3rd party full disk encryption products

[AndyM]

Sorry... loooong week, and I failed to read the previous page

I was a Sophos partner for 3 years, and never sold a single one of their products. The training was all online, but when I had an opportunity to sell a UTM box, I insisted that I took a crash course at their HQ. No charge, and got a whole load of freebies to boot Product went out on a Proof Of Concept option, but then the director of the company decided he didn't want to pay any bills, and filed for bankruptcy, so that deal didn't go through either!

But I do sympathise with that whole 'pay us for training so that you can sell our products and make us even more money' strategy. I wouldn't go for it either.

Andy

 

[dbdawn]

What don't you like about Dell? I've found their Dell Data Protection (formerly Credant) to work better than Symantec PGP or McAfee.

I wish Microsoft provided Bitlocker on all versions of Windows.

 

[pcman2010]

I'm curious what you selected YeOldestonecat for your clients. I'm selectively deploying Bitlocker for my clients.

 

[YeOldeStonecat]

What don't you like about Dell? I've found their Dell Data Protection (formerly Credant) to work better than Symantec PGP or McAfee..

I want something centrally managed ....so I can manage all of our clients
I want something that can be installed on different various laptops.
I want an MSP service I can resell...make money from.

Dells options for encryption keep changing over the years...nothing consistant. And they keep doing change-ups on which models they offer with certain options. For 2 years my client got Latitude upper end series with hardware FDE and 4G connection. Couple of months ago went to order another 12, and the Dell rep said no Latitudes with this combo, have to get a Precision. Really? A Precision graphics mobile workstation instead of 14" light laptops...for nurses? I don't think so!

I called and reached out to 4x different sources/people asking about that mysterious "Enterprise" version of Encryption (you see it as an option when configuring Latitudes)...never got an answer.

 

[YeOldeStonecat]

AlertBoot (aka DataGuard) called me back, looks like a nice product and they're streamlining to work with MSPs....I have a nooner with them for a webinar on Monday.
http://alertboot.com/

So I had my webinar with them...I did like the product. Nice centralized management portal, also has MDM built into it (for those looking for a MDM product too). Good reports you can product for HIPAA/Hitech/PCI/etc compliance. Low price. Pay as you go model....no minimum license buy. Sorta low "reseller discount" at first...you start out at 10%. Grows as your volume grows. But you can certainly "add value such as monitoring" to the price and mark it up more so you can make more off of it.

The checkpoint guys never got back to me, I'll reach out to them when I get back. I'm heading to New Hampshire for a few days.

 

[colonydata]

I assume that Alertboot has where you can access a recovery token through the management console in the event a user cant remember their password or wont decrypt their computer?

 

[YeOldeStonecat]

Whelp....Sophos still hasn't gotten back to me, even e-mailed the rep again. so screw them!

Doing a trial of AlertBoot ....stuck it on a computer at the office. Pretty impressed with it, I like the central management of course. But it has "safety options"...to unlock it if needed. Setup is pretty easy, you get a customized installer, install it on a rig...it will show up in your portal, you assign it to a user, and you assign a profile/config to it...and done! You can certainly further customize from there...and assign multiple devices to a particular user. So you can manage a users workstation, laptop, smart phone, etc...all from within their user hive of your portal.

 

[colonydata]

Whelp....Sophos still hasn't gotten back to me, even e-mailed the rep again. so screw them!

Doing a trial of AlertBoot ....stuck it on a computer at the office. Pretty impressed with it, I like the central management of course. But it has "safety options"...to unlock it if needed. Setup is pretty easy, you get a customized installer, install it on a rig...it will show up in your portal, you assign it to a user, and you assign a profile/config to it...and done! You can certainly further customize from there...and assign multiple devices to a particular user. So you can manage a users workstation, laptop, smart phone, etc...all from within their user hive of your portal.

Had a convo with a rep this morning. I'm starting a trial as well. A couple notes.

On the website I think it said that it uses Sophos, they are now using Trend Micro for the actual encryption.

Windows 8 is a bit of an issue because of MBR/UEFI issues. I cant remember if he said the fix was they just did a wrapper around Bitlocker or that is what they are working on. He also said that they are working on a wrapper for FileVault for Mac.

Removeable drive encryption is off by default because if it is on. It encrypts any usb device you plug into it. Phone, Flashdrive, usb hdd etc.

 

[Tech in SC]

I just got off of a demo with Beachhead. Very nice product and managed interface. They do not do FDE.

Everything was sounding good until he told me there was a 50 license minimum ($150/mo) + $450 training! I thought it was ironic that they tout their product as simple to use (it appears to be) but then tell me I have to be trained on it... BAHAHA!!!

On the plus side, the licensing is very cheap and you can easily markup 100%-200%.

I'm trialing Alertboot right now as well. I think their update to support Win8 is supposed to be out next week.

Like StoneCat mentioned... nice product, no minimums, no training fees, but low base profit margin (or another way to look at it is their cost to the reseller is HIGH).

If you can get past the entry requirements, Beachhead is much more profitable and appears to have a very polished product.

If you're looking for a no barrier entry and long term margins aren't that important, Alertboot looks like a great option.

One strategy might be to use Alertboot to get started and build up your numbers then move over the Beachhead once it makes better sense.

Just to help... I ran the numbers on Beachhead. With their monthly minimum of 50 seats... if you charge $9/mo./PC-Mac-Server... you need 17 paying seats to break even. That said... that's not taking into account the initial $450 training cost. With the training, you need 21 managed rigs the first year to cover the cost. So... 21 in year one and 17 after that will just get you just above break even. If you can get to (and above) the 50 seat minimum the margins are attractive. At $9/mo for 50 seats, your profit would be $3600 annually.

Just to compare... I can't recall where the price breaks are with Alertboot but I think their highest discount is 25%. So let's see how that compares using the same 50 seats... $2437.50 annual profit.

So, if I'm correct in all my info and figures... Beachhead would profit me $1162.50 more a year for 50 seats that I'm charging $9/mo on.

Now, that's a bit of a simplistic approach being that there are other factors involved that I didn't go into... like mobile devices, USB devices, etc.

I have no data on the other products mentioned by others. Anyone feel free to correct me or add to the analysis. If I can help lessen the time and effort someone has in making a decision on a product then great!

 

[YeOldeStonecat]

I just got off of a demo with Beachhead. Very nice product and managed interface. They do not do FDE.

That there is a show stopper...."no FDE".
I don't want any questions about the possibility of data being in non-standard locations...and possibly being a risk. You told me once..."the burden is on you to prove it!" I don't want anyone to be able to ask me "Well what if they had data in the root of C?" I want the whole friggin' thing wrapped up completely with FDE so no questions can be asked.

I signed up for a trial with AlertSec...a spinoff of a spinoff of prior name of CheckPoint.
http://www.alertsec.com/

But I see they don't offer MDM. When I sent their sales a question, they just sent me a link to sign up for the trial. At least AlertBoot called me within minutes...asked if I had questions, needed help, etc. Responsive. AlertSec seemed like they didn't want to bother talking..just sent a link to a trial. Shows me what their customer support will be like down the road...so I'm not even going to install it.

 

[Tech in SC]

Yeah... no FDE. You can manually choose files and folders to include but they don't want to encrypt the OS... as you know... an OS crash is pretty much a re-image only repair.

I'm seeing less and less FDE. Some companies that had FDE have actually stopped offering FDE.

Since you're coming at this from a HIPAA compliance angle... my initial response was aimed at encryption in general. As for the burden... yes, its on you but I could write a whole post about the reasonable and appropriate response to encryption... blah blah blah. Throw in a dash of due diligence and you have yourself a case for safe harbor.

It may require a little more oversight from your techs (and training with your clients) but not having FDE isn't the end of the world. It certainly will require a little more time... billable time that is.

That said... FDE is certainly the better option and the way I'd go. I'm still looking. Will try DESlock+ Pro next. It's by ESET. It does offer FDE... in the Pro version only. It says nothing of auditing and reporting though... and I need that component as well.

I've run into the same problems as you StoneCat... there's not really a strong player in the market that I can find... yet. However, Alertboot has my vote so far.

 

[Tech in SC]

Just got off a call with Tim Maliyil, the CEO of AlertBoot. I will be doing a recorded webinar/interview with him next week for HIPAAforMSPs.com. He is also offering members a recurring discount that is double their normal discount rate. NICE!

@StoneCat... if you have any particular questions you'd like me to ask, let me know.

Anyone else is welcome to shoot questions over as well.

 

[YeOldeStonecat]

Not having a good time with AlertBoot.....support takes days....weeks...and I'm not satisfied with their answers. Can't get encryption to work on a fleet of laptops, they blame it on Windows seeing the HDDs as "SCSI"...(which, depending on the SATA controller, BIOS version, RAID or AHCI or whatever mode...may or may not see as SATA or SCSI). Just standard Lenovo Thinkpad T400 series....certainly common enough with corporate fleets.

Gonna give AlertSec another peek...

 

[Tech in SC]

wow... that stinks. I haven't run into problems... yet. Let me know if you find anything better.

 

[YeOldeStonecat]

AlertSec works....uses the big old name "Checkpoint" in their engine. Easy install. Tried their support for one issue on one rig...got a voice pretty quickly. UK based, going from the accent.

Their management portal however...a bit bland. I'd see it being difficult once the volume of installations across various clients builds up. Seems based more on usernames than computer names. I wish for encryption that is more global per machine, not user dependent.

AlertBoot tech guy keeps having me try stuff...I have over 6x man hours between me, and my tech...involved in helping them troubleshoot this. My profit in this product is already in the hole for the next 3 years minimum.

Wish Beachhead did FDE...looks interesting.

 

[Tech in SC]

How about going directly to Trend Micro (which AlertBoot is built on)... or SOPHOS (know nothing about them)?

 

[cypress]

How about going directly to Trend Micro (which AlertBoot is built on)... or SOPHOS (know nothing about them)?

Heard a couple reviews on the Mike Tech Show where a listener e-mail and was having horrible issues with Sophos at his work place. Said it was a nightmare to get working properly and there was a high turnover of errors.

Sorry I don't mess with this stuff too much, but I figured I'd chime in there.

 

[kpk1]

I've used Sophos enterprise encryption before, causes havoc when integrated with the windows login sequence.

It's not for the faint hearted, and has to be removed in exactly the right way, or you're looking at a total disc wipe and start over.

 

[YeOldeStonecat]

Deployed a few trials of AlertSec, and was happy with response from them. Although their web portal is a bit "bland"...compared to AlertBoot, or others, the actual encryption engine they use is the popular and time tested CheckPoint software.

Talked with their rep, the partner program is decent, pretty good margins (up to 45%).

 

[YeOldeStonecat]

Just following up....giving "props" to AlertSec. Had a laptop develop a HDD issue, went to replace it under warranty. So worked with AlertSec support to remove old agent, and once done with the HDD...to reestablish encryption. Calling their support...fairly quickly get to a live body. Their e-mail response is very quick. And today to wrap up re-encrypting one laptop, I sent them an e-mail and in 3 minutes someone called my office. Gotta say "good support".