Sophos SafeGuard Enterprise
Your central key for data protection
Overview:
SafeGuard Enterprise provides multi-layered endpoint data security combining encryption and data loss prevention (DLP). The centrally managed solution secures data on desktops, laptops, PDAs, smartphones and removable media. Its transparent data encryption enhances user productivity while preventing malicious users from reading lost or stolen media. SafeGuard Enterprise prevents endpoint data leakage by controlling access to both physical and wireless interfaces (e.g., USB, FireWire, Wi-Fi) and storage devices (e.g., MP3 players, removable media).
SafeGuard Enterprise modules:
- SafeGuard Management Center
Implements and enforces a common, organization-wide security policy framework, providing a central point of management control in mixed IT environments - SafeGuard Device Encryption
Transparently encrypts data on laptops, desktops and external media, protecting users against unauthorized access, loss or theft of data - SafeGuard Data Exchange
Ensures the secure exchange of data via removable media with business partners and customers, even if they do not have a SafeGuard application installed - SafeGuard Configuration Protection
Offers central control over fixed and mobile devices, protecting against malware, inappropriate software use and unauthorized configuration changes - SafeGuard Partner Connect
Manages external data security applications (e.g., Windows BitLocker Drive Encryption) - SafeGuard FileShare*
Encrypts user data across working groups; protects data on local drives and network servers, at both the file and the directory level
*Future release. This functionality is currently provided by SafeGuard LAN Crypt.
What’s new in SafeGuard Enterprise 5.50:
SafeGuard Enterprise version 5.50 enhances data security and compliance, improves IT efficiency and increases end-user productivity. SafeGuard Enterprise offers extended support for Windows 7, flexible and fast deployment options, and convenient password recovery.
Key features
Extended support for Windows 7
- SafeGuard Enterprise modules, including Device Encryption, Data Exchange, Partner Connect and Management Center, now fully support Windows 7. 64-bit full disk encryption is available for Windows 7 and Vista. Customers benefit from broader data security coverage in mixed Windows environments including Windows 7, Vista and XP.
Comprehensive data protection in diverse environments
- As full disk encryption becomes more widespread, administrators face encryption deployment challenges when end users are in offices, on the road, in remote locations, in contractor locations or at home. Administrators can deploy SafeGuard Enterprise quickly, effectively and simultaneously across all these environments.
- New administrator access options, combined with updated policy controls, provide for a variety of deployment options in both centrally and non-centrally managed environments. Maintain security during organizational changes with easy user migration between SafeGuard environments. Organizations now have deployment flexibility going all the way from a few users to large service provider-type environments. Consistent security policies can be enforced across the enterprise, enabling stronger compliance.
Faster encryption rollouts
- The server installation wizard enables administrators to install the SafeGuard Enterprise server components and Management Center with the correct configuration settings. For greater reliability, the automated, step-by-step installer can also ensure that required Microsoft components are installed with automatically managed dependencies.
- During initial PC rollouts, Administrator Service Accounts allow administrators to perform essential tasks on PCs without triggering pre-boot environment activation. This allows end users to claim ownership when they sign in for the first time. Administrators can roll out encryption faster while preserving the capability to audit end-user ownership of PCs.
- Assign security officers into groups where they can automatically inherit pre-defined group roles. Rights can also be delegated. The capability for automated security officer role assignments enables faster rollouts, improving IT efficiency.
Local self help for forgotten passwords
- No need to call the help desk—end users who forget their passwords can securely recover them with local self help. This benefit also extends to the recovery of forgotten Windows passwords. End users are prompted for answers to questions asked during enrollment. Local self help is available to end users in both centrally and non-centrally managed environments. Organizations benefit from improved end-user productivity and lower help desk costs.
Higher end-user productivity with local self help for
forgotten passwords
Features & Benefits:
Protect your confidential information and comply with regulatory mandates—safely and securely—with Sophos’s comprehensive SafeGuard Enterprise solution. SafeGuard Enterprise is a modular information protection control platform that enforces policy-based security for PCs and mobile devices across mixed environments. It is fully transparent to end users and is easy to administer from a single central console. SafeGuard Enterprise provides multi-layered endpoint data security by combining encryption and data leakage prevention. Its modular architecture provides comprehensive data security tailored to your organization’s needs and growth requirements.
Manage policy and regulatory compliance risks easily and effectively
Protecting confidential personal data from disclosure is a fundamental legal requirement for many companies worldwide. SafeGuard Enterprise bolsters compliance measures by enforcing centralized polices for encryption and data leakage prevention, with verifiable audit logs and reports.
Secure productivity and collaboration with state-of-the-art key management
Behind-the-scenes key management enables legitimate users to easily and securely share
data across PCs, removable media and even email attachments. SafeGuard Enterprise
provides centralized, state-of-the-art key management from a single console. It is simple and
easy to securely store, exchange and recover keys in mixed environments.
Improve business processes with centralized security control
Managing data security in heterogeneous enterprise environments with various devices and
platforms can be challenging. When employees, business partners and customers have
access to data from many locations, protecting this information requires strong, centralized
management. SafeGuard Enterprise delivers centralized security control across mixed IT
environments, using role-based management to enable granular policy enforcement—far
superior to pure point products. Automated tools streamline deployment, and data can be
quickly recovered if employees forget passwords, resign or lose authorization.
Business confidence with transparent security and data recovery
Encryption processes are automated and transparent to users, even during initial installation,
allowing users to work without interruption. Fast and secure authentication is enabled by
biometric fingerprint and cryptographic token support. Recovering forgotten passwords is easy
with secure challenge response over the phone or via local self help. It also supports standard
system and data recovery and forensics tools after proper authentication.
Investment protection with scalable architecture
SafeGuard Enterprise offers superior scalability and broader compatibility compared to point
security solutions, and its modular architecture supports rapid business growth. SafeGuard
Enterprise can administer external encryption technologies such as BitLocker Drive Encryption
to secure data in Windows 7 and Vista operating systems. The SafeGuard Enterprise
architecture can be further extended to support encryption platforms and products. Microsoft
Active Directory directory services and Novell environments are also supported. Moreover,
SafeGuard Enterprise supports multi-factor authentication with third-party tokens, smartcards
and biometrics such as Lenovo fingerprint readers. End users benefit from seamless security
across devices and platforms with the added convenience of single sign-on for greater
productivity.
Technical Specifications:
| Platforms supported | x86 32-bit | x86 64-bit | IA-64 (Itanium) 64-bit |
Minimum disk space |
Minimum memory |
| SafeGuard Enterprise - Client | |||||
| Windows 7 |  |
*** |
120 MB | 1 GB* | |
| Windows Vista SP1+ | |
*** |
|||
| Windows XP SP2+ | |
||||
| SafeGuard Enterprise - Management Console | |||||
| Windows 7 | |
|
100 MB | 1 GB* | |
| Windows Vista SP1+ | |
|
|||
| Windows XP SP2+ | |
|
|||
| Windows Server 2008 | |
|
Please follow standard Windows Server installation guidelines | ||
| Windows Server 2008 R2 | |
||||
| Windows Server 2003 | |
|
|||
| Windows Server 2003 R2 | |
|
|||
| SafeGuard Enterprise - Management Server | |||||
| Windows Server 2008** | |
|
Please follow standard Windows Server installation guidelines | ||
| Windows Server 2008 R2** | |
||||
| Windows Server 2003** | |
|
|||
| Windows Server 2003 R2** | |
|
|||
| Database support Microsoft SQL Server 2005 or 2008 Microsoft SQL Server Express edition |
|||||
| Standards and Protocols Symmetrical encryption: AES 128 bit, AES 256 bit Asymmetrical encryption: RSA (PKCS#1) Hash functions: SHA-1, SHA-256, SHA-384, SHA-512 Password hashing: PKCS #5 Protocols and interfaces: PKCS #11, PKCS #15, LDAP, Microsoft Cryptographic Service Provider (CSP), SOAP, XML, SSL, TCG, CCID, Kerberos PKI: PKSC #7, PKCS #12, X.509 certificates |
|||||
| Certifications Common Criteria EAL 3+ Uses FIPS 140-2 validated cryptography Aladdin eToken and EnCase enabled CC EAL 4 (in progress) |
|||||
| Languages supported SafeGuard Enterprise Client: English, French, German, Italian, Japanese, Spanish SafeGuard Enterprise Management Center: English, French, German, Japanese |
|||||
*Note: This memory space is recommended for the PC. Not all of this memory is used by SafeGuard Enterprise.
**Includes Internet Information Server (IIS) and Active Directory
***Device Encryption and Partner Connect modules
