Symantec Corp. today announced detailed integration plans for its recently acquired encryption vendors, PGP Corp. and GuardianEdge Technologies Inc. The plans include expanding PGP Whole Disk Encryption to support Symantec Data Loss Prevention and eliminating the GuardianEdge brand, upgrading those customers to Symantec Endpoint Encryption.
We can't go back to those customers and expect them to decrypt their devices using GuardianEdge because we're going to end-of-life that product. It's simply not going to happen.
senior director of product managementSymantec Corp.
In an interview with SearchSecurity.com, Bryan Gillson, Symantec's senior director of product management, acknowledged a major overlap between PGP and GuardianEdge full disk encryption, but added that there are no plans to force customers to redeploy new technologies. Instead, users of GuardianEdge will see a branding change, with the product continuing to be fully supported.
"Both companies have very strong customer bases, with some customers having 50,000 or more deployed seats," said Gillson, who was director of business development at PGP prior to the acquisition. "We can't go back to those customers and expect them to decrypt their devices using GuardianEdge because we're going to end-of-life that product. It's simply not going to happen."
In addition, the PGP platform overlapped with some features already offered by Symantec, including Symantec device control. But Gilson said PGP and Symantec shared a lot of technologies, which will be slowly integrated and based on the PGP technology.
Gillson said PGP had an OEM arrangement with Symantec's Data Loss Prevention for finding confidential information on the network and enabling encryption through PGP's NetShare file encryption product. In addition, PGP previously supported Symantec's Brightmail Gateway, antispam and antivirus appliance to allow policy-based routing of information through PGP's Universal Gateway Email Server, Gillson said. PGP also integrates with Symantec Enterprise Vault for decrypting email before it is stored in an email archive.
"We're not going to mandate that everybody use a single product in their heterogeneous environment. It's unrealistic," Gillson said.
Symantec is in the process of combining GuardianEdge and PGP device control technologies into a single product. Symantec announced the integration of Symantec Endpoint Encryption Removable Storage Edition with Symantec Endpoint Data Loss Prevention. Symantec Endpoint Encryption Device Control monitors device usage and file transfer activity and controls access to ports, devices and wireless networks. It can be set up to restrict a user's ability to copy protected classes of information.
Symantec and its chief competitor, McAfee Inc., have been moving quickly to upgrade their encryption and device control products. McAfee acquired SafeBootfor full disk encryption in 2007 and Symantec merged its encryption technology into its DLP suite.
Jon Oltsik, principal analyst at Milford, Mass.-based consulting firm Enterprise Strategy Group, said he expects to see future announcements around centralized management and key management from both vendors. Most enterprises, he said, have an encryption product deployed, but the biggest trouble points are around managing keys.
"The PGP suite gives a bigger advantage to Symantec," Oltsik said. "The PGP Universal Server controls encryption administration and can be a key management server for lots of kinds of encryption natively, while SafeBoot was really targeted at endpoint encryption."
The biggest challenge for Symantec, Oltsik said, is to determine the areas of overlap and integrate those areas without disrupting the customer base.
"Typically where Symantec has succeeded best is where they slow-rolled integration, enabling required business units to continue to sell new products and services," he said. "That's likely what we're going to see them do here."
Symantec announces support for Intel hardware security
In addition, Symantec has revealed plans to provide integrated support for Intel's Anti-Theft Technology within PGP Whole Disk Encryption, a necessary step to enable customers to use Intel's chip-based security protections, which include the ability to remotely wipe a hard drive or disable a laptop if it is lost or stolen. The system can later be reactivated if it is recovered. Intel has been slowly rolling out support for its anti-theft protection technologies in its Core i3, Intel Core i5, Intel Core i7, and Intel Core vPro processors.
PGP Whole Disk Encryption will also support encryption acceleration through Intel's AES-NI technology, available in Intel Core i5 and i7 processors. The AES-NI technology speeds the time it takes to encrypt a laptop and increases throughput on solid state drives (SSDs).