Lenovo picks Cigent data protection for its PC fleet

Lenovo is using Cigent software to hide PC data in secure and invisible vaults to prevent data theft.

The PC maker’s ThinkShield Data Defense, based on Cigent software, has prevention-based defenses embedded directly into secured storage devices that use self-encrypting drives (SED). This, Lenovo says, is better than software-only alternatives and also policy-based data loss prevention (DLP). Multi-factor authentication (MFA) adds an extra layer of security.

Tom Ricoy, Cigent CRO, said: “Detection-based endpoint security solutions continue to be bypassed by adversaries. … Using secured storage built into Lenovo devices and file encryption with multi-factor authentication (MFA) for file access, Cigent and Lenovo are able to help mitigate even the most sophisticated attacks.”

Lenovo commercial laptops ship with SED storage devices that follow the TCG Opal 2.0 specification. SEDs, even though the name self-encrypting drive implies so, do not in and of themselves “self-encrypt”.  The encryption is kicked off by additional software; the Cigent software in this case, which is used to implement encryption (full drive or partial drive encryption) on the SEDs.

Any file protected by ThinkShield Data Defense that is attempted to be copied, opened, accessed, moved, deleted, etc. by malware or a malicious user with remote or direct physical access to the PC should be stopped by MFA. This requires that the user authenticates with their 2FA/MFA selected factor, such as PIN, or Yubikey, or Duo, etc. Malware and malicious users, lacking the selected factor, cannot authenticate as a trusted user and file access is denied.

The Cigent software can also create so-called Secure Vaults. Think of these as additional partitions/drives, like  D:\ or F:\ drive on your PC in addition to your C:\, where data can be stored. When the vault is locked, the drive itself makes that portion of the storage itself completely inaccessible to the Operating System.

The  data in the vault is completely inaccessible, and invisible to malware, we’re told. Lenovo insists that no tool known to man can see the data, even a hex reader, such as Win Hex, that looks at the sectors of the drive. This, it claims, prevents data theft from a Lenovo PC or laptop that uses ThinkShield Data Defense.

Find out more about the Cigent Data Defense Secure Vault here.