EgoSecure FDE vs. Microsoft BitLocker
|
ID: 18050401
Languages: EN, DE
Components: EgoSecure FDE, Microsoft BitLocker
Operating system: Windows
|
This article provides a side-by-side comparison of EgoSecure Full Disk Encryption (FDE) solution with Microsoft BitLocker .
| EgoSecure FDE | Microsoft BitLocker |
| Requires a separate EgoSecure Full Disk Encryption administrator password to disable EgoSecure Full Disk Encryption or to change settings. => Nobody, even a local or a domain administrator, can make changes to the EgoSecure Full Disk Encryption configuration. | The local administrator can disable BitLocker or make changes to its configuration. |
| Supports different encryption algorithms (AES, TDES, DES, Blowfish and XOR). | Supports only one encryption algorithm (AES). |
| Supports up to 2000 users and is thus multi-user capable. | Does not support multiple users; it supports only one PIN (TPM) per computer. |
| Uses pre-boot system based on hardened Linux (PBA) or the EgoSecure-own boot technology via the EgoSecure credentials manager (Simple PBA). | Uses pre-boot system based on Windows inheriting the same potential vulnerabilities as the host system. |
| Supports secure authentication on computers that have no TPM chip; available authentication mechanisms include Windows username/password and smart cards. | Usually requires TPM to securely store an encryption key. |
| Supports different emergency recovery mechanisms including offline challenge–response, encrypted recovery key on USB stick or CD or a WinPE-based recovery CD and USB. User credentials can be changed or reset remotely. | There is no offline challenge–response. Recovery information is often stored in clear text on a USB stick, in network shares or in Active Directory. TPM PIN cannot be reset or changed remotely. |
| User credentials can be changed or reset remotely. | TPM PIN cannot be reset or changed remotely. |
| Stores password protected recovery files locally and/or in the database. | Recovery password or file are stored unprotected. |
| Role-based and central administration via the EgoSecure Management Console. | AD admins can manage BitLocker. |
| Supports single sign-on to Windows. | After authenticating to the TPM at pre-boot, users have to additionally authenticate to Windows. Thus, it does not offer single sign-on. |
| Supports both local management and also management through the EgoSecure Management console. EgoSecure Management tools are provided free of charge with any FDE license. | BitLocker can be managed locally. To manage BitLocker remotely, Microsoft BitLocker Administration and Monitoring (MBAM) is required. It is a separate tool which requires Microsoft Software Assurance subscription. |
| Supports Friendly Network, which simplifies the process of booting if the network is known and protects computer if it is connected to an unknown network. | Doesn't support Friendly Network. |