Symantec Looks to Enhance Management with Encryption Product

Symantec Endpoint Encryption 7.0 adds support for clients not managed by Active Directory as well as new protections to thwart cold-boot attacks.

Symantec has enhanced its Endpoint Encryption product to improve management and provide protection against cold-boot attacks.

The product has always been aimed at the needs of Windows users, and is still focused on protecting data on Windows hard drives. However, in Version 7.0, Symantec has added support for clients not managed by Active Directory. The latest release includes support for Novell eDirectory and full management capabilities for non-domain clients.

"A large number of Windows-centric shops don't yet run [Active Directory]," noted Rich Langston, senior product manager at Symantec. "Active Directory is by far the most common directory service, of course, and managing our encryption software settings via Group Policy has been a very popular feature with many of our customers. However, adding a new option for management via HTTP and Novell E-Directory addresses a couple of common scenarios."

For example, mergers, acquisitions and organizational restructuring often result in more than one Active Directory domain, and trust relationships do not always exist between them, Langston explained.

To improve management, Symantec included enhanced disk recovery tools to make it easier for an administrator to access a machine and set usage rights to protect confidential data. The product also includes support for more secure data portability options, including user-created self-extracting file archives. User certificates can also be leveraged to control access to encrypted data within a specific group of users, according to the company.

Symantec also obscured access to disk encryption keys in memory (DRAM) to prevent cold-boot attacks, in which an attacker with physical access to a machine retrieves encryption keys after restarting the machine with a cold reboot.

"We prevent cold-boot attacks in a few ways," Langston said. "We store our keys in our encrypted file system, which is protected by our driver. We provide a pre-boot authentication environment which makes it very difficult for an extraction attack. Finally, in Version 7.0 we have put into place a protection mechanism that obscures the keys even further."

Langston added, "These attacks are extremely hard to pull off-several steps are required, as well as some real expertise. We've never heard of a successful attack on our product, and we feel that only the most motivated expert could succeed on solutions that lack our protection mechanisms."