Using Ransomware
The following explains how using CipherTrust Transparent Encryption with Ransomware Protection can enhance the protection of your data:
Protect the File Server with both CipherTrust Transparent Encryption and Ransomware Protection
Use Ransomware Protection to improve data protection by encrypting sensitive data using CTE standard and LDT policies. Combining CTE encryption policies with Ransomware Protection strengthens your security posture. In this scenario, both CipherTrust Transparent Encryption and Ransomware Protection licenses are installed on the same server. All of the customer sensitive data is on this server. Data may be on a local drive, or on a CIFS/NAS share mounted on this server. Users are using a CTE policy to encrypt the data, provide CTE access control and protect the data from Ransomware Attacks. For this use case:
-
Install and register CipherTrust Transparent Encryption with Ransomware Protection.
-
Ensure RW license is available on CM.
-
Ensure the policy is pushed by looking a the CipherTrust Manager GUI and ensuring that the GuardPoints display as Healthy and Green.
Using Ransomware Protection to protect End Points on Local and CIFS Shares
You can also protect endpoints with CipherTrust Transparent Encryption with Ransomware Protection. In this scenario, customer sensitive data is not on this endpoint but is being accessed using this endpoint. Data may be on an external share or NAS/CIFS share. User will only apply RW license on this end-point. CTE encryption and access control is not enforced on this server. An example of a use case for this scenario is when you have users with laptops who frequently use your network and access servers on it, but do not have any sensitive data locally on their laptops. A system like this might belong to a salesperson who travels and frequently uses other networks to access the internet. When they log on to your network, they access the sales network server and upload data to it. They could easily pick up a Ransomware Protection virus from another network. Using the CipherTrust Transparent Encryption Ransomware Protection solution would protect the data on their local volumes, mounted volumes, and the network servers they access from being infected with Ransomware Protection. For this use case:
-
Install and register CipherTrust Transparent Encryption with Ransomware Protection.
-
Ensure RW license is available on CM.
-
Ensure the policy is pushed by looking a the CipherTrust Manager GUI and ensuring that the GuardPoints display as Healthy and Green.
Adding Trusted Processes in the Ransomware Protection policy
Users can create a white list of trusted processes and exclude these processes from monitoring. For example, you could set it so that a zip application zipping up files would not be flagged or blocked.
-
Use a User Set, and/or Process Set to control access by people, processes, etc.
-
Use a Ransomware Protection-exempted Process Set to exempt specific processes so that Ransomware Protection will not be enforced on the members of this process set.
Note
Add the resource set if the process set is used as the Trusted Process Set in the Ransomware Protection Configuration
-
Specify the process set to be excluded from monitoring, and the action taken on all other processes that attempt to access the sensitive data.
Note
-
Always add your anti-virus software to your exemption list (process set). Ransomware Protection intermittently flags anti-virus software as ransomware and blocks it.
-
If you use a TDE (Transparent Encryption software) other than CTE for any database encryption, then you must add the
database.exeto the exemption list (process set). On initial encryption, SQL Server, for example, reads in all of the clear data and writes it back out as encrypted data, during Transparent Data Encryption (TDE). As such, it exhibits ransomware-like behavior and therefore, must be added to the CipherTrust Transparent Encryption Ransomware Protection exempted process list.
