web analytics
  Featured Eseminar Auditor Download GuardianEdge GuardianEdge Federal

"GuardianEdge has hooks into Active Directory, so we can put policies in place that encrypt devices or lock out devices based on the Windows ID and password. And if an external drive is connected to an encrypted laptop, GuardianEdge ensures that the drive is encrypted, too."

—Marlene Kolodziej, Manager of Network Operations and Client Support Services, FMC.

GuardianEdge Advanced Authentication

Extend Data Protection with Strong, Multi-factor Authentication

Many organizations require a more secure way to authenticate users during log-on and before accessing data on PCs, laptops, removable storage devices, and removable media. A multi-factor authentication solution meets this need by requiring users to both know something (their ID and password) and have something (a physical identifier like a smartcard) before granting access to systems and encrypted data.

GuardianEdge™ Advanced Authentication provides multi-factor authentication for GuardianEdge Hard Disk Encryption and GuardianEdge Removable Storage Encryption:

  • When used with GuardianEdge Hard Disk Encryption, it extends the security of user log-on with multi-factor authentication to protect access to data stored on Windows systems
  • With GuardianEdge Removable Storage Encryption, it enables the use of multi-factor authentication to safeguard access to data stored on removable storage devices and removable media




By deploying GuardianEdge Advanced Authentication organizations can:

  • Use Smartcards/Common Access Cards to extend user authentication
  • Employ X.509-compliant cards readers and tokens
  • Add strong multi-factor authentication for user login with GuardianEdge Hard Disk Encryption as an additional layer of protection for data stored on laptops and desktops
  • Expand access protection for encrypted data stored on removable storage devices and removable media controlled by GuardianEdge Removable Storage Encryption
  • Additional protection for data on laptops and desktops with authentication using smartcards (including CAC cards) before access to Windows is granted
  • Safeguard data on removable storage devices and media with multi-factor authentication access control
  • Extensive support for cards, readers and tokens
 

Supported Readers

Embedded Readers

  • Dell D410 Embedded Reader (TI PCI GemCore Based Smart Card Controller)
  • Dell D420 / D430 Embedded Reader (O2Micro OZ776 USB CCID Smartcard Reader)
  • Dell D600 Embedded Reader (O2Micro 02711EC1 PCMCIA/Smart Card Controller)
  • Dell D610 Embedded Reader (TI PCI GemCore Based Smart Card Controller)
  • Dell D620 Embedded Reader (OZ6912 /601/711E0 CardBus/SmartCardBus Controller)
  • Fujitsu 4210—O2Micro OZ711MP1/MS1 MemoryCardBus Controller
  • Fujitsu 4215—O2Micro OZ711MP1/MS1 MemoryCardBus Controller
  • Dell D630—O2Micro OZ711EZ1 MemoryCardBus Controller
  • Dell D820—O2Micro OZ711EZ1 MemoryCardBus Controller

PCMCIA Readers

  • Axalto Reflex USB v2, Reflex 20 PCMCIA v2 & v3
  • ActivIdentity PCMCIA
  • SCM SCR 201, SCR 241, SCR 243 PCMCIA

USB Readers - All CCID-compliant USB smart card readers including the following:

  • ActivIdentity USB Reader 3.0
  • Axalto Reflex USB v3
  • Dell SK 3106 keyboard w/ SmartCard reader
  • GemPC Express, Pinpad*, Twin
  • SCM SCR3311 USB Reader

 * Computer keyboard must be used. to enter PIN

Supported Cards and Tokens

GSC-IS 2.1 Data Model

  • Axalto Cyberflex 64K v1
  • Axalto Cyberflex 64K v2c
  • Cyberflex Access 64K v1 SM4.1

RSA Data Model - All with RSA data model including:

  • RSA SID800
  • RSA Smart Card 5200

CACv2 Data Model† - All with CACv2 including the following:

  • Axalto Access 64K v2, Access Cyberflex 64K v1 SM4.1
  • Gemalto Cyberflex Access 64K v2c, GemXpresso 64K R3 FIPS V2#2
  • Oberthur CosmopolIC 32K V4, 64K v5.2 Fast ATR, 64K v5.2 Fast ATR (dual)
  • Schlumberger Access Cyberflex Access32K V2 SM7.2

Aladdin Data Model (all from Aladdin)

  • PRO Javacard 72k, NG-OTP 32K, NG-OTP 64K
  • PRO 32K, PRO 64K

 † Single Sign-On is not supported, cards must be inserted into reader

PKI Environment Support
  • Supports X.509-compliant Public Key Infrastructure systems
GuardianEdge Data Protection Platform Integration
  • Single Management Console: Provides a single, Active Directory integrated management console for administering the GuardianEdge suite of endpoint data protection controls
  • Shared Services: Shared security and management services across data protection applications
  • Auditing and Reporting: Unified auditing and reporting environment
  • Lightweight client environment: Single sign-on integration; secure client/server communications; minimal to no intrusion into existing user workflows and operation
Active Directory Integrated Administration and Management
  • Tight integrated with Active Directory enables GPO-based policy deployment
  • Easily scales to meet enterprise requirements
  • Role-based policy administration
  • Detailed audit records to verify policy enforcement
Key/Password Administration and Recovery
  • Simple and secure administrative access to encrypted PCs in the event of lost tokens or passwords with self-service or admin-assisted recovery
  • Central master certificate (private key) digital certificate based recovery of encrypted data on portable media devices