1

PGP Product Update

Juha Ropponen Arrow ECS Finland Oy

Symantec Encryption tuoteperhe uudet nimet

PGP Universal Server = Encryption Management Server

Whole Disk Encryption = Drive Encryption

Netshare = File Share Encryption

PGP Universal Gateway Email = Gateway Email Encryption

PGP Desktop Email = Desktop Email Encryption

PGP Desktop = Encryption Desktop

Powered By PGP Technology

2

3

PGP Universal Server

PGP Desktop

• Client management

• Email protection

• Key management

Summary of features offered

• Full disk encryption

• Shared file and folder protection

• Local file and folder protection

• Email encryption

PGP Universal Server™

• Eventually will manage all encryption applications

• Cannot manage any Symantec Endpoint Encryption (SEE) products at the moment

Centralized management for all PGP® Applications

4

PGP Universal Server Defined

• PGP Universal Server is the primary component of a PGP security architecture

• PGP Universal Server is…

5

PGP Universal Server

A Management System

• PGP Universal Server can provide policy and encrypted data recovery mechanisms for PGP Desktop clients

6

PGP Universal Server

PGP Desktop

PGP Desktop

PGP Desktop

An Email Proxy

• PGP Universal Server can proxy standard email protocols: – SMTP

– POP

– IMAP

• It can also encrypt, decrypt, sign and verify email

7

PGP Universal Server

Outbound mail

Inbound mail

A Key Management Server

• PGP Universal Server can act as a key server • It can also search other servers for keys • It can generate and issue keys for users

• It will also maintain and provide verification for keys that it manages

8

PGP Universal Server

SMIME

PGP Keys

A Soft Appliance

Our software + Your hardware =

(or VMware ESX)

9

PGP Universal Server

PGP Universal Server Components

• Open-Source components

– CentOS

– PostgreSQL - back end database

– OpenLDAP - public/private key query operations

– Postfix - mail transfer agent

– Apache httpd and Jakarta Tomcat - administration and user access

• Custom PGP components

– PGP proxy daemon

– PGP key maintenance tools

– PGP update/backup utilities

10

A user does not need to understand

how to configure any of these components to administer PGP

Universal Server

PGP Desktop Defined

• A client that offers access to many cryptographic functions

– Hard disk protection

– File & folder protection

– Volume protection

– Secure file deletion

– Messaging security

11

PGP Desktop

PGP Desktop Defined

• Can be used by itself or be managed by PGP Universal Server

– If managed, all PGP application settings come from the server

– Recovery data is stored on the server

– Managed PGP Desktop is the focus of this class

12

PGP Desktop file and folder protection

• PGP Desktop also has file and folder protection

• A Winzip style product called PGP Zip

• An encrypted virtual container feature called PGP Virtual Disk

• A way to wipe data securely

13

PGP Volume Protection

14

PGP Whole Disk Encryption

• Can secure an entire hard drive by encrypting all data sector-by-sector

• Can secure partitions of a hard drive

15

• Internal drives

• USB hard drives

• Boot drive protection includes boot sectors, system, and swap files

Hard Drive Protection

16

• If an internal drive (or partition) is protected, users enter a passphrase before the system will boot

BootGuard Protection

17

Windows Single Sign On

• Enter the Windows password at BootGuard and boot directly into the Operating System without entering a password at the Windows prompt

18

PGP NetShare

• What is PGP NetShare?

– A PGP Desktop feature meant to protect shared folders

– Can also be used on local folders

– Windows only

– Can synchronize with LDAP directory groups and encrypt files to a “group” key

19

Encrypts And Decrypts As Needed

20

PGP Desktop

The plans for the big

project

Plans.doc

Usage is transparent

21

PGP Desktop

The plans for the big

project

Plans.doc Plans.doc

Messaging Security

22

23

Client

Systems

Corporate

Mail Server

Recipients’

Systems

Recipients’

Mail Server Email at

Risk Email at

Risk Email at

Risk Email at

Risk Email at

Risk

In Motion

Where Is Sensitive Data at Risk?

Email is Vulnerable at Multiple Points—SSL/TLS

Security Alone is Not Sufficient

Email Resides at Multiple Points

Internet

PGP Universal Server

PGP Messaging Security

24

PGP Desktop

PGP for BlackBerry and Mobile devices

• Three PGP products can secure email

PGP® Email Protection - Products at a Glance

25

PGP® Desktop Email Desktop-based Email Encryption

• Automatic end-to-end email encryption

PGP Universal™

Gateway Email Gateway-based Email Encryption

• Clientless email encryption

PGP Mobile products

Blackberry Support Package

PGP Viewer for iOS devices

Encryption for Windows Mobile Devices

PGP® PDF Messenger

Statement Delivery via PDF

• For secure delivery to internal or external recipients

• Recipient does not need to have encryption keys

PGP® Web Messenger

Secure, Restricted Webmail for External Users

• Stored on PGP Universal Server

• Recipient does not need to have encryption keys

26

Email at Risk Email at Risk Email at Risk

In Motion Recipients’

Systems

Recipients’

Mail Server

Email at Risk Email at Risk

Client

Systems

Corporate

Mail Server

PGP® Desktop Email How it Works

Internet

End-to-End Email Encryption Protects

Email in Motion and at Rest

PGP® Desktop Email

PGP® Desktop Email

PGP® Support Package for BlackBerry®

PGP® Desktop Email

PGP® Desktop Email

PGP® Support Package for BlackBerry®

PGP Desktop Messaging Proxy

• PGP Desktop can secure POP, IMAP, SMTP, MAPI and Notes email traffic

• It will enforce its own policies • Or it can enforce PGP Universal Server mail policies

27

PGP Desktop

PGP Universal Server Messaging Proxy

• PGP Universal Server can encrypt, decrypt, sign and verify email

28

Email at Risk Email at Risk Email at Risk Email at Risk Email at Risk

Internet

PGP Universal™ Gateway Email Secures All Communications

PGP® Desktop Email

PGP Universal™

Web Messenger

PGP® PDF Messenger

PGP Universal™ Gateway Email

+

PGP Universal™ Server

Recipients’

Systems

Recipients’

Mail Server In Motion

PGP Universal™ Gateway Email

• Easy, automatic operation

– Email secured at gateway

– No client software or end user involvement

• Secure delivery options without client software

• PGP Universal Server management

– Enables automated, centrally deployed and managed policies, users, keys and configurations

– Corporate access to encrypted data

Gateway-based

Email Encryption

29 SEC108: Encryption Portfolio & Roadmap

Symantec Encryption tuoteperhe uudet nimet

PGP Universal Server = Encryption Management Server

Whole Disk Encryption = Drive Encryption

Netshare = File Share Encryption

PGP Universal Gateway Email = Gateway Email Encryption

PGP Desktop Email = Desktop Email Encryption

PGP Desktop = Encryption Desktop

Powered By PGP Technology

30

Thank you!

SYMANTEC PROPRIETARY/CONFIDENTIAL – INTERNAL USE ONLY Copyright © 2010 Symantec Corporation. All rights reserved.

Thank you!

31