DATASHEET

Trend Micro™

ENDPOINT ENCRYPTION
Data protection with encryption for desktops, laptops, and removable media

The proliferation of data and devices in today’s enterprises has increased the complexity SOFTWARE AND HARDWARE
of protecting confidential data, meeting compliance mandates, and preventing costly
Protection Points
data breaches. These challenges are further amplified as more and more employees
• Laptops, desktops
bring their own computing devices to work in the name of productivity. Ensuring that
• Removable media: USB/CD/DVD
sensitive data is secured in the case of device loss has never been more difficult.
• Files and file volumes (folders)
Trend Micro™ Endpoint Encryption encrypts data on a wide range of devices, such as PCs Threat Protection
and Macs, laptops and desktops, USB drives, and other removable media. Available as a • Privacy
separate agent, this solution combines enterprise-wide full disk, file/folder, and removable • Data protection
media encryption to prevent unauthorized access and use of private information. A single, • Regulatory compliance
well-integrated management console allows you to manage your users holistically—using • Securing intellectual property
the same console for endpoint protection and other Trend Micro security products.
Deploying the Endpoint Encryption agent helps ensure that your data will continue to be
protected as your mobile computing devices and organizational needs change.

ADVANTAGES

Maximize Platform Coverage Lower Total Cost of Ownership (TCO) Simplify Remote Device Management
for Data and Device Encryption with Centralized Policy Administration • Maintain compliance and protect your data
and Transparent Key Management without disrupting users in the event of a
Get comprehensive data protection on Macs
lost device or forgotten password
and PC laptops, desktops, removable media, Save more with an integrated solution that
and mobile devices makes it easy to deploy, configure, and • Manage policies and protect data on
• Encrypt private data with fully integrated manage encryption PCs, Macs, laptops, desktops, USBs, and
full disk, file folder, USB, and removable • Manage the encryption policy alongside all removable media
media encryption endpoint security policies with integration • Collect device-specific information, such
• Support and leverage flexible hardware and to a common management console, as device attributes, directory listing,
software-based encryption across mixed Trend Micro™ Control Manager™ unique device IDs based on device name,
environments • Gain visibility and control over encryption, MAC address, and central processing unit
monitoring, and protection of data (CPU) identifier
• Support self-encrypting TCG OPAL and
OPAL 2 SED drives from Seagate, SanDisk, • Automate policy enforcement with • Improve protection for remote devices
and Intel remediation of security events, without the with tools to remotely lock, reset, or “kill”
burden of encryption key management lost or stolen devices—even before a
• Simplify deployment and management with device boots using network-aware
support for unified extensible firmware • Tight integration with Trend Micro™ pre-boot authentication
interface (UEFI), multiple physical drives, Integrated Data Loss Prevention (iDLP)
and pre-boot screen customization delivers content-based encryption for data
• Enable automatic and transparent at rest and in motion
encryption without performance
degradation

Page 1 of 4 • DATASHEET • ENDPOINT ENCRYPTION

 KEY FEATURES

Advanced Reporting and Auditing Pre-Boot Authentication KEY BENEFITS

• Unify visibility and policy deployment • Gain flexible authentication, including active • Helps ensure privacy and
with other Trend Micro products through directory integration, fixed password, and compliance enforcement with
integration with Control Manager multi-factor authentication for government policy-based encryption

• Automate enforcement of regulatory and defense customers • Lowers TCO with simplified
deployment, configuration,
compliance with policy-based encryption • Ensure that lost or stolen devices can be and management
remotely wiped or locked before they can
• Receive detailed auditing and reporting by • Provides comprehensive data security
boot using network-aware (wi-fi and ethernet)
individual, organizational unit, and device for laptops, desktops, removable
• Assist compliance initiatives with an audit • Enable policy updates prior media, and mobile devices
to authentication • Helps ensure robust security through
trail for all administrative actions
• Trigger the lockout feature in response to certifications including the Federal
• Demonstrate compliance on demand with Information Processing Standard
incorrect authentication attempts
real-time auditing (FIPS) Publication 140-2 certification
• Configure actions on failed password • Maintains compliance and protects
attempt threshold your data without disrupting users with
Administrative Tools and
• Support multiple user and administrator remote management
Active Directory Integration
• Provide remote one-time passwords across accounts per device
all endpoint client applications
• Manage users and groups from multiple Support for a Consumerized
active directory domains in a single console, Environment
simplifying the existing IT infrastructure for • Provide and visibility for Microsoft
deployment and management BitLocker, this is especially useful for
employee-owned devices where corporate
• Gain access to the recovery console in
data needs to be protected
Microsoft Windows pre-boot
• Provide visibility and management of Apple
FileVault to enforce policies on Macs, and
protect them in the case of loss or theft

Page 2 of 4 • DATASHEET • ENDPOINT ENCRYPTION

 Endpoint Encryption is a critical component of our Trend Micro™ Smart Protection Suites.
Our suites deliver even more data protection capabilities like data loss prevention (DLP) and device
control, as well as our security-optimized threat protection capabilities like file reputation, machine
learning, behavioral analysis, exploit protection, application control, and intrusion prevention.
Having additional Trend Micro solutions extends your protection from advanced attacks with
endpoint investigation and detection. All of this modern threat security technology is made simple
for your organization with central visibility, management, and reporting.

NATIVE OPERATING SYSTEM (OS)

TREND MICRO ENDPOINT ENCRYPTION
ENCRYPTION MANAGEMENT
Microsoft BitLocker Apple FileVault Trend Micro Trend Micro
Support* Encryption Support* Full Disk Encryption File Encryption
Centralized policy and
• • • •
key management
FIPS 140-2 certification • • • •
Advanced encryption
standard (AES) AES128/AES256** AES128/AES256** AES 128 AND 256 AES 256
256-bit encryption
File and folder encryption •
Removable media
•
(USB/CD/DVD) encryption
Self-encrypting drive
•
management
Full disk encryption • • •
Network-aware pre-boot
•
authentication

* Management for Bitlocker and FileVault is included with Trend Micro Endpoint Encryption (requires separate agent).
** Dependent on the OS version and machine model.

Page 3 of 4 • DATASHEET • ENDPOINT ENCRYPTION

 MINIMUM REQUIREMENTS
Policy Server
• Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2022 (64-bit only)
• Physical or virtual server with 2.2 GHz Xeon Quad Core or above; 1 available vCPU
• 8 GB RAM
• 120 GB hard disk space
Full Disk and File Encryption
• Microsoft® Windows® 7, 8, 8.1, 10
• Windows Embedded POSReady 7
• Intel Core™ 2 Duo 2.0 GHz processor and above
• 1 GB RAM
• 30 GB hard disk, 20 percent free space
Note: Agent will not support new hardware models after May 2021
Note: Agent will not support Microsoft Windows 11
BitLocker
• Windows 7, 8, 8.1, 10
• Windows Embedded POSReady 7
• Intel Core 2 Duo 2.0 GHz processor and above
• 1 GB RAM
• TPM 1.2 or higher
• 30 GB hard disk with 20 percent free space
FileVault
• macOS 10.8, 10.9, 10.10, 10.11, 10.12, 10.13, 10.14
• Intel Core 2 Duo 2.0 GHz processor and above
• 2 GB RAM
• 8 GB hard disk, 400 MB free space
Note: Agent will not support macOS 12 and newer
©2022 by Trend Micro Incorporated. All rights reserved. Trend Micro, and
the Trend Micro t-ball logo, Apex One(TM), and Trend Micro Control Manager
are trademarks or registered trademarks of Trend Micro Incorporated. All
other company and/or product names may be trademarks or registered
trademarks of their owners. Information contained in this document is
subject to change without notice. [DS12_Endpoint_Encryption_220913US]

www.trendmicro.com

Page 4 of 4 • DATASHEET • ENDPOINT ENCRYPTION