CipherTrust Transparent Encryption Ransomware Protection

Effective ransomware defense requires a multifaceted approach

Reliance on baseline security practices using next generation firewalls, secure email/web gateways and focusing on closing vulnerability gaps alone have not been sufficient to prevent ransomware attacks.

Stop ransomware in its tracks

CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP) continuously monitors processes for abnormal I/O activity and alerts or blocks malicious activity before ransomware can take complete hold of your endpoints and servers.

Using CTE-RWP as part of your ransomware defense strategy to protect critical data strengthens your overall security posture and avoids disruption.

CTW-RWP Advantages

Active Detection

CTE-RWP doesn’t rely on known ransomware file signatures. Instead, it monitors active processes to detect ransomware – identifying activities such as excessive data access, exfiltration, unauthorized encryption, or malicious impersonation of a user

Easy to Manage

Quickly deploy CTE-RWP as there is no need to configure user access policies. Leverage the same CipherTrust Manager console used for other tools in the CipherTrust Data Security Platform to simplify and unify your data security management

Reliable Remediation

Since CTE Ransomware Protection monitors the processes for identifying activities, it will still flag/block the ransomware activity even if the ransomware was installed on the machine first and went undetected

Ransomware is a type of malicious software, or malware that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks are both costly and damaging to an organization’s reputation.

CTE Ransomware Protection (CTE-RWP) continuously enforces file/folder level ransomware protection with minimal configuration and no modification to any applications on the endpoint/server. It monitors for any abnormal file activity caused by ransomware infected processes, and alerts or blocks (per user configuration) when such an activity is detected.

The best defense against ransomware is multifaceted. CTE-RWP monitors processes for abnormal I/O activity on files. Adding a license for CipherTrust Transparent Encryption (CTE) provides additional benefits to guard against ransomware including access policies. There are other means that will decrease your risk factors such as being aware of phishing scams (how malware infects your machines), anti-virus software, and regular data backups. CTE-RWP is a huge step in managing your risks of a ransomware attack.

CTE-RWP is a separate license purchase from CTE and can be used independently or in combination with a CTE license for multifaceted protection against ransomware. Both are managed through the central user interface within CipherTrust Manager.

Customers can maximize ransomware protection on their endpoints/servers, by adding a license for CipherTrust Transparent Encryption (CTE), to gain the following additional benefits not provided by CTE-RWP.

Fine-grained Access Control

  • Defines who (user/group) has rights to encrypt/decrypt/read/write or list-directory where critical data resides
  • Place strict access control policies around backup processes, including encrypting backups to prevent data exfilteration
  • Guard point level trusted list of files (binaries) that are approved to access and encrypt/decrypt protected folders including signature checks on trusted applications to ensure their integrity.

Data at Rest Encryption

  • Encrypt critical data, wherever it resides on-premises or in the cloud
  • Make critical data worthless to intruders, since they cannot monetize encrypted data by threatening to publish
  • Guard point level trusted list of files (binaries) that are approved to access and encrypt/decrypt protected folders including signature checks on trusted applications to ensure their integrity.

With MFA for CipherTrust Encryption

Customers can add Multi-factor Authentication (MFA) for CipherTrust Encryption (CTE), to get an additional layer of protection at the folder/file level. MFA for CTE prompts system administrators and privileged users to demonstrate an additional factor of authentication beyond passwords when they try to access to sensitive data sitting behind Guard Points.

MFA for CTE is available for the Windows platform. It supports integrations with multiple authentication providers including Thales’ SafeNet Trusted Access, Okta and Keycloak.


CipherTrust Transparent Encryption Ransomware Protection