Symantec Enters Encryption Fight with Security Rivals

Symantec has licensed encryption technology for a new product suite that it hopes will answer customer needs.

Symantec is challenging its security rivals on the encryption front with a new suite of products for laptops, desktops and removable storage devices.

Symantec Endpoint Encryption 6.0, launching March 3, is based on technology licensed from GuardianEdge and is divided into two products: the full-disk edition and removable storage edition, which can be purchased separately or together as part of the suite.

The move is meant to answer the call from customers for encryption capabilities in conjunction with Symantec Endpoint Protection 11.0, company officials said. It also comes a few months after Symantec's biggest security rival, McAfee, closed on a deal to acquire SafeBoot for its encryption technology.

"While [we] could have done the work ourselves, this allows us to get in the market right away with a solid product," said Joan Fazio, senior director on the endpoint security team. "We knew we needed to be in the encryption market; it's something that people are talking about."

According to Fazio, the company plans to eventually meld the encryption technology into its data leak prevention and Endpoint Protection products.

"If you recall, the vision of what we did with Endpoint Protection is to create this platform under which we could manage each of these technologies as one agent, one console," she said. "Where we want to go with that is to tuck in other technologies managed under this same platform, making that whole idea of managing this infrastructure easy, operationalizing these types of things so that your IT folks can focus on the really critical things."

The Full Disk Edition encrypts all disk sectors and includes mandatory pre-boot authentication.

Keeping in mind that employees sometimes have legitimate reasons to download information and take it home for use, Symantec officials have created two ways for users to access encrypted files without a removable storage edition client on the endpoint being used, said Edy Almer, a senior product manager.

"By policies, the administrator would decide who gets small tools for extracting an encrypted file," he said. "The package itself will get copied automatically to any new removable storage that you are connecting to the computer, given that the administrator decides you need to."

Almer added that you can also allow an end user to create self-extracting executables, and noted that the most important element of the product is that it offers organizations a way to prove compliance.

"If you lose your physical device, you can positively prove because of our management console that ... all relevant data on it was encrypted," he said.