Skip to content

Endpoint Encryption

Data Encryption and Device Management for Endpoints

Trend Micro Endpoint Encryption

Ensure data privacy by encrypting data stored on your endpoints—especially devices like laptops, DVDs, and USB drives, which can easily be lost or stolen.  Trend Micro Endpoint Encryption provides the endpoint data security you need with full disk encryption, folder and file encryption, and removable media encryption. 

  • Protect data at rest with full disk encryption software
  • Automate management with self-encrypting hard drives
  • Secure specific files and shared folders
  • Encrypt private data stored on removable media
  • Set granular policies for device control and data management
Free Trial  Read datasheet

When unprotected data is stored on mobile computing devices, organizations risk losing intellectual property, credit card information, and private employee and customer data.

Trend Micro™ Endpoint Encryption helps you prevent this data loss along with the compliance violations, reputation damage, and revenue loss. This comprehensive, easy-to use data encryption solution secures data at rest on your PCs, laptops, notebooks, CDs, DVDs, and USB flash drives. As a centrally managed, policy-driven solution, it helps you meet today’s stringent regulatory compliance mandates for data protection—with less effort.

Centralized Policy Management Server
A single console makes it easy to manage encryption keys and synchronize policy across all encryption components. It also provides the deployment and auditing tools to ensure regulatory compliance. Central policy enforces secure authentication across all devices including many second factor authentication options. Other data management features include real-time auditing, user-based self-help options, and remote device control.

Full Disk Encryption
In the event your device is lost or stolen, ensure your data is unreadable with full disk encryption. Choose either our software- or hardware-based solution. Software-based full disk encryption uses FIPS-140 certified encryption with a secure pre-boot authentication to protect devices without a high startup cost. When automation and greater ease-of-use are a priority, our hardware-based full disk encryption manages and deploys industry standard self-encrypting drives using the OPAL standard.

Folder and File Encryption
This gives users the power to secure specific data through an easy-to-use client software application. Users with a user key, group key, static one-time password, or smartcard certificate can encrypt select files, folders, or external media by using a drag and drop, single-click capability. Files can be encrypted with a self-extracting executable if they are going to be shared outside the organization. The encryption keys and policies of this option are managed by the centralized management console.

Removable Media Encryption
This allows an administrator to enforce policy and protect data that is copied to removable media such as USB drives, CDs and DVDs. From the centralized policy console, encryption can be enforced or made optional for users writing to these devices.

Granular Device Control and Data Management
With powerful IT controls, administrators can restrict or deny access to external devices that may be connected to a user’s PC. For example, users may be allowed to access USB drives, but only as read-only. Or exceptions could be created that allow users to save data on specific USB drives, like Trend Micro Secure USBs, described below.

Trend Micro™ Secure USBs
These hardened, military-grade, USB drives keep your stored data safe with hardware-based encryption. To minimize IT administration, these small storage devices are managed with the same policies, key management, and authentication as the centralized policy console.


Audit-ready user and device management
It’s one thing to ensure you’re following compliance mandates by encrypting devices, but in the event you lose a device, you may be required to prove the device was encrypted. Trend Micro Endpoint Encryption’s advanced management console can provide real-time status reports, including the last time a particular device was connected to your network. And with devices that have network-aware pre-boot options, you can have them “check in” to the management console before they boot up. This allows administrators to reset or “kill” a lost or stolen device before it re-boots. The administrative console has capabilities to recover lost data, update policies, and deploy new devices with ease.

Data encryption and authentication to fit your needs
Trend Micro Endpoint Encryption is available in a variety of platform options. Full disk encryption is available using industry standard, OPAL compliant self-encrypting drives or using software-based encryption. USB encryption is available as software-based encryption or as a secure hardware-based self-encrypting USB drive. Whatever the method, all devices are secured with a robust AES256 encryption algorithm. There are many options for user authentication, from simple username and password to more complex multi-factor authentication, such as RSA SecureID tokens.

Data encryption certifications to ensure compliance
Industry mandates and legislation have been becoming more prescriptive in describing how devices should be encrypted. Many are calling for detailed product certifications. Trend Micro has ensured that it’s encryption products are covered by the most stringent and up-to-date standards to ensure that customers will have a compliant solution. Trend Micro Endpoint Encryption products comply to standards such as FIPS-140-2/3, Common Criteria, and NSTISSP to name a few.

Lower cost of endpoint encryption
Trend Micro Endpoint Encryption solutions allow you to reduce your cost of ownership through integration with other Trend Micro management tools and innovative deployment capabilities that let you easily deploy without disrupting users. Once deployed, the automated reporting, auditing and policy updating means that administering encrypted devices is easy. An optional end-user self-service portal for password administration further reduces IT management.


Client Devices

  • Microsoft® Windows® 7
  • Microsoft Windows Vista
  • Microsoft Windows XP
  • Microsoft Windows Mobile 6
  • 32 and 64-bit
  • Microsoft® .NET Framework 2.0 SP1 or higher installed

Management Server Console

  • Microsoft® Windows Server® 2003
  • Microsoft Windows Server 2008
  • Microsoft® SQL Server® 2008
  • Microsoft SQL Server 2005
  • 32 and 64-bit Standard or Enterprise

Management Server Hardware Requirements

  • Pentium III class or above
  • 256 MB memory
  • 4 GB (IDE and SATA) drives
  • Video card with XVESA compliance 


Connect with us on