Check Point Endpoint Full Disk Encryption
| Datasheet
CHECK POINT
ENDPOINT SECURITY
FULL DISK ENCRYPTION
ENDPOINT SECURITY
FULL DISK ENCRYPTION
Benefits
Transparent security for all
information on endpoint hard drives.
Strong data recovery and emergency
access procedures.
Central management offers great ROI
and optimal protection.
Flexible deployment, simple to
operate and monitor.
Features
Protects data from unauthorized
access if computers are lost, stolen or
left in other vulnerable states.
Multi-user preboot environment
supports advanced security; Network
Authorized Preboot Bypass, OPAL
Self-Encrypting Drives, smart cards,
TPM, touch interfaces, custom
graphics.
Manage online and offline endpoints.
Recognition
A leader in Gartner’s Mobile Data
Protection Magic Quadrant for over
14 consecutive years.
OVERVIEW
Users store sensitive company data on their devices and carry it with them wherever
they go. Outsiders can easily obtain this valuable information through lost or stolen
laptops which can result in legal and financial repercussions.
SOLUTION
Check Point Full Disk Encryption (FDE) provides transparent security for all
information on all endpoint drives, including user data, operating system f iles and
temporary and erased files. For maximum data protection, multi-factor pre-boot
authentication ensures a user’s identity before the operating system loads, while
encryption prevents data loss from theft.
FULLY INTEGRATED SOLUTION FOR ENDPOINTS
To complement the Full Disk Encryption solution, we offer additional data security
components, as part of our Endpoint Security suite:
Media Encryption & Port Protection - Secures removable media devices and
enables restricting or blocking physical ports.
Capsule Docs - Protects documents wherever they go and prevents unintentional
data leaks.
Remote Access VPN - Provides secure access to corporate resources when
traveling or working remotely.
Media Encryption
Capsule Docs
Remote Access
& Port Protection
(Document Security)
VPN
Check Point provides the most comprehensive solution for securing endpoint devices,
leveraging our data protection offering together with advanced threat prevention and
access control solutions.
©2017 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 12, 2017 | Page 1
Uncompromised Security
We use the strongest encryption algorithms standards, including XTS -AES and AES-CBC. Our
CryptoCore encryption engine was officially certified to be compliant with the strict FIPS (Federal
Information Processing Standards) 140-2 guidelines. TPM (Trusted Platform Module) and Network
Authorized Preboot Bypass (Unlock On LAN) are also supported.
Secure Preboot Environment, Seamless End User Experience
Preboot authentication ensures that only authorized users are allowed to access the endpoint. The
preboot environment loads prior to the operating system and securely authenticates the user and
verifies their identity. We provide an excellent user experience with Single Sign On for
preboot/operating system login and support multi-factor authentication, such as smart cards and
dynamic tokens for enhanced security. Lockout settings can be configured to prevent brute-force
attacks, for example to lock the user account after a set number of failed login attempts have been
reached.
Excellent Remote Help and Recovery Capabilities
We provide a cryptographically safe challenge response remote help mechanism, allowing secure
key exchange for locked users. Remote password changes and one -time logon options are
available for users who may have forgotten their passwords or lost their access tokens.
Administrators can have one-time access to the computer. We also offer a Self Help Remote Help
Portal which lowers the TCO of the product, by reducing number of supporting IT operations staff.
For recovery scenarios we ensure that data stays accessible and secure using the Drive Slaving
Utility or recovery decryption.
Portable Security
Our solution offers a consistent user experience with a familiar look and feel and supports multiple
languages, within the operating system and in the pre-boot environment, across both Windows
and macOS. We are compatible with most hardware configurations and support any Windows or
Mac machine, including ATM and POS devices. We have a very close cooperation with the major
PC vendors, which allows us to verify and officially certify that our solution runs successfully on
top of their latest hardware and BIOS/UEFI versions.
Unified Central Management
The Full Disk Encryption solution is centrally managed using our Endpoint Security Management
server, enabling central policy administration, enforcement and logging from a single, user -friendly
console. Endpoint Security Software Blades from Check Point bring unprecedented flexibility,
control and efficiency to the management and deployment of endpoint security. Choose from a
variety of Software Blades to deploy only the protection you need, with the freedom to increase
security at any time from a single central management console.
Flexible Deployment Options
Our solution supports various types of environments with different connectivity behaviors. The
Offline Mode (similar to the legacy EW Mode) is suitable for environments where clients have
regular connectivity to the server and are being managed by it. The Offline Mode is suitable for
environments where there is minimal or no connectivity, including embedded systems such as
ATMs, where the client gets configuration data from specific network shares or local folders
instead of communicating with the Endpoint Security Management server. This mode allows
organizations to use their own infrastructure to gather recovery data and logs.
For more information, visit www.checkpoint.com/products-solutions/endpoint-security.
CONTACT US
Worldwide Headquarters | 5 Ha’Solelim Street, Tel Aviv 67897, Israel | Tel: 972-3-753-4555 | Fax: 972-3-624-1100 | Email: info@checkpoint.com
U.S. Headquarters | 959 Skyway Road, Suite 300, San Carlos, CA 94070 | Tel: 800-429-4391; 650-628-2000 | Fax: 650-654-4233 | www.checkpoint.com
©2017 Check Point Software Technologies Ltd. All rights reserved. [Protected] Non -confidential content | April 12, 2017 | Page 2