Announced at Symantec Vision Barcelona (http://www.symantec.com/about/news/release/article.jsp?prid=20101004_02) - the PGP and Intel Anti-Theft solution provides a great way to secure laptop PCs.
Summary of the PGP Whole Disk Encryption along with PGP Remote Disable & Destroy (RDD) with Intel Anti-Theft
- Intel Anti-Theft: http://antitheft.intel.com/welcome.aspx - local and remote triggers to disable laptop. Once disabled, laptop cannot be booted even if hard drive is reimaged or replaced. Laptop can be reactivated upon recovery. If event triggered, the BIOS is effectively disabled.
- PGP WDE (Whole Disk Encryption) - providing the first layer of data protection. Part of the encryption keys are stored inside secure firmware (i.e. management engine) of the laptop. When an anti-theft event is trigger, the keys in firmware wiped. Event triggers could be local policies (i.e. # failed login attempts), cracking the case (i.e. if attempting to gain physical access to chipset, etc), or having a kill pill sent to the laptop.
By combining the above items together the following:
- Disable access to data
- Data protected even if credentials compromised (i.e. thief knows PGP Passphrase - but the keys have been wiped from embedded management engine)
- Secure decommission with key lock & key wipe
We had a chance to show this technical at Symantec's Worldwide Technical Summit (technical sales training event including partners). Trials will be starting soon.
Nov 24 update - Adding an overview slide from recent presentation.
The opinions expressed on this site are mine alone and do not necessarily reflect the opinions or strategies of Intel Corporation or its worldwide subsidiaries.