Skip to main content
Matrix42 Self-Service Help Center

EgoSecure FDE vs. Microsoft BitLocker

ID: 18050401
Languages: EN, DE
Components: EgoSecure FDE, Microsoft BitLocker
Operating system: Windows
This article provides a side-by-side comparison of EgoSecure Full Disk Encryption (FDE) solution with Microsoft BitLocker .

EgoSecure FDE

Microsoft BitLocker

Requires a separate EgoSecure Full Disk Encryption administrator password to disable EgoSecure Full Disk Encryption or to change settings. => Nobody, even a local or a domain administrator, can make changes to the EgoSecure Full Disk Encryption configuration.

The local administrator can disable BitLocker or make changes to its configuration.

Supports different encryption algorithms (AES, TDES, DES, Blowfish and XOR).

Supports only one encryption algorithm (AES).

Supports up to 2000 users and is thus multi-user capable.

Does not support multiple users; it supports only one PIN (TPM) per computer.

Uses pre-boot system based on hardened Linux (PBA) or the EgoSecure-own boot technology via the EgoSecure credentials manager (Simple PBA).

Uses pre-boot system based on Windows inheriting the same potential vulnerabilities as the host system.

Supports secure authentication on computers that have no TPM chip; available authentication mechanisms include Windows username/password and smart cards.

Usually requires TPM to securely store an encryption key.

Supports different emergency recovery mechanisms including offline challenge–response, encrypted recovery key on USB stick or CD or a WinPE-based recovery CD and USB. User credentials can be changed or reset remotely.

There is no offline challenge–response. Recovery information is often stored in clear text on a USB stick, in network shares or in Active Directory. TPM PIN cannot be reset or changed remotely.

User credentials can be changed or reset remotely.

TPM PIN cannot be reset or changed remotely.

Stores password protected recovery files locally and/or in the database.

Recovery password or file are stored unprotected.

Role-based and central administration via the EgoSecure Management Console.

AD admins can manage BitLocker.

Supports single sign-on to Windows.

After authenticating to the TPM at pre-boot, users have to additionally authenticate to Windows. Thus, it does not offer single sign-on.

Supports both local management and also management through the EgoSecure Management console. EgoSecure Management tools are provided free of charge with any FDE license.

BitLocker can be managed locally. To manage BitLocker remotely, Microsoft BitLocker Administration and Monitoring (MBAM) is required. It is a separate tool which requires Microsoft Software Assurance subscription.

Supports Friendly Network, which simplifies the process of booting if the network is known and protects computer if it is connected to an unknown network.

Doesn't support Friendly Network.

  • Was this article helpful?