varieties: SafeGuard Disk Encryption, SafeGuard Enterprise Encryption 6.10 (a bundled form for organizations) and SafeGuard Easy 6.10 (for small businesses and individuals). All three support various Windows and Mac OS flavors and AES 128-bit and 256-bit encryption. They are also FIPS 140-2-certified. SafeGuard Disk Encryption encompasses two types of FDE: There's the SafeGuard Native Device Encryption, which supports the management of native BitLocker (Windows) and FileVault 2 (Mac OS X; AES 128-bit only) encryption; and there is the SafeGuard Device Encryption for Sophos product, a hard-disk encryption product that does not rely on native OS FDE capabilities.
To learn more about Sophos SafeGuard, read the. Symantec Endpoint Encryption Symantec Endpoint Encryption replaced the Symantec Drive Encryption product in October 2014. Unlike some other vendors, Symantec makes a single version of its FDE software. It is centrally managed via, which must be hosted in an Active Directory domain, and is only supported by relatively recent versions of Windows on the desktop, laptop and server.
AES 128-bit key or 256-bit key encryption-compatible, Symantec Endpoint Encryption has (as of writing) not yet been FIPS-140-2-certified. As with Check Point Full Disk Encryption, Symantec Endpoint Encryption promotes mitigations against. To learn more about Symantec Endpoint Encryption, read. DiskCryptor An open source FDE product, DiskCryptor is intended to protect hard drives on a variety of Windows OSes for desktops, laptops and servers. It supports several encryption algorithms, including the robust AES-256 algorithm, but has not gone through the formal testing to become FIPS 140-2-certified.
Full Disk Encryption Windows 10
The DiskCryptor documentation only discusses passwords as an authentication mechanism (no multifactor support) and it does not provide any sort of key recovery option or centralized management. What distinguishes DiskCryptor from other FDE products is its support for complex hardware configurations, such as (RAID) arrays. It also provides a wide range of options related to boot loading. To learn more about DiskCryptor, read the. Apple FileVault Apple FileVault 2 is an FDE application for desktop and laptop hard drives built into certain versions of the Mac OS X. It is AES 128-bit- and AES 256-bit-compatible - the latter only in the latest versions of Mac OS X, Yosemite (10.10) and Mavericks (10.9) - and is FIPS 140-2-certified. FileVault 2 is intended for local management, as Apple does not provide any centralized management capabilities for the FDE product.
Another disadvantage of using FileVault 2 is that it leverages the user's Mac OS X password when authenticating users before system boot. There are a variety of commercial add-on products available that add more sophisticated management and configuration capabilities, however. To learn more about Apple FileVault 2, read the. Microsoft BitLocker Microsoft BitLocker is the FDE feature bundled with certain versions of Windows and Windows Server. It uses either the AES 128-bit or AES 256-bit key algorithms for encryption. And, while BitLocker itself has not been FIPS 140-2-certified, the cryptographic modules it uses have been, which is what really matters.
Authentication options, meanwhile, are rather limited when using BitLocker. It is intended to be used with a (TPM), and authentication is achieved through specifying a PIN or storing a key on a flash drive, which the user would then need to insert in order to boot the system. Often, BitLocker is used in conjunction with a third-party FDE product, which can be used to manage the native FDE product while adding a variety of additional authentication options. To learn more about BitLocker, read the.
Which FDE product is right for you? The products covered in this article all provide basic FDE capabilities, at the least. What mainly differentiates them for enterprise use are overall software management capabilities and whether a native OS, third party or open source FDE product is desired and/or required. This article (and the series) fails to mention the standard for FDE; namely, Self-Encrypting Drives (SED) as specified by the Trusted Computing Group and built by all the HDD and SSD manufacturers, for both laptops and data centers. SEDs have been around for a number of years; a number of drive makers (eg, Samsung SSD) now have ALL models being SEDs, not just an option.
The encryption for SEDs is built in hardware directly in the drive electronics, transparently; where data-at-rest encryption should be. In EVERY study, SEDs beat software-based encryption in every measure: transparency, ease of use, performance, cost, management, etc. Crypto-Erase is only reliable with SEDs, not software encryption: simply delete the on-board encryption key and the drive is instantly erased = encrypted data is unreadable. SED-based crypto-erase is officially recognized in the 'bible' for drive sanitization: NIST SP800-88R1. Ironically, nearly all the software vendors in this article also centrally manage SEDs. Add My Comment.
I use Trucrypt for the PC but they also make a MAC version as well. It's very fast on the fly encryption and works extremely well. Highly recommend this software. Supported Operating Systems TrueCrypt currently supports the following operating systems:. Windows 7. Windows 7 x64 (64-bit) Edition. Windows Vista.
Windows Vista x64 (64-bit) Edition. Windows XP. Windows XP x64 (64-bit) Edition. Windows Server 2008. Windows Server 2008 x64 (64-bit).
Windows Server 2003. Windows Server 2003 x64 (64-bit). Windows 2000 SP4. Mac OS X 10.6 Snow Leopard (32-bit). Mac OS X 10.5 Leopard. Mac OS X 10.4 Tiger.
Lion is out and indeed features whole-partition encryption. Conversion on a Core 2 Duo MacBook Late 2008 takes about 1min per GiB of the disk, so if you have 250GiB disk, you're looking at a 4–5 hour conversion period. THe performance hit, even on this hold machine, is not too noticeable; however, CPU usage increases dramatically when copying files, maxing out at about 25%. In contrast, if you have an iMac, a Mac mini, or a Mac Book Air from 2011, the CPU comes with hardware support for the involved ciphers and the CPU usage should not increase much if at all.
Bear in mind that higher CPU usage translates to faster battery drain, even if you don't feel your Mac is slower than before. More info about testing speed can be found here.