BitLocker by default is designed for the opportunistic adversary and not the dedicated adversary. Enterprises need to understand that! This is evidently clear in Microsoft’s default setting of TPM-only mode as it’s convenient for Single Sign-on. While convenient for users, its likely to fail the security sniff test with some data privacy regulations as it doesn’t do enough to protect data, failing to address many of the needed solutions to protect machines. Having SecureDoc on Top will protect your intellectual property and sensitive data from a dedicated adversary who has skill and lengthy physical access, much more effectively than TPM-only mode, as our pre-boot agent sits on top of BitLocker enabling user based Pre- Boot Authentication with Single Sign On, making the authentication process much more secure.
- “Attacker without much skill or with limited physical access”*
No intent to steal the user's machine to obtain the user's data, but may take data if it’s left unprotected
- “Attacker with skill and lengthy physical access”*
Are willing to steal devices to recover data or account credentials (not just to re-sell the device to make money)
By applying TPM + PIN, you’re adding in a risk variable of password sharing, and password access. These clearly go against the security principles. The best way to overcome your concerns on security principles is by adding an additional layer of security like SecureDoc on Top of BitLocker. This will help ensure that each user will have their own unique password to sign on at pre-boot .
By using SecureDoc’s Pre-Boot Network Authentication feature the user access policies and credentials are verified over the network at pre-boot before the keys are delivered to the device.
Yes, data should always be protected unless its being used by the CPU. WinMagic’s Secure Doc helps solve this issue with our Simplified Patch Management via Pre-Boot Networking. This allows IT admins to rollout unattended software updates and patches in scenarios such as Wake-On-LAN (WOL) without having to temporarily suspend BitLocker, and without any costly or complex hardware.
Unfortunately with BitLocker only, this is not very easy. With SecureDoc on Top of BitLocker, we offer real- time compliance reporting and client pre-boot login auditing to help you figure out who the culprit was.
Breach notification is much less complex and possibly not even required as our audits can prove that the units were encrypted, and with our tamper protection feature, it will not allow it to be turned off.
With SecureDoc’s Tamper Protection feature your BitLocker enabled devices are monitored in real-time. If that disable or suspend have been activated it will automatically block and reverse the action, keeping devices in an always-compliant state and eliminating uncertainties
Yes, with SecureDoc on Top of BitLocker, you will only require one helpdesk and password resets can be done through Self-Help, Recovery or 16-character Challenge-Response locally. As an IT admin, you can also reset passwords at pre-boot remotely from the SES Console via PBConnex. All password changes are seamlessly synced with activefaq Directory and locally with Windows on the device.
With SecureDoc On Top of BitLocker, mobile or remote users can leverage Password Sync to Single-Sign On(SSO) while off the network, and users on the network can bypass pre-boot when connected to authorized wired or wireless networks for ultimate flexibility in your mobile work environment.
You can keep using MBAM for the next few years, but it could very well leave your company with a host of IT and business challenges that could easily be overcome today with WinMagic’s SecureDoc – lowering risk exposure, improving user experiences and efficiency, while cutting costs and the administrative burden.
WinMagic offers a multiple-OS FDE solution that includes SD Linux, OSA, Windows and FileVault.
With our KeyFile Deployment and Zero-Touch Deployment- as an IT Admins you can deploy BitLocker-protected devices without any user interaction, transparently designating the user as the device owner when they login to Windows and automatically.
WinMagic’s solution is comprehensive, offering Single- Sign On to all apps, password synchronization and multi-OS RME.
Yes however, SecureDoc Enterprise Server offers a one-stop shop for all device-level encryption. Organizations can simply manage and protect all of their devices. Windows, macOS and Linux- with drastically reduced dependence on specific hardware configuration requirements.
Yes you will, however, SecureDoc Enterprise Server offers a one-stop shop for all device-level encryption. Organizations can simply manage and protect all of their devices. Windows, macOS and Linux- with drastically reduced dependence on specific hardware configuration requirements.
WinMagic through its SecureDoc SED Compatibly Program works with almost all of the leading SED manufacturers to ensure standard TCG Opal drives are compatible with SecureDoc. PC OEMs look for WinMagic compatibility certification before qualifying OPAL SEDs to be shipped in their devices. See https://www.winmagic.com/partners/certification-program for a list of drive partners and a long list of tested and compatible drives.