Check Point Full Disk Encryption product overview
Expert Karen Scarfone examines the features of Check Point Full Disk Encryption, an FDE product for securing client devices such as laptops and desktops.
This is part of a series on the top full disk encryption products and tools in the market. For more, check out our FDE product roundup.
The Check Point Full Disk Encryption product offers full disk encryption (FDE) capabilities for desktop and laptop hard drives. Full disk encryption encrypts all data on a hard drive, that way, when the device is off, attackers cannot recover sensitive data from it, nor can they tamper with the operating system (OS).
Product versions
Check Point Full Disk Encryption comes in a single version, with the full name being Check Point Full Disk Encryption Software Blade. Don't let the "software blade" terminology throw you -- basically, it just means this is one part of a modular software-based security product that can encompass a wide variety of security controls.
It can be managed through the Check Point Endpoint Policy Management Software Blade, which is a utility that provides centralized management for a wide variety of Check Point products throughout the enterprise.
Platform support
Check Point's FDE product is supported by a variety of OSes, including the following: Microsoft Windows 8.1 and 8 Enterprise and Professional; Microsoft Windows 7 Enterprise, Professional and Ultimate; Microsoft Windows XP Professional; and Apple Mac OS X 10.8, 10.9, and 10.10.
Encryption and authentication support
Check Point Full Disk Encryption supports Advanced Encryption Standard (AES) with 256-bit keys. 256-bit is recommended to address both current and future threats.
Also, the product's encryption is Federal Information Processing Standard (FIPS) 140-2-certified, meaning it has been tested by an independent laboratory and is determined to meet certain cryptographic standards -- basically, it is free of common implementation errors.
Like its commercial competitors, the product supports multifactor authentication, including smart cards and cryptographic tokens. It can also leverage Active Directory implementations for user authentication purposes, although organizations should think carefully about using this as single-factor authentication -- an attacker who gets a user's domain password through guessing, social engineering or other means can use it to circumvent FDE protection on that user's system.
Managing with Check Point Endpoint Policy Management
Check Point's product is intended to be centrally managed using the Check Point Endpoint Policy Management product. Therefore, it is intended for enterprise and not individual use.
Organizations that have existing Check Point product implementations would likely find the deployment of the Check Point Full Disk Encryption Software Blade to be relatively easy compared to other vendors' products because of the existing Check Point infrastructure within the organization.
Licensing
Channel partners sell Check Point Full Disk Encryption licenses. Like other enterprise FDE products, Check Point Full Disk Encryption is licensed per device (e.g., desktop, laptop). A free trial of Check Point Full Disk Encryption is available from the Check Point User Center (account required).
Check Point Full Disk Encryption for the enterprise
Check Point Full Disk Encryption is an FDE product for enterprises running Windows or Mac OS X.
While encryption, authentication and centralized management support are all strong with Check Point, organizations with existing Check Point security infrastructures are more likely to adopt Check Point Full Disk Encryption because of the relative ease of doing so as compared to implementing other FDE vendor products in their environments.