Symantec Endpoint Encryption 7.0 adds support for clients not managed by Active Directory as well as new protections to thwart cold-boot attacks.
has enhanced its Endpoint Encryption product to improve management
and provide protection against cold-boot attacks.
The product has always been aimed at the needs of Windows users, and is
still focused on protecting data on Windows hard drives. However, in Version
7.0, Symantec has added support for clients not managed by Active Directory.
The latest release includes support for Novell eDirectory and full management
capabilities for non-domain clients.
"A large number of Windows-centric shops don't yet run [Active
Directory]," noted Rich Langston, senior product manager
at Symantec. "Active Directory is by far the most common directory
service, of course, and managing our encryption software settings via Group
Policy has been a very popular feature with many of our customers. However,
adding a new option for management via HTTP and Novell E-Directory addresses a
couple of common scenarios."
For example, mergers, acquisitions and organizational restructuring often
result in more than one Active Directory domain, and trust relationships do not
always exist between them, Langston explained.
To improve management, Symantec included enhanced disk recovery tools to
make it easier for an administrator to access a machine and set usage rights to
protect confidential data. The product also includes support for more secure
data portability options, including user-created self-extracting file archives.
User certificates can also be leveraged to control access to encrypted data
within a specific group of users, according to the company.
Symantec also obscured access to disk encryption keys in memory (DRAM)
to prevent cold-boot attacks, in which an attacker with physical access to
a machine retrieves encryption keys after restarting the machine with a cold
"We prevent cold-boot attacks in a few ways," Langston said.
"We store our keys in our encrypted file system, which is protected by our
driver. We provide a pre-boot authentication environment which makes it very
difficult for an extraction attack. Finally, in Version 7.0 we have put into
place a protection mechanism that obscures the keys even further."
Langston added, "These attacks are extremely hard
to pull off-several steps are required, as well as some real expertise. We've
never heard of a successful attack on our product, and we feel that only the
most motivated expert could succeed on solutions that lack our protection