Katie

/Katie Leverman

About Katie Leverman

This author has not yet filled in any details.
So far Katie Leverman has created 5 blog entries.

How to Protect Your DataLocker Against Thunderspy Attacks

Thunderspy allows for evil maid type attacks against a host computer. Evil maid attacks require physical access to the victim’s machine and usually enough time to do something conspicuous such as disassembly. A successful attack will give the intruder direct memory access to the machine which gives them the ability to compromise all local security controls of that computer. This includes removing restrictions on any currently unlocked encrypted drives. 

The most likely scenario would be to gain access to the system boot drive, even if full disk encryption like BitLocker is in use. This is a generic attack against the host computer, which then can be used to compromise anything trusted by said computer. For example, if you were signed into your bank website, this attack would allow an intruder access to your bank information. The same concept is true if you were currently connected to your unlocked DataLocker drive. 

Just like you should log out of your bank account, you should also lock your DataLocker drive when not in use. DataLocker has an inactivity autolock feature which is useful when you forget to log out before you walk away. Similar to how your bank logs you off after certain minutes of inactivity, so can your DataLocker drive. The DataLocker DL3 and Sentry K300 both have firmware level settings to lock after a set amount of inactivity, as well as all devices that are managed by SafeConsole. Our drives will also lock imminently if the host computer is put to sleep, which is the likely state a computer will be in during a Thunderspy attack. Once a DataLocker drive is locked and disconnected from a computer, then Thunderspy cannot directly target data on the encrypted drive. 

Thunderspy takes advantage of Thunderbolts advanced feature set using low-level physical access, it is only fitting it is defeated by a simplistic approach of disconnecting the drive when not in use. It’s these fundamental security concepts where DataLocker strives to secure your data. This attack shows that storing data on the boot drive, even if it is encrypted still poses potential security issues. You don’t unlock your safe every time you get home and you shouldn’t unlock the vault of your most important documents every time you turn on your computer. It is times like these that show simply isolating your data into different silos, such as putting the most sensitive data on dedicated hardware-encrypted drives allows easier separation from generic low-level attacks like this.

Remote Worker Software Toolkit from DataLocker – Stay Productive and Compliant

As many companies move to a remote teleworking environment there is increased concern about how to keep sensitive data at rest secure. What can be done to provide workers with secure and stable storage using DataLocker’s centrally managed software solutions? 

Encrypt local data allowing offline work if the Internet becomes temporarily clogged

SafeCrypt utilizes military-grade encryption and allows central IT to track stored data in its secure drives to quickly achieve compliance. SafeCrypt can be installed manually on any remote PC by the end-user or through regular central admin tools if the machine is under administrative control.

It is also possible to synchronize the locally encrypted data into any cloud service while still keeping company control over the encryption keys. This is extremely important and also allows failovers if one backup service goes down. 

SafeCrypt can also be used even if networks temporarily fail, as some leading journalists fear as there is a surge to online services. 

Lockdown USB ports, as machines are more likely exposed in unsafe environments 

Many organizations have a sense of security regarding USB usage when laptops are mainly used at the office. But sending all the laptops to homes, environments that are less safe, heightens the risk that company laptops are used for school work, sharing, and more. This might be alright, we need to share resources, but it is reasonable to ensure that not any USB drive can be plugged into the corporate machine as the risk of malware and data breaches is significant. Administrators will also be in a hard position trying to sanitize machines remotely if USB malware hits. The better option is to deploy PortBlocker to remotely control which USB devices can be used. PortBlocker can easily be installed and enrolled by the worker to the SafeConsole cloud or on-prem server. It can also be installed automatically if the admin has central control of the machines. 

Deployment of a SafeConsole SaaS trial with both SafeCrypt and PortBlocker can take as little as a few hours with the current workload for approving trials. The trial can then be turned into a production environment after licensing is complete.

As a leader in the field, DataLocker has a range of solutions that meet industry security standards. 

DataLocker strives to serve our community and our customers by contributing pieces to the remote IT puzzle that we have available. Also, check out our secure USB storage products that can be used as encrypted storage or as secure laptop alternatives.

The Laptop Alternative, the Thumbtop – Managed Secure USBs with Managed Apps

What if your “laptop” only weighed 9 grams, never broke down, and took 3 minutes to issue out? DataLocker’s managed, encrypted USB drives can be utilized as thumbtops: smaller, smarter, tougher, lighter, and cheaper than a laptop. They allow your organization to stay compliant, secure, and productive. Compared to online virtual environments and remote PCs, DataLocker USB drives work when the networks are choppy and intermittent. Thumbtops work online and offline. Many journalists fear that a surge of remote working people and at home, streaming children may cause a network overload. A solution that can handle offline work, makes sense.

Benefits of Thumbtops

  • Great cost saving compared to laptops, tie up less cash
  • Encrypted USB drives used as thumbtops offer cost savings in distribution and are easier to carry with you (a few grams vs. a sore shoulder)
  • Hardware encrypted thumbtops offer a high level of management control through SafeConsole with audit trails and remote password resets among other features
  • Deploy in minutes and setup scripts for downloads or install apps through SafeConsole
  • Thumbtops are perfect for secure and regulatory compliant work on guest/shared PCs
  • USB 3.0 and premium storage components offer a speedy experience
  • Secure USBs are extremely robust compared to laptops
    • Laptops have a general failure rate greater than 15% over two years 
    • DataLocker secure USB storage devices are far below 0.5% and they can even withstand dust and moisture
    • If the host PC breaks, your data is safe and accessible when you find a new host PC
  • Lower environmental impact (much less materials and rare earth metals used)
  • It is easy to recycle/reuse thumptops for new users – a secure USB can be remotely reset in 30 seconds and issued to a new user vs. many hours of work per laptop

Use Cases for Thumbtops

  • Remote workers can access corporate applications through approved apps and be allowed to securely store data offline when needed – for example when Internet is unavailable
  • Students and researchers, are provided their own environment and storage for work to secure access on shared PCs
  • Disaster recovery, during trying times, this is a cost-efficient way of enabling the workforce on any PC
  • System admin troubleshooting using different tools

Software to Deploy with Thumbtops 

  • For regular use, a suite of portable applications is available through PortableApps.com including: FireFox browser, Thunderbird email client to allow offline work, and OpenOffice Suite
  • For power users that require special operating systems and applications, Portable VirtualBox can be run on thumbtops – this popular virtualization environment made portable is perfect for developers, engineers, and consultants that require full control
  • DataLocker also offers two additional SafeConsole managed software agents that offer compliance and can complement thumbtops when possible.

Introducing DataLocker Sentry ONE

In an effort to simplify our product line, we have merged our best selling DataLocker Sentry 3 FIPS and Sentry EMS into the Sentry ONE.  The Sentry ONE adds the flexibility of being centrally managed by either SafeConsole or IronKey EMS central management platforms. Utilizing the same 256-bit AES hardware encryption as its predecessors, Sentry ONE delivers ultimate portability, security and convenience. This next generation USB 3.1 GEN 1 drive combines 100% hardware encryption with plug and play simplicity and is available in:

  • Standard Models
  • Managed Models – managed by either SafeConsole or IronKey EMS. (requires a device license – sold separately)

Sentry ONE Features:

  • AES 256-bit hardware encryption
  • FIPS 140-2 level 3 validated (FIPS CERT #2929)
  • Built-in brute-force protection disables and wipes data after 10 incorrect login attempts
  • USB 3.1 Gen 1 – Backward compatible with USB 2.0 & 1.1
  • Available capacities 4GB, 8GB, 16GB, 32GB, 64GB and 128GB
  • Easy asset tracking with human and machine readable external serial number

Centrally Managed by either SafeConsole or IronKey EMS:

  • Enforce policies such as password rules, remotely reset passwords, switch endpoints into read-only mode, or remotely wipe in case of loss or theft.
  • Monitor all your encrypted endpoints from one location including username, device type, serial number, status and more.
  • See a complete audit trail for each device, including connections, login attempts and even file activity with SafeConsole.
  • Analyze activity on your encrypted endpoints. Third Party SIEM integration is optionally available with SafeConsole

Datalocker products are TAA Compliant – proudly made in the USA.

DataLocker Introduces Industry’s First Encrypted Keypad Flash Drive Featuring an OLED Display at RSA Conference 2018

DataLocker, Inc., a leading provider of encryption solutions, today launched the industry’s first platform and operating system independent encrypted keypad flash drive featuring a built in OLED display at the RSA Conference 2018 in San Francisco.  The DataLocker Sentry® K300 encrypted flash drive provides users with 256-bit AES encryption, an alpha-numeric keypad, enhanced security features, and up to 128GB capacity, all developed around DataLocker’s “Simply Secure” design principles.

The Sentry K300 is the industry’s only platform-independent and OS agnostic keypad flash drive which incorporates an OLED display and represents the next generation of encrypted data storage products. In addition to the display’s true alpha-numeric password-based authentication, the Sentry K300 offers users a full featured visual based menu driven system to easily change passwords, set password policy and enable other security features without needing to consult a user manual. The Sentry K300 utilizes mSSD flash memory to offer unparalleled speed and performance.

“The Sentry K300 is, in many ways, a compact version of DataLocker’s flagship secure storage solutions that used alpha-numeric keypads for secure access to data,” said Jay Kim, CEO, DataLocker.  “This drive is ideal for security conscious users who require a bootable, lightning fast storage device for BYOD environments. As a secure storage device, the K300 can be used with any computing device which supports USB storage.”

The Sentry K300 requires no software or special drivers and easily works with Windows, Linux, Mac, Android phones and tablets, Chromebooks, and embedded systems that can use USB mass storage. The K300 has its own power supply and can be used as a bootable device running Windows to Go, Ubuntu Linux, or local operating systems. The Sentry K300 offers User and Admin roles, Read Only Mode, an Admin configurable password policy, an auto-lock feature, and rapid secure wipe in case the drive is lost or stolen.  The Sentry K300 is designed to be managed by SafeConsole®, DataLocker’s flagship central management platform.

The Sentry K300 will be available late Q2 2018.  For more information on the Sentry K300, go to datalocker.com.