Using Ransomware Protection
The following explains how using CipherTrust Transparent Encryption with Ransomware Protection can enhance the protection of your data:
Protect the File Server with both CipherTrust Transparent Encryption and Ransomware Protection
Use Ransomware Protection to improve data protection by encrypting sensitive data using CTE standard and LDT policies. Combining CTE encryption policies with Ransomware Protection strengthens your security posture. In this scenario, both CipherTrust Transparent Encryption and Ransomware Protection licenses are installed on the same server. All of the customer sensitive data is on this server. Data may be on a local drive, or on a CIFS/NAS share mounted on this server. Users are using a CTE policy to encrypt the data, provide CTE access control and protect the data from Ransomware Attacks. For this use case:
-
Install and register CipherTrust Transparent Encryption with Ransomware Protection.
-
Ensure RW license is available on CM.
-
Ensure the policy is pushed by looking a the CipherTrust Manager GUI and ensuring that the GuardPoints display as Healthy and Green.
Using Ransomware Protection to protect End Points on Local and CIFS Shares
You can also protect endpoints with CipherTrust Transparent Encryption with Ransomware Protection. In this scenario, customer sensitive data is not on this endpoint but is being accessed using this endpoint. Data may be on an external share or NAS/CIFS share. User will only apply RW license on this end-point. CTE encryption and access control is not enforced on this server. An example of a use case for this scenario is when you have users with laptops who frequently use your network and access servers on it, but do not have any sensitive data locally on their laptops. A system like this might belong to a salesperson who travels and frequently uses other networks to access the internet. When they log on to your network, they access the sales network server and upload data to it. They could easily pick up a Ransomware Protection virus from another network. Using the CipherTrust Transparent Encryption Ransomware Protection solution would protect the data on their local volumes, mounted volumes, and the network servers they access from being infected with Ransomware Protection. For this use case:
-
Install and register CipherTrust Transparent Encryption with Ransomware Protection.
-
Ensure RW license is available on CM.
-
Ensure the policy is pushed by looking a the CipherTrust Manager GUI and ensuring that the GuardPoints display as Healthy and Green.
Adding Trusted Processes in the Ransomware Protection policy
Users can create a white list of trusted processes and exclude these processes from RW monitoring. For example, you could set it so that an authorized backup/restore application would not be flagged or blocked.
-
Use a User Set, and/or Process Sets to control access by people, processes, etc.
-
Use an RWP Exempted User Sets from the drop-down list. This user set will be exempted so RWP will not be enforced on the users of this User Set-Exempted Process Sets specify the process set to be excluded from monitoring and the action to be taken on all other processes that attempt to access the sensitive data.
Always add your anti-virus software to your exemption list (process set). Ransomware Protection intermittently flags anti-virus software as ransomware and blocks it.