Announcing the availability of McAfee Management of Native Encryption (MNE) 4.0.0 for Apple FileVault and Microsoft BitLocker management via ePolicy Orchestrator (ePO).
Available now, McAfee announces the release of Management of Native Encryption (MNE) 4.0.0. This release contains several important new product enhancements and defect fixes. Details of the new enhancements in this release are listed in the section below.
MNE is the primary solution for Mac OS X and replaces McAfee “EEMac” that is EOL December 31, 2014, please refer to End of Life and End of Sale for Endpoint Encryption for Mac 7.0 KB79877
Servers are a high profile asset that are commonly targeted for breaching attacks. Leveraging MNE Server Support, Network Unlock enables the ability to automatically unlock data volumes on network servers based on predefined access control via McAfee ePO system tree groups.The data volumes on the target servers are protected by encryption keys which are held by McAfee ePO server and released to endpoints on request according to workflows that the Administrator can define.Audit reports via McAfee ePO will help the Administrator to review the state of volume access control within the server estate.
Additional BitLocker Policy Options via MNE policy
In this release MNE 4.0 exposes additional BitLocker policy options to simplify basic BitLocker policy configuration. These settings are included under advanced settings, and defaulted appropriately for customers who do not wish to concern themselves with them.
Deny write access to fixed drives not protected by BitLocker
Prevent memory overwrite on restart
Configure use of hardware-based encryption
Encrypt only used space (Enforce drive encryption type)
Reset platform validation data after BitLocker recovery
MNE Control Panel Applet
Credential management is the key to maintaining an effective security posture and usability within a managed estate. MNE 4.0 adds the ability for end users to change the BitLocker password or PIN using a dedicated MNE user-interface, accessed through the control panel, allowing the administrator to disable the BitLocker control panel through GPO settings on the domain server.Disabling the BitLocker control panel removes the ability for the end user to disable BitLocker protection, manage TPM and the saving or printing of the recovery password that may fall outside of a company's security best practices.
End User Postpone Activation
Sometimes it is not convenient for a product to be installed or updated in busy periods or perhaps during a customer meeting, and allowing the flexibility to defer this action can improve user experience during a deployment phase.This new feature provides the means to postpone activation until a predefined later timeframe when a reminder will be sent again so that the activation task can be completed.
Find System by Username (Including WebAPI)
Administrators are now able to locate systems based upon the username of a user who is logged against those systems. Note that on BitLocker, this will include all users who have previously logged into Windows, whereas on FileVault it's all users that have preboot login capability.This new feature is particularly useful in the scenario when the owner of a system calls in and reports their system lost or stolen or does not have the system details to hand.
Define and Report on Security Posture (Mac OS X)
Many organizations implement a companywide Endpoint security posture based on criteria around regulatory compliance. This can entail adherence to laws, regulations, guidelines and specifications relevant to its line of business.MNE 4.0 extends the Security Posture reporting to the Mac platform, enabling Security Officers to independently define the Company Security Posture, and then run reports on systems that meet or fall short of such criteria. Areas such as FileVault encryption status, FIPS compliance and encryption algorithms can form part of such reports.
Management of Native Encryption 4.0.0 (MNE 4.0.0) is available in the following languages:
ePO Extensions (MNEAdmin, DPSSP): English, Japanese, French, Spanish, German
Mac OS X Client: English, Japanese, French, Spanish, German, Korean, Chinese-Simplified, Chinese-Traditional
We announced new capabilities at FOCUS '15 this week: secure files to Cloud Storage Services and Removable Media Encryption on Mac. More docs to follow, but here is the info on the webcast where Naveen Chakrapani and I will discuss what the updated FRP 5.0 brings to our customers.
Customer Webcast – From PC to Cloud to Mobile - Protect Your Data Everywhere. The use of cloud applications to share, collaborate, and store data has grown drastically. Invite your customers to learn how employees can safely utilize cloud storage services such as Box, Dropbox, Google Drive, and Microsoft OneDrive. Intel Security can now provide encrypted file security for PCs, cloud, and mobile devices while preserving the end user experience.
Here is a quick rundown of activities related to the Complete Data Protection Suites at FOCUS 2015. Naveen, Stuart and myself will be there. If you are available on Monday afternoon, please attend the TGM and don't miss the Tuesday session, we'll have a product announcement. The key products covered are Drive Encryption (MDE), Management of Native Encryption (MNE), File & Removable Media Protection (FRP), and Endpoint Assistant App (MEA).
For those of you who will not be attending this year we are planning a webcast the week after Thanksgiving to catch everyone up on solution updates, Windows 10, etc.
Monday, October 26
Targeted Group Meeting: 1:00 - 5:00 PM <= Don't miss this TGM...includes Roadmap, Q&A
Sponsor Expo: 3:00 - 8:00 PM
Turbo Talk (Protecting Data Across Devices): 6:30 – 6:50 PM
Tuesday, October 27
Sponsor Expo: 11:30 - 3:00 PM
Turbo Talk (Protecting Data Across Devices): 12:30 – 12:50 PM
Session (Protect Your Data Anywhere): 3:30 - 4:20 PM <= Product announcement
Wednesday, October 28
Sponsor Expo: 11:30 - 3:00 PM
Turbo Talk (Protecting Data Across Devices): 12:30 – 12:50 PM
Just as a heads up for informational purposes, if you are upgrading ePO server from 4.6.x to 5.1.x with Drive Encryption 7.1.x in place, please ensure that you review KB84690 as in some cases User Attributes can get renamed during the upgrade.
Just a quick update on Drive Encryption document packages:
The DE 7.1.3 documentation package on the download site has been refreshed to add localized versions of the Release Notes and the Client Transfer document. Both were en-us only in the package posted at GA.
The Release Notes have been up-issued to Revision C - There are no material changes to the content compared to the Revision B published at GA.
Supported languages for both documents are: German, Spanish, French, Japanese, Russian, Chinese-Simplified, Chinese-Traditional (de-de, es-es, fr-fr, ja-jp, ko-kr, ru-ru, zh-cn, zn-tw)
Thanks very much and best regards
Stuart Bayliss Group Product Manager McAfee Drive Encryption (MDE)
File & Removable Media Protection (FRP) provides the capability to encrypt sensitive content on local drives and network shares based on either application (File encryption policy) and/or location (Folder encryption policy). This blog post focuses on the use case where you have sensitive content on network file shares that you want to protect and provide access to only a restricted set of users.
Some of the benefits/advantages that this solution offers are:
Centralized Management (ePO)
Best of breed management console that can manage all Endpoint Security products; if you have already have this set up, there is absolutely no additional overhead. Installation of FRP extension and installation to clients will take a just few minutes
No need for a separate Key Server/Manager
ePO also functions as a Key Server/Manager; encryption keys are generated and managed centrally on ePO
Use of Symmetric Keys
This results in primarily two benefits: minimal effort in handling key management & assignments and more importantly enables a transparent user experience with very minimal user intervention
No need to install any component on file shares
FRP clients (endpoint nodes) do the work of encryption/decryption etc.
The process of protecting sensitive content on file shares is relatively straightforward and consists of 3 steps:
Creation of FRP Encryption Key(s): To be used for protecting sensitive data
Creation of Policies: Grant Key Policy, Folder encryption Policy, Network Policy
Policy Assignment: of the above policies to system(s)/user(s)
EEFF/FRP v4.1 Patch 1 introduced the ability to securely share information via ISO container files with third parties (partners, customers etc.) who may not necessary have McAfee Encryption technology deployed. The sharing vector could be USB devices, CD/DVDs, ftp or even cloud storage services such as Dropbox, Google Drive etc.
The process is extremely simple and consists of just a few steps:
Configuring FRP to allow creation of secure ISO containers (one time step)
Selecting the files/folders that you want to package in the secure ISO container (this selection can be saved as a .emo project for re-use)
Specifying the password (authentication credentials) for access, and creating the container
It is also possible to load a previously saved .emo project and create a new ISO from a specific data set, for instance if that dataset has been amended.
The ISO container so created contains the offsite application MfeEERM.exe through which you can access the encrypted content even on a machine without any McAfee software installed. So you all have to do is to just the mount the ISO (which is extremely simple) and supply the right authentication credentials to access the encrypted content.
We are pleased to announce the general availability of McAfee’s Management of Native Encryption (MNE) v2.1 to help protect your data on Macs and Windows endpoints. MNE enables management of native encryption in Mac OS X, Apple FileVault, and the native encryption in Windows PC & Laptops, Microsoft BitLocker. With MNE, management of native encryption is enabled directly from the single console ePolicy Orchestrator (ePO), just like other McAfee software. The updated MNE v2.1 has several User Interface enhancements and Workflow updates to make deployment even easier than before!
To find out more about managing Apple FileVault and Microsoft BitLocker directly with ePO, please register for one of the customer webinars* below.
For EMEA Customers:
Best Practices for Apple FileVault and Microsoft BitLocker Management
January 14, 2015 7:00 – 8:00 AM Pacific Time, 3:00 – 4:00 PM London Time
Leading analyst firm Gartner has positioned Intel Security (McAfee) as a Leader in the 2014 Gartner Magic Quadrant for Mobile Data Protection (MQ MDP) for the seventh consecutive year and highest position for ability to execute.
Our Press Release is here and the Landing Page leading to the MQ MDP Report is located here.
Thanks to our customers for all the feedback and business which help made this achievement possible!
McAfee is pleased to announce the immediate availability of Management of Native Encryption (MNE) 2.0. MNE 2.0 allows management of the built-in encryption capability by ePO for Macs that use OS X FileVault for encryption and now adds support to Windows for systems using Microsoft BitLocker for encryption.
Products that MNE is available in now include:
• McAfee Complete Data Protection Suite (CDB)
• McAfee Complete Data Protection – Advanced Suite (CDA)
• McAfee Complete Endpoint Protection – Business Suite (CEB)
Also, since the above Suites are sold on a per node basis, each CDA / CDB / CEB license can provision a Windows PC with either Drive Encryption or MNE 2.0 for BitLocker or a Mac with MNE 2.0. The deployment per node mix is totally up to the customer.
For example; given 100 CDB licenses, a deployed mix could like this: Drive Encryption deployed to 70 Window PCs, MNE deployed to 20 Windows PCs to manage BitLocker, MNE deployed to 10 Apple Macs to manage FileVault, for a total of 100 nodes with CDB.
Webinar: Keep Your Data Safe with McAfee Complete Data Protection Suites
This webinar is intended to help customers understand their Data Protection solution from Intel Security (McAfee) and to get the most business value out of their implementation. Products that apply to this webinar include: • McAfee Complete Data Protection Suite • McAfee Complete Data Protection – Advanced Suite • McAfee Complete Endpoint Protection – Business Suite
The Complete Data Protection suites feature Intel Security’s core endpoint encryption products (Drive Encryption, File & Removable Media Protection, Management of Native Encryption) and ePO Deep Command to extend the reach of your IT department to lower your total cost of ownership. The Complete Endpoint Protection – Business suite also incorporates Intel Security’s core endpoint encryption products. The webinar will include a special highlight on Management of Native Encryption (MNE) 2.0 which extends management to Microsoft BitLocker as a second encryption option for customers in addition to the current enterprise-grade Drive Encryption solution. This webcast is provided as a 35-40 minute overview and includes 5 minutes of Q & A.
Join this webinar on Complete Data Protection and learn about: • The key features of McAfee Complete Data Protection suites and how it can provide you with the security you need • Use Cases for McAfee Management of Native Encryption (MNE) - current FileVault and now available support for Microsoft BitLocker via ePolicy Orchestrator • How you can extend the reach of your IT team with the ability to remotely wake up or even power on PC’s, remediate “disabled” endpoints and remotely reset pre-boot passwords • How to providing self-service features for your end-users, including the McAfee Endpoint Assistant App
Webinar: Keep Your Data Safe with McAfee Complete Data Protection Suites
Dan Larson, our Director of Technical Marketing here at McAfee, has developed a document to help communicate some of the best practices we recommend to customers when installing McAfee Drive Encryption (MDE). The document is for customers that want to make the installation of MDE and the encryption of the hard drive part of the PC build process.
How To Install McAfee Drive Encryption During the PC Build Process - Document
This document explains how to install McAfee Drive Encryption when building, imaging or re-imaging a PC.
Dan Larson, our Director of Technical Marketing here at McAfee, has developed a video to help communicate some of the best practices we recommend to new customers when installing McAfee Drive Encryption (MDE). The video demonstrates how to install and configure McAfee Drive Encryption and shows how McAfee Drive Encryption integrates with McAfee ePO. If you are new to the world of disk encryption, take a look at this video and see how easy it is to get up and running with McAfee’s Drive Encryption!
How to Install and Configure McAfee Drive Encryption - Video
This video demonstrates how to install and configure McAfee Drive Encryption.
The Verizon Enterprise Group recently released their 2014 DBIR, accessible here: http://www.verizonenterprise.com/DBIR/. DBIR is a good source of data and context of what's happening in cyber space and what level of attacks your infrastucture needs to withstand. Similar to last year, encryption is one of the "Critical Security Controls." There is a good quote on the need for encryption that I commented on here as well as other observations related to encryption.
Sr. Product Marketing Manager, Intel Security Group
If you happen to be in Houston, Texas, May 12-15 for Microsoft's TechEd event, please stop by Booth 709. McAfee will join Intel — a TechEd Gold Sponsor — at Booth 709 in the George R Brown Convention Center. Both Intel and McAfee will highlight the latest in performance, security, and manageability for clients as well as key aspects of cloud innovation and unlocking the potential of big data for servers.
Microsoft TechEd North America
TechEd North America is the premier Microsoft technology conference for IT professionals and enterprise developers.
Do you have a business requirement where data needs to be shared securely between protected sites managed by different ePO servers? Do you also want to ensure that this data isa ccessible only within a controlled environment? This use case can be easily accomplished with McAfee Removable Media Encryption functionality, and this simple process is outlined below :
(Site 1) The end user responsible to send the data to the protected site is assigned the encryption key & policy by the Administrator
(Site 1) The user copies data to the device. All files copied to the device are transparently encrypted with the configured encryption key. The device can be of any make/model.There are no restictions in terms of either size of the files or the device. If "Ignore existing content" sub-option is selected, existing files/folders on the device will be left untouched.
Encryption key details are shared between the two protected sites (ONE TIME PROCESS)
(Site 2) Recipient is assigned the encryption key with which files copied to the USB device were encrypted. Recipient can transparently read any file(s) off the encrypted USB device
This “file based”encryption approach ensures that encrypted USB devices can only read on systems with EEFF/FRP client software installed (with the encryption key available).Any attempts to read the encrypted files in an unapproved/unauthorized environment will be unsuccessful. So even if the USB device is lost or gets lost in transit, attacker will be unable to read the contents on the device.
Following my previous announcement regarding support for upgrades from EEPC 6.1.x or 6.2.x, I would like to share with you some new information.
During the continuous quality verification cycle of McAfee Drive Encryption (DE), McAfee has become aware of a sporadic issue that can cause Preboot File System (PBFS) corruption during an upgrade from Endpoint Encryption for PC (EEPC) 6.1.x or 6.2.x to DE 7.1.
While the issue is believed to be rare and is recoverable, McAfee wishes to avoid potential inconvenience to its customers.
When this issue happens, the affected systems may in theory exhibit corruption in any of the files necessary for the good working condition of the PBFS.
This corruption condition is most likely to occur in systems that have slow disk access and can be corrected by executing an Emergency boot.
Please refer to KB81522 for further details about the upgrade issue.
This condition does not affect upgrades from EEPC 7.0.x. Customers wishing to upgrade to MDE 7.1 can minimize the impact of the rollout by performing an upgrade from EEPC 6.1.x or 6.2.x to EEPC 7.0.x and afterwards from EEPC 7.0.x to DE 7.1.
McAfee is working at priority to provide a solution and aims to release a single issue hot fix in the near future. This posting will be updated as soon as we have a more concrete timeline.
New customers can attend this webcast to learn more about the latest endpoint encryption features in McAfee’s Complete Data Protection Suites. This webcast is provided as a 40 minute overview and will focus on the newly released Management of Native Encryption v1.0, updates to Drive Encryption and the Endpoint Assistant App.
Join this webcast on Data Protection and learn about:
• McAfee Complete Data Protection Suites - Overview
• Management of Native Encryption v1.0 – What is it? What are the Benefits for managing my Apple Endpoints?
• Drive Encryption – What’s enhancements and new features will be available?
McAfee Complete Data Protection Suites: Overview for New Customers in EMEA
Wednesday, 5 March , 2014, 9:00 – 10:00 AM Eastern US
The LOCK on the front door of your house is typically what prevents a casual thief from breaking your house.
Many security practitioners believe that "STRONG PASSWORDS" for their Windows and Macs are sufficient. This may protect you from a casual thief that is more interested in selling the stolen laptop and make a quick buck. But, you may not realize that you are going into a gun fight with a knife even if you use strong passwords. Let us look at the landscape to understand the new tools available for attackers.
Affordable Anyone that can afford $15 can misuse powerful recovery tools (for example, Kon-Boot and several other boot-kits) to circumvent OS password authentication in seconds. How would you feel if a thief can brazenly walk into your house without even having to use a key for the front door?
Brutally Simple To Use
These tools have been simplified to a point where they are unusually simpleto use and anyone with a pulse can be trained to use it. How would you feel if a novice thief could walk into your house without having to deal with the lock?
No Fingerprints These tools generally do not leave behind any obvious digital fingerprints. So,it is possible to steal data without you even knowing about it for a very longtime. How would you feel if a thief walks into your house at will when you are at work and you don’t even know about it since there are no signs or traces?
Extremely Quick These tools provide the attacker access to your files in a matter of seconds. How would you feel if a thief can break into your house with no effort?
Implications for Security
Attackers that are after your data no longer have to steal your laptop/desktops. They just need access to it the for a few minutes to take what they want and will leave no traces behind.
With persistent bootkits, attackers can plant quickly malware on your computers enabling APT type attacks. They do not have to resort to complex attacks via the network or social engineering to attempt this insertion.
When your CEO leaves his/her laptop in a hotel room to go to the gym, the cleaning crew could be coerced to extract all the files and possibly plant an APT malware. You may believe your desktops are secure because they live inside locked offices. But, cleaning and maintenance crews can be coerced to misuse these tools. They could be copying data onto a USB drive while the carpets are being cleaned. In summary, strong passwords will not even slow downthese attackers.
Is there a Solution?
The simplest solution appears to be to lock down the BIOS and ensure the system can only boot from the regular drive. However, this can quickly become unmanageable because of the need to share these static BIOS passwords for operational purposes. The simplest solution known to block these attacks today appears to be the product category of Drive Encryption.
Products like McAfee Drive Encryption (aka EEPC) have been used by businesses for years to prevent data loss resulting from lost or stolen laptops/desktops.Now, their value is extended further to prevent these new ageattacks where attackers misuse these extremely simple, but powerful tools to silently bypass password authentication for operating systems.
To access the free trial downloads for the Complete Data Protection suites, please visit either the CDA or CDB suite home page and click on “Download Free Trial” at the top of the page. The Free Trial Period is 90 days.
To help quantify the performance impact on today’s laptops using 4th generation Intel processors (e.g. Haswell), we worked with Intel’s performance group and have just published a Solution Brief on the subject. Understandably, end users prefer that technology solutions do not harm productivity and from what we have seen utilizing an industry benchmark called SYSmark2012, the performance impact to an end user is negligible. Also, the boot-up times and added times when closing the laptop lids (to enter standby) aren’t too shabby either!
Extend your ePO managed drive encryption to systems with unmanaged, non-domain users. In addition to users managed in Active Directory, Drive Encryption can now also leverage these ePO-managed users for pre-boot authentication. Customers that are still on legacy Drive Encryption (EEPC v5.x) because of the need to manage standalone users can seamlessly migrate standalone user information into the new ePO User Directory. Customers can also migrate all encrypted endpoints to ePO management with zero end user impact.
2. Making Security Operate Behind the Scenes
Deliver a native Windows user experience for your end users on modern hardware that supports Trusted Platform Module (TPM) 2.0 or higher. McAfee now supports a new TPM secured pre-boot Authentication mode called TPM Auto Boot where the encryption key is securely derived on the fly from the TPM during a measured boot process. McAfee Drive Encryption silently operates behind the scenes and automatically comes to the foreground and locks the device when anomalous activity is detected.
3. Harden your Modern Windows Systems from Cold Boot Attacks On modern Windows platforms capable of support the new Connected Standby mode, the user is provided with an Instant On (iPad like experience). These systems are always in standby power state requiring the encryption key to be always in RAM making them susceptible to memory scrubbing, cold boot attacks that can scrub the encryption key from RAM. When the device enters the connected standby state, McAfee will erase the encryption key from RAM and move it to a secure area on Intel hardware hardening the system from cold boot and memory scrubbing attacks.
Drive Down Help Desk Operational Costs due to Password Resets
Our customers tell us that the majority of help desk costs for drive encryption are typically related to end user password resets. Leverage the new McAfee Endpoint Assistant companion app for iOS and Android to completely offload the pre-boot password reset related help desk costs to end users. Enable end users to securely reset pre-boot passwords even when on a plane with no access to a telephone to call help desk.
Large Number of Users in Pre-boot Environment The McAfee pre-boot environment has now been improved to support up to 5,000 users without perceptible performance degradation during pre-boot authentication. The previous limit was a maximum of 250 users in pre-boot. You can now safely provision all users to shared desktops enabling any user to use any system.
Support for Windows 8.1
Extend ePO managed McAfee DriveEncryption to endpoints running Windows 8.1. Seamlessly upgrade your Windows 7and 8 systems encrypted with McAfee Drive Encryption to Windows 8.1 without having to decrypt and re-encrypt the drives. On new systems that support TPM 2.0, leverage the newly introduced TPM secured auto boot mode. Leverage McAfee Drive Encryption to secure your brand new systems capable of Connected Standby to ensure they are not susceptible to cold boot attacks.
A note on OS X Support:
Drive Encryption v7.1 is a Windows only release, unlike Endpoint Encryption v7.0 which was both Windows and Mac OS X. Customers who require support for encryption on OS X should use the recently launched Management of Native Encryption (MNE) v1.0 offering for the management of FileVault. If you are already an encryption customer then you are automatically entitled to use Management of Native Encryption (MNE) v1.0.
Attend this webcast to learn more about the latest endpoint encryption features in McAfee’s Complete Data Protection Suites. This webcast is provided as a 30 minute overview and will focus on the newly released Management of Native Encryption v1.0 and updates to Drive Encryption targeted for availability in December 2013. Join this webcast on Data Protection and learn about:
• McAfee Complete Data Protection Suites - Overview
• Management of Native Encryption v1.0 – What is it? What are the Benefits for managing my Apple Endpoints? • Drive Encryption – What’s enhancements and new features will be available?
About the Presenters Pat Correia is responsible for Endpoint Encryption Product Marketing at McAfee. Previous to McAfee, Pat held various technical and product marketing positions at Intel for 15 years, driving many key projects in Pentium chipset, Pentium and Xeon processors, industry platform initiatives including PCI Express and Ultra Mobile PC, and corporate brand campaigns for Core 2 Duo based multi-core platforms and software.
Mohan Atreya is the Senior Director for Product Management of McAfee¹s Endpoint Security products. Mohan’s primary responsibility is the strategic roadmap and product development of the endpoint encryption solutions in McAfee’s data protection portfolio. Prior to McAfee, Mohan was employed at Cisco and RSA/EMC, focusing on network and data security.
• Are you challenged by regular system maintenance activities like patching and virus scanning impacting your user productivity? • Do you have challenges supporting remote users in a cost-effective manner on issues like system failures and password resets? • Do you feel remote access to encrypted systems are near impossible because of pre-boot authentication?
Join this webinar on Wednesday, October 16, 2013 to learn how you can Extend the Reach of your IT department with McAfee ePO Deep Command:
• Understand how you can improve efficiency of security operations by providing the ability to wake up PC’s with McAfee encryption software and securely authenticate pre-boot “without” user intervention • Find out how you can increase user productivity with faster pre-boot password resets and remote repair of encrypted PC’s • See how you can extend the reach of your IT team with the ability to remotely remediate “disabled” endpoints with full access to the PC’s keyboard, video and mouse • Discover how you can leverage existing security investments in Intel® vPro™ with deployment and management from McAfee ePolicy Orchestrator
Hardware Enhanced Security Management with McAfee ePO Deep Command*
* BrightTALK Registration required, it’s free though! About the Presenter
Deepak Kolingivadi is a Product Manager in the Management Business Unit at McAfee and responsible for formulating the strategy for products like McAfee ePO Deep Command and McAfee Risk Advisor. Deepak has 15 years of industry experience, of which 11 years have been in the field of Digital Security. Deepak is experienced in developing product strategy and roadmap for security products as well as conceptualizing and engineering them.
With help from our customers: Leading analyst firm Gartner has positioned McAfee as a Leader in the Gartner Magic Quadrant for Mobile Data Protection for 6 consecutive years and receives highest position for ability to execute and completeness of vision.