Full Disk Encryption provides comprehensive endpoint data security using mandatory strong authentication and full disk encryption. Full Disk Encryption secures not only the data files, but also all applications, registry settings, temporary files, swap files, print spoolers, and deleted files. Until the user is validated, strong preboot authentication restricts access to the vulnerable host operating system.
The Full Disk Encryption agent uses FIPS-compliant XTS-AES encryption algorithms and mandatory authentication to make data inaccessible without authentication. Full Disk Encryption prevents data loss by encrypting the whole drive, including operating system, program, temporary, and end user files. Administrators can choose either 128-bit or 256-bit key size depending on the need for encryption strength or performance in their environment.
Full Disk Encryption allows for the flexibility to use either software-based encrypted hard drives or hardware-based encrypted hard drives as needed. Seagate DriveTrust™, OPAL, OPAL2, and SanDisk™ self-encrypting solid-state drives are supported. While hardware-based encryption is simpler to deploy on new hardware, easier to maintain, and offers a higher level of performance, software-based encryption does not require any hardware and is cheaper to deploy to existing endpoints.
Trend Micro PolicyServer controls policies affecting Full Disk Encryption, ensuring complete endpoint security centrally managed across the Enterprise. Full Disk Encryption is network-aware and updates policies before allowing authentication. You can also remotely lock or wipe data on the endpoint before the operating system or any other sensitive data is accessed.