Ransomware Protection

Ransomware attacks have become alarmingly common and, unfortunately, experts predict that they will only become more frequent and more severe in the coming years.

GaraSign provides protection against ransomware with a variety of security controls, including restricted access to sensitive data and decryption keys, granular access controls like MFA and device authentication, and support for digitally signing and timestamping backups.

Timestamp Data Prior To Encryption

It is best practice to cryptographically timestamp your data before you encrypt it. This allows you to easily identify if the data has been tampered with at any point in time. GaraSign integrates with all major trusted timestamp authorities (TSA) to seamlessly support cryptographic timestamping.

Encrypt Data With Self-Managed KMS

Encrypt data at rest using a self-managed (i.e. on-premise) Key Management Service (KMS), wherever possible. This is especially important when the third-party is the one storing the data, as is the case with cloud providers. By encrypting the data before it is sent to the storage provider, you benefit from the storage provider’s scale without sacrificing the confidentiality or integrity of your own data.

Disable All Decryption Keys

Keep the private keys for decryption in a disabled state by default. Since they are only needed when restoring backups and are therefore not needed frequently, you should only enable them when there is a need to do so, and immediately disable them one again after they are used. With GaraSign, any cryptographic key can be disabled with a few clicks from the GaraSign interface.

Enforce Granular Access Controls

Ensure that only authorized and authenticated end-users can use the decryption keys needed to access backups. GaraSign supports granular access controls, such as MFA, device authentication, and approval workflows, on a per-key or per-user basis. 

Ransomware Protection With GaraSign

With GaraSign, all backups are digitally signed, cryptographically timestamped, and encrypted while the decryption keys remain secured in a certified hardware security module (HSM). Security policy can be established on a per-key or per-user basis from a single interface and any cryptographic key can be disabled with a few clicks. Granular controls, such as MFA, device authentication, approval workflows, and more, ensure that only authorized and authenticated end-users can access decryption keys and thus the encrypted data.

Timestamped Data

Cryptographically timestamp backups and other databases to ensure the integrity of the data and to meet legal requirements.

Digitally Signed Backups

Attach a digital signature to all backups and other databases in order to prevent third-parties from tampering with the data.

Protected Decryption Keys

Encrypt all backups and store the decryption keys in a non-exportable state in a certified hardware security module (HSM).

Just-In-Time Access

Leave decryption keys disabled until seconds before an authorized and authenticated end-user needs access.

Granular Access Controls

Enforce granular access on decryption keys, including MFA, device authentication, approval workflows, notifications, and more.

Easy Audits & Compliance

Audits can easily be performed at any time. Compliance with data security regulations is drastically simplified.

Give GaraSign a Try

Schedule a demo to see how GaraSign can improve the security and performance of cryptographic operations throughout your environment.