Protecting Data with CTE
How to Protect Data with CTE
CTE uses policies created in the associated key manager to protect data. You can create policies to specify file encryption, data access, and auditing on specific directories and drives on your protected hosts. Each GuardPoint must have one and only one associated policy, but each policy can be associated with any number of GuardPoints.
Policies specify:
-
Whether or not the resting files are encrypted.
-
Who can access decrypted files and when.
-
What level of file access auditing is applied when generating fine-grained audit trails.
A Security Administrator accesses CipherTrust Manager through a web browser. You must have administrator privileges to create policies using CipherTrust Manager. The CTE Agent then implements the policies once they are pushed to the protected host.
CTE can only enforce security and key selection rules on files inside a guarded directory. If a GuardPoint is disabled, access to data in the directory goes undetected and ungoverned. Disabling a GuardPoint and then allowing unrestricted access to that GuardPoint can result in data corruption.
How to Protect Data from Ransomware with CTE
Ransomware Protection Support is compatible with CipherTrust Manager v2.12 and subsequent versions. It is only supported in CipherTrust Transparent Encryption v7.4.0 for Windows and subsequent versions.
CipherTrust Transparent Encryption with Ransomware Protection protects data on servers and endpoints from ransomware attacks by auditing, monitoring and blocking malicious processes. Users can strengthen their security posture with CipherTrust Transparent Encryption access and encryption policies, multi-factor authentication, and Ransomware Protection for complete control of their data.
CTE Ransomware Protection is not an EDR (Endpoint Detection and Response) or XDR (Extended Detection & Response) solution which tries to prevent end-points from getting infected or track the lateral movement of the ransomware. However, CipherTrust Transparent Encryption with Ransomware Protection works well in conjunction with XDR and EDR solutions. CTE Ransomware Protection solutions performs real-time data analysis on sensitive data, calculates the entropy value of data, and determines whether the application is writing encrypted or unencrypted data. This analysis is performed using the CTE ML (Machine Learning) model and a score is assigned to the process. Based on this score, CTE either alerts the process behavior to the user or blocks process access to the data.
Ransomware Protection requires the vmlfs.sys
driver. If you are using Ransomware Protection and you switch to the vmfiltr.sys
driver, then you will disable Ransomware Protection.
CipherTrust Transparent Encryption Ransomware Protection requires a Flex Utility license to enable Ransomware Protection within CipherTrust Manager.