Encryption

Software
Objectives:
• To be able to identify the specific encryption software needed in a
particular organization.
• To protect data in motion and at rest.
• To familiarize with different encryption software offered in free and
with pay.
Encryption tools & software
• Table of Contents
• IBM Security Guardium Data Encryption
• AxCrypt Premium
• VeraCrypt
• NordLocker
• Kruptos 2
• Boxcryptor
• 7-Zip
• Quantum Numbers Corp QRNG
Encryption tools & software
• KETS Quantum Key Distribution
• Check Point Full Disk Encryption Software Blade
• Eset DESlock
• Dell Data Protection
• McAfee Complete Data Protection
• Micro Focus Voltage SecureData
• Bitdefender GravityZone
• Sophos
• Broadcom Symantec Encryption
• Trend Micro Endpoint Encryption
What is data encryption?

•Encryption software scrambles

readable data using algorithms in
encryption keys and turns it into an
encoded piece of information.
Homomorphic Encryption
This was developed to allow computation on
encrypted data in use so it remains confidential
while some tasks can be carried out. This can be
helpful for added security but not all tasks can be
completed when working with homomorphically
encrypted data.
Discussions
•What are the benefits of encryption
software?
• All organizations must store and transmit data, such as personally identifiable
information (PII) or financial data.
• This is especially true for the massive amounts of data managed by enterprise
organizations.
• Data encryption is not only helpful in protecting sensitive information but also helps
reduce the chance of expensive legal fees and damage to an organization’s
reputation. Without proper security measures in place, including encryption,
organizations risk coming under fire for not complying with data privacy regulations,
such as the EU’s General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA).
Discussion
File encryption Vs. Full-Disk Encryption

Full-disk encryption is useful for securing individual devices. Its use

cases are limited as it can’t encrypt data being sent from or received by
that device.
File encryption is a more comprehensive solution. It can encrypt all
individual files and pieces of data stored on a device or on a server, as
well as encrypt data in transit.
Discussion
File encryption Vs. Full-Disk Encryption

Full-disk encryption is useful for securing individual devices. Its use

cases are limited as it can’t encrypt data being sent from or received by
that device.
File encryption is a more comprehensive solution. It can encrypt all
individual files and pieces of data stored on a device or on a server, as
well as encrypt data in transit.
What to look for in encryption software?

• There are a few key features to look for when shopping for an
encryption solution. Password strength indicators should be a priority.
Far too many employees use the same simple, easy-to-remember
passwords for almost everything. Password strength indicators will
help reduce any vulnerabilities caused by weak passwords.
Encryption best practices
• Encryption may be one of the most powerful tools in your security
architecture, but it is not a stand-alone solution. It should still be
combined with other solutions, such as antivirus software, firewalls
and VPN services to cover all endpoints.
• After encrypting or copying a version of a file, the original
unencrypted version should always be completely wiped from your
system. The data may still exist on the disk even after it’s been
deleted and can be recovered using specialized tools. Using a virtual
shredder or secure deletion feature will ensure it’s completely wiped.
Software Comparison Chart
Product Full Disk Encryption File Encryption Enterprise Key Features Deployment Price

IBM Guardium Data Encryption Yes Yes Yes - Compliance-ready capabilities SaaS/Web/Cloud Contact for a custom quote

- Tokenization and data masking

- Cloud key orchestration

AxCrypt Premium No Yes Yes - Secure sharing using public key Software - perpetual license $9.92/ month subscription
cryptography

- Secure file deletion

- Secure online password storage

VeraCrypt No Yes Yes - Partition encryption Open source freeware utility download Free/open source

- Supports both UEFI and MBR for

Windows

CertainSafe Digital Safety Deposit Box No Yes Yes - Authenticates user to server and vice SaaS Contact for a custom quote
versa

- Securely retains past file versions

NordLocker No Yes Yes - Simple drag-and-drop UI SaaS Contact for a custom quote

- Encrypted files can be viewed through

app without encrypting

Kruptos 2 No Yes No - Seamless cloud encryption Software client $39.95 / one-time purchase

- Data shredding
- Inbuilt secure note editor
Software Comparison Chart
Boxcryptor No Yes Yes - SSO (single sign-on) Software - perpetual license Contact for a custom quote

- User provisioning
- Account capture
7-Zip No Yes No - Encrypted file compression Open source freeware utility download Free / open source

- Fast file sharing speeds

Quantum Numbers Corp QNG2 No Yes Yes - Quantum cryptography PCIe distribution chips Price per chip:

- Quantum tunneling

- Quantum random number generation - $1,605 / PCIe 40 Mbps

- $3,715 / PCIe 240 Mbps

KETS Quantum Key Distribution No Yes Yes - Specializes in securing data in transit PCIe distribution chips Contact for a custom quote

- Quantum secured stored data

Check Point Full Disk Encryption Software Blade Yes No Yes - Track and manage encrypted devices individually Software packaged inside a Check Point Software Blade Based on the sale of hardware blades

- Central policy enforcement

- Central log of usage and movement

Eset DESlock Yes No Yes - FIPS 140-2 Validated 256 bit AES encryption Management server installed on a Windows machine Sliding scale starting at $56 per user

- Hybrid-cloud based management server

Dell Data Protection Yes No Yes - External policy creation Software and agents Per seat perpetual license with one-year support starts at about $79 USD

- Full volume encryption solution

- FIPS 140-2 Validated 256 bit AES encryption

McAfee Complete Data Protection Yes No Yes - Central endpoint management Software client On a per-node basis

- Supports hybrid-cloud environments

- Advanced reporting and auditing

Micro Focus Voltage SecureData Yes No Yes - Supports hybrid-cloud environments Virtual appliance Pricing varies by per application or per node

- Data privacy manager

Software Comparison Chart

Bitdefender Yes No Yes - Human risk Cloud or on-premises Starts at $22.95 per
GravityZone analytics endpoint per year
- Machine learning
capabilities
- Sandbox analyzer
Sophos SafeGuard Yes Yes Yes - Secure file share Cloud or on-premises Pricing per user per
- Self-service portal year,starting at $20 (cloud)
Symantec Encryption Yes No Yes - SSO (single sign-on) Software or cloud Perpetual or Subscription
licensing
- Integrates with
Symantec Data Loss
Prevention
Trend Micro Yes Yes Yes - Advanced reporting Software client Pricing starts at $33.75 per
Endpoint Encryption and auditing user for 501 users

- Pre-boot
authentication
- Active Directory
integration
Summary
• Enterprises invest in state-of-the-art threat
defenses like next-gen
firewalls, microsegmentation and zero
trust tools. However, even the very best tools in
these categories assume that data breaches
happen and aim to limit the damage. Sending
and receiving data is one element that creates
the potential for data breaches because
attackers can intercept data transfers.