SanDisk Cruzer Enterprise Latest Product News Articles

Cruzer Enterprise Potential Vulnerability, December 2009

Tue, 16 Feb 2010 15:51:11 +0000

SanDisk has recently identified a potential vulnerability in the access control mechanism of its Cruzer Enterprise flash drives series and has provided an update to address the issue.

As a result, SanDisk has made software updates available to all existing Cruzer Enterprise devices. In addition, all Cruzer Enterprise USB flash drives being shipped to customers as of today contain the product update.
Important Note: This issue is only applicable to the application running on the host and does not apply to the device hardware or firmware.

Devices to which this change applies:
Cruzer Enterprise, CZ22 - 1GB, 2GB, 4GB, 8GB
Cruzer Enterprise FIPS Edition, CZ32 - 1GB, 2GB, 4GB, 8GB
Cruzer Enterprise with McAfee, CZ38 - 1GB, 2GB, 4GB, 8GB
Cruzer Enterprise FIPS Edition with McAfee, CZ46 - 1GB, 2GB, 4GB, 8GB
Up to versions 2.0.5.33 or 2.5.6.292. Newer versions are already updated.

Recommendations:
To implement this change, SanDisk recommends that users run a dedicated tool to identify their device version and direct them to the corresponding update version. This procedure is designed to be performed locally by users to streamline the updating process.

Therefore, SanDisk recommends that users:
Fill in the online form here: http://www.sandisk-enterprise.com/update2/. This will direct users to a downloading site.
Download the updater selector application and the Quick Reference Guide with installation instructions.
Change the Cruzer Enterprise USB flash drive password Support:
The SanDisk support team is ready to answer any questions you may have and is available at support@sandisk.com

Cruzer Enterprise Potential Vulnerability

Tue, 16 Feb 2010 15:40:31 +0000

SanDisk has recently identified a potential vulnerability in the access control mechanism and has provided a product update to address the issue. SanDisk customers were proactively notified and have been given the support required for updating their Cruzer Enterprise drives.

In the past few days several news sites have reported on this incident. Most coverage addressed the issue at hand and referred to the SanDisk web site for the resolution. Some reporters and bloggers even approached SanDisk for a response.

However, some of the coverage was simply wrong and has caused confusion in the market.

To reassure SanDisk customers that their existing and future Cruzer Enterprise devices are safe and secure, the following inaccurate claims need to be addressed:

1. "There is an architecture flaw in the Cruzer Enterprise security design which generates a static unlock code"
There is no architecture flaw in the Cruzer Enterprise security design. As mentioned in previous communications, there was an error in one of the host application algorithms used to generate a random key that is then verified against a derivation of the user password stored in hardware.
A fix for this has been made available to customers, and new drives incorporate the updated application.

2. "The Cruzer Enterprise relies on a host-side software for verifying the correctness of the users password" Key verification for unlocking the device is done in hardware and not by a software application on the host. The Cruzer Enterprise secure USB drive uses unique random AES encryption keys that are generated on the device during device initialization. These encryption keys are stored in hardware and cannot be extracted from the device.

3. "The Cruzer Enterprise has no measures against Brute Force attacks"
The Cruzer Enterprise secure USB drive is designed to prevent brute-force attacks ("password replay attacks") by storing the brute-force counter in the hardware cryptographic chip. Preserving customer security and product reliability continues to be a top priority at SanDisk and SanDisk will continue to work diligently with customers to perform the product update in a timely manner.
SanDisk now offers its central management and control system (CMC) free-of-charge for a period of three months to support the updating process in large organizations (for more information please contact ent.support@sandisk.com) SanDisk is a vertically integrated designer and manufacturer of flash products and has a long standing security practice. This ensures that its security products utilize best-of-breed technologies and hardware as we are not a mere integrator of third-party components.
With offices and manufacturing facilities around the world, SanDisk customers have access to a global distribution and support infrastructure and can be reassured that they are working with the global leader in flash memory cards.

SanDisk Cruzer Enterprise Product Update Announcement

Fri, 07 Aug 2009 00:58:45 +0100

As we continue to improve our operational execution, we are focusing on streamlining our product offering and go to market strategy. As a result, we will consolidate the Enterprise product line and offer two superior hardware platforms.

1. What does this mean?
This will enable us to address the market with a strong, cutting edge line of products, while reducing confusion and complexity of Non FIPS Products lines.

2. Which products will be available for sale?
Starting April 1st, all of our secure USB encrypted drives will be FIPS certified, as we recognise the need to offer our customers the most secure solutions on the market. We will offer the drives in 2 varieties, with or without malware protection.

The table below describes our updated secure USB drive offerings.

Cruzer Enterprise FIPS Capacity
SDCZ32-001G-A75 1GB
SDCZ32-002G-A75 2GB
SDCZ32-004G-A75 4GB
SDCZ32-008G-A75 8GB
Cruzer Enterprise FIPS W/Anti Malware
SDCZ46-001G-A75 1GB
SDCZ46-002G-A75 2GB
SDCZ46-004G-A75 4GB
SDCZ46-008G-A75 8GB

3. Will the old products still be supported?
Cruzer Enterprise will continue to be supported through the end of the 2-year warranty applicable to our USB drives.

4. Which products will be discontinued?
The following SKUs will be removed from the Cruzer Enterprise Product line:

These products will enter end of life process.
SKU Description
SDCZ22-001G-A75 Cruzer Enterprise 1GB
SDCZ22-002G-A75 Cruzer Enterprise 2GB
SDCZ22-004G-A75 Cruzer Enterprise 4GB
SDCZ22-008G-A75 Cruzer Enterprise 8GB
SDCZ38-001G-A75 Cruzer Enterprise 1GB With Malware protection
SDCZ38-002G-A75 Cruzer Enterprise 2GB With Malware protection
SDCZ38-004G-A75 Cruzer Enterprise 4GB With Malware protection
SDCZ38-008G-A75 Cruzer Enterprise 8GB With Malware protection

5. What about CMC?
The above changes have no affect on CMC, our leading management console for secure USB drives. This product will continue to be offered, developed and supported as before. However, we will be imposing a minimum order quantity of 20 licenses for CMC.

6. If you have customers wanting to buy the CZ22 SKU, What should I offer them now?

The below conversion table shows the migration path to be offered
Previous SKU        Replaced by
SDCZ22-001G-A75    SDCZ32-001G-A75
SDCZ22-002G-A75    SDCZ32-002G-A75
SDCZ22-004G-A75    SDCZ32-004G-A75
SDCZ22-008G-A75    SDCZ32-008G-A75
SDCZ38-001G-A75    SDCZ46-001G-A75
SDCZ38-002G-A75    SDCZ46-002G-A75
SDCZ38-004G-A75    SDCZ46-004G-A75
SDCZ38-008G-A75    SDCZ46-008G-A75

For further information please contact the Cruzer Enterprise Division on +44 1189 323 499

SANDISK ANNOUNCES UPDATED ENTERPRISE SOLUTION OF SECURE USB FLASH DRIVES AND MANAGEMENT SOFTWARE

Thu, 06 Aug 2009 19:39:12 +0100

Central Management and Control (CMC) Software Version 3.0 Increases Security and Enables More Flexible Data Management of SanDisks Cruzer Enterprise Product Line.

All Cruzer Enterprise Secure Flash Drives are now FIPS Certified.

Milpitas, Calif., April 27, 2009 - SanDisk Corporation (NASDAQ:SNDK) today announced that all Cruzer Enterprise models currently shipping are FIPS certified, offering corporate and government IT departments a valuable tool in managing their secure hardware ecosystem. In addition, SanDisk has released Central Management and Control (CMC) software version 3.0, equipping IT professionals with more tools for distributing, protecting and recovering critical data.

Streamlined hardware family offers industry-leading security.
SanDisks Cruzer Enterprise secure USB flash drives now come in two forms: standard Cruzer Enterprise and Cruzer Enterprise with McAfee Malware Protection.

Both Cruzer Enterprise products feature FIPS (Federal Information Processing Standard) 140-2 Level 2 certification for encryption, a standard set by the National Institute of Standards and Technology (NIST). FIPS certification confirms that a drive has met NIST standards for design of the cryptographic module, for the strength of encryption algorithms and resistance to physical intrusion. The encrypted flash drive imposes mandatory access control on all files, which are stored in a secure partition that implements 256-bit hardware-based AES USB encryption

In addition to FIPS protection, Cruzer Enterprise products with McAfee security software help defend users from infection with an automatic anti-malware scan that prohibits file transfers to the secure USB drive when it detects infection on a host PC.

New software version enables flexible management of secure storage drives.
Utilizing the unique hardware and embedded software capabilities of Cruzer Enterprise secure USB flash drives, CMC software has been used by government agencies, healthcare organizations and enterprises for years. The CMC device agent resides on a company-issued Cruzer Enterprise drive, giving corporate IT departments a powerful tool for lifecycle management of the device - including deployment throughout the organization, password recovery and renewal through the network, central back-up and restore, central usage tracking and remote termination of lost drives.

"Protecting critical data is a major priority for corporate IT professionals, and SanDisk Enterprise offers a two-pronged approach to meet that need," said Roy Ramati, vice president, enterprise division, SanDisk. "Cruzer Enterprise encrypted flash drives provide secure and reliable high-capacity storage, while CMC 3.0 software offers advanced enterprise data management for those drives. This combination ensures that even if a drive is lost or stolen, the companys sensitive information will remain secure and recoverable.

CMC version 3.0 offers new tools for IT professionals, including:
Application and content distribution: CMC 3.0 allows central distribution of virtualized productivity applications to Cruzer Enterprise secure flash drives through the network. New applications appearing in the Cruzer Enterprise launchpad are easily accessed through an icon in the system tray, enabling users to introduce new applications rapidly without having to initiate an installation process or bring their drives to the IT department. CMC 3.0 also allows central distribution of content files to relevant users or groups in the organization, ensuring they get easy and immediate access to important, up-to-date documents.

Enhanced password policy control: Passwords can now be set to expire after a period of time determined by the IT department. This increases USB security by reducing the risk of unauthorized users gaining access to longstanding passwords. CMC 3.0 also offers the option of synchronizing with Active Directory password policies.

Expanded reports: IT administrators can create pre-defined reports on user activity, and access a wizard for creating dynamic reports on demand. This gives the IT department new tools for uncovering violations of the organizations data security policies and for providing confirmation of regulatory compliance through an enhanced audit trail.

Streamlined deployment and user provisioning: Cruzer Enterprise drives can now be remotely configured from any corporate PC without pre-installation of a software agent. This enhances overall user productivity and shrinks the time and effort required to add new drives, especially in large organizations with multiple locations and many remote workers.

Existing CMC customers can enrol in an upgrade program to the new version through SanDisk authorized partners.

SanDisk is a leader in providing innovative, secure USB flash drives and management solutions for the mobile workforce in enterprises and government agencies. SanDisks enterprise solutions allow IT managers to extend the enterprise security perimeter to mobile storage and boost employees productivity.

About SanDisk: SanDisk Corporation, the inventor and worlds largest supplier of flash storage cards, is a global leader in flash memory - from research, manufacturing and product design to consumer branding and retail distribution. SanDisks product portfolio includes flash memory cards for mobile phones, digital cameras and camcorders; digital audio/video players; USB flash drives for consumers and the enterprise; embedded memory for mobile devices; and solid state drives for computers.

SANDISK OFFERS McAFEE ANTI-MALWARE TECHNOLOGY IN SECURE USB FLASH DRIVES

Fri, 16 Jan 2009 17:12:24 +0000

Always On safeguard blocks malware even outside of the firewall, Automatic scan prohibits file transfers to secure USB drives from infected PCs.

LAS VEGAS, NEVADA, Oct. 21, 2008 -SanDisk Corporation (NASDAQ: SNDK) and McAfee, Inc. (NYSE: MFE) today announced SanDisk Cruzer Enterprise with anti-malware protection from McAfee. In addition to protecting corporate USB flash drive users from data leaks, the solution includes the McAfee Scan Engine, which offers advanced heuristic analysis for comprehensive detection of both known and unknown threats. Expected to be available before years end, this Always On safeguard blocks malware from entering the secure USB flash drive even when the device is used outside of the firewall.

Information about SanDisk Cruzer Enterprise is available at SanDisks booth (#107) at Focus 08, a security conference sponsored by McAfee that is underway this week at the MGM Grand in Las Vegas through Thursday.

"SanDisk Cruzer Enterprise is an ideal solution for the mobile workforce and for IT departments concerned with data security, because it allows employees to have access to data everywhere and yet be fully protected," said Roy Ramati, vice president and general manager, Enterprise Division at SanDisk. "Adding McAfees technology to our security solutions for the enterprise enables our customers to extend their security perimeter to mobile storage."

Cruzer Enterprise with McAfee security protects users from infection with an automatic anti-malware scan that prohibits file transfers to the secure USB drive when it detects infection on a host PC. Malware, short for malicious software, is a program that is intended to disrupt a computer system by introducing a harmful code such as a virus, worm or Trojan horse. The addition of McAfee Scan Engine and virus definition files (DATs) prevents malware from attaching itself to the portable drive and in turn, infecting the internal enterprise host. The scan engine examines every file saved or copied to the USB flash drive.

"With todays increasingly mobile work force and the speedy proliferation of new threats, its just as vital for organizations to protect their portable devices from malware as it is to secure their perimeter" said Christopher Bolin, executive vice president and chief technology officer, McAfee. "The McAfee Scan Engine has been battle-tested over many years and is the foundation of McAfees anti-malware solutions. SanDisk Enterprise Cruzer customers can rest assured that they have reliable and accurate detection from malicious code."

Cruzer Enterprise safeguards all files stored on the drive with advanced hardware-based 256-bit AES encryption. Users are required to create a complex password during the set-up process. The combination of encryption and password protection makes it extremely difficult for unauthorized users to access data should the drive be lost or stolen.

SanDisk CMC server software provides lifecycle management for Cruzer Enterprise drives, including password recovery and renewal through the network, remote termination of lost drives, central back-up and restore, and central usage tracking. This means data is not lost when a drive is lost, and IT administrators can provision a replacement flash drive with user files stored on the network.

SanDisk, a global leader in USB flash drives, is driving the convergence of flash drive security, authentication and virtualization through its Enterprise Division to create a comprehensive solution for mobile professionals in enterprises and government agencies.