Ransomware Can’t Encrypt What It Can’t See!

Announcing Stormshield Endpoint Security Ransomware Defense Edition

Stormshield has pioneered the security area of behavioral endpoint protection and continues to be the leader in detecting and stopping unknown malwares.  For over a decade, while many well-known security vendors continued to push signature-based protections, organizations that were extremely concerned about attacks turned to Stormshield to eliminate Zero Day attacks and to stop malware that had never been seen before (or was even fileless).  Today, in every test and comparison, Stormshield continues to be the industry leader in this aspect of malware prevention.

As organizations today are desperately searching for a way to protect themselves from a new malware threat (the ransomware variant), the SES-RDe capabilities to identify and stop the ransomware attacks from installing on computers is unprecedented and unmatched.  Despite the creativity of the cyber-criminals and the tens (hundreds?) of thousands of ransomware variants, SES-RDe will almost always identify the attack and stop it before there is any damage.

Yet, despite this industry-leading capability to identify and stop ransomware attacks, Stormshield faces the same dilemma that all security vendors face (but most don’t want to talk about) – no product or combination of products on the market today will guarantee that they can stop all ransomware attacks. Even if a product like SES-RDe can cite detection and prevention rates of 99%+, given the volume of ransomware attacks that are flooding the world, that less than 1% penetration rate can still be a huge exposure.

The solution to this dilemma is direct and practical: Ransomware can’t encrypt what it cannot see.

Extension Whitelisting: Even a single successful execution of a ransomware can have devastating consequences for an organization. SES-RDe recognizes this and has developed the ultimate barricade against the true ransomware threat – encryption of targeted data. The only way that ransomware wins is if the targeted data is successfully encrypted.  Even if a ransomware finds its way into your organization and executes on a computer, it still has not caused any damage.  In order to “succeed” it must find a way to encrypt the files that have value to the organization so that the cyber-criminal can attempt to extract a ransom.

SES-RDe provides a unique Extension Whitelisting capability that limits the access to file extensions to specific applica¬tions (validated by executable signed certificate or checksum). This Extension Whitelisting barricade effectively neu¬ters the attempts of any ransomware to encrypt files while not disrupting the normal workflow of users and computers. SES-RDe can limit the access for “.docx” to only certain applications, for example Microsoft Office, Windows Explorer and Web Browsers, thus preventing unknown applications from having access to these extensions. To identify the applications that are allowed to make changes, SES-RDe can use digital signatures or checksums of the applications.

In addition to stopping the data encryption, the Extension Whitelisting application includes a range of security measures that recognize when an application is attempting to access files that it is not authorized for and a set of quarantine, remediation, notification and other proactive protection measures are automatically initiated across the enterprise.

SES-RDe: Industry leading protection to keep malwares out of your organization. Unique Extension Whitelisting to stop the tiny percentage that sneak by from doing any harm!


SES-RDe Ransomware Protection Features
Extension Whitelisting:

SES-RDe provides a unique Extension Whitelisting capability that limits the access to file extensions to specific applications (validated by executable signed certificate or checksum). This Extension Whitelisting barricade effectively neuters the attempts of any ransomware to encrypt files while not disrupting the normal workflow of users and computers. For example, SES can limit the access for “.docx” to only certain applications: Microsoft Office, Windows Explorer and Web Browsers thus preventing unknown applications from having access to these extensions. Applications are validated by digital signatures or checksums of the applications.

Extension Whitelisting Attack Identification and Remediation:

SES-RDe also monitors and takes notice of the attempted encryption activities of the ransomware. Based on this gathered intelligence, SES-RDe will remove the ransomware from this computer and report this activity to the SES-RDe management console and also, optionally, send an alert to the SES-RDe administrator. A rule including the name of the executable or the checksum for this specific ransomware will be created and automatically propagated to all other SES-RDe protected computers. This rule will then block this ransomware from running and, if it is already on the computer, delete it.

Memory/Behavioral Protection:

SES-RDe identifies and stops ransomware prior to execution virtually eliminating the zero-day threat.  SES-RDe even protects against fileless ransomware attacks that run completely in memory and can therefore bypass traditional signature-based security products.  SES-RDe does not rely on easily defeated signatures, sandboxing, mathematic algorithms, etc. but instead SES-RDe uses a set of security layers that work against attempts to compromise the computer system – detection of exploited vulnerabilities (e.g., corruption of the memory in order to execute malicious code), detection of malware installed on the computer, detection of malicious actions and all other known attack methods – proactive, real-time.

Supplemental SES-RDe Ransomware Protections:
Kernel Protection
DLL Injection Protection

Hard Drive Protection



Matrix has announced a special 4th QTR program so that SES-RDe can be licensed by customers for less than $10 per seat.  Additional quantity based tiered discounts are available for customers that increases the value even more.  “Matrix has heard from our customers how much ransomware is concerning their organizations and we want to provide the first true ransomware protection at a price point where it fits into their budgets so that they can act quickly to eliminate this threat,” said Bob Foley, President of Matrix.  “We understand the frustration of organizations that are tired of the confusing product hype being done by so many vendors about their ransomware “protections”. Our Extension Whitelisting provides the ultimate safeguard to be assured that your data will not be encrypted by ransomware.“  

Learn more about SES-RDe:



Stormshield Next Generation Endpoint and Data Security products protect the systems and data that matter most to your organization


Stormshield Endpoint Security

Single, lightweight, multi-module endpoint security agent protects against advanced memory-based threats and zero-day attacks, provides network/device/application monitoring, auditing and control and has extensible data encryption for always-on content protection.

Learn more

Stormshield Data Security

Integrated disk, file and data room encryption delivers a certified and scalable data protection solution for secure enterprise-wide collaboration that seamlessly works with existing communication tools to safeguard your data...wherever it is, wherever it moves.

Learn more


Stormshield Endpoint Security

The future of Next Generation Endpoint and Data Protection for the enterprise is here.

The Next Generation Endpoint Protection (NGEPP) Stormshield Endpoint Security (SES) is an innovative multi-module EPP Security Product from Airbus Defence and Space delivered through a single-agent, single management console architecture and used as a key component of their protection by leading organizations worldwide. While SES has a comprehensive suite of outstanding Next Generation protections, SES has established itself as a pioneer and leader in the area of Memory Intrusion Protection (MIPS) that allows it to provide a unique capability to identify and stop unknown attacks. As a result, SES MIPS stands alone in its capacity to identify and stop all types of malware, including fileless malware, virtually eliminating zero-day exposures.


Built on the Next Generation Endpoint Protection Model

Organizations across the world are frustrated with the ineffectiveness of traditional endpoint security products and their inability to stop the constantly increasing and ever-more sophisticated attacks.  As a result, a new generation of endpoint solutions has been created that can provide effective security.  In order to provide NGEPP effectiveness these new protections must be lightweight, work in the existing security ecosystem and work across platforms independent of a real-time connection.

Explore the core next generation endpoint protection (NGEPP) features:


SES Lightweight, multi-module, single agent next generation endpoint protection

  • Defense in depth protects the system from unknown attacks, its network connections from misuse and the data from loss and theft
  • Automatic Dynamic Policy Enforcement ensures the right endpoint protections and controls are in place at the right time based on the changing risk profile of the computer
  • Centralized management across servers, desktops and laptops provides complete endpoint control for the enterprise

Protection against advanced memory-based threats and zero-day attacks

  • Unique innovative memory intrusion prevention system (MIPS) protects against all “next generation” malwares including unknown and fileless malware
  • Proactive host intrusion prevention system (HIPS) and a host-based firewall protects the system from malicious inbound and outbound network activity
  • Integrated security functions like anti-virus, anti-spyware, and application whitelisting provide the traditional protections needed to meet internal and regulatory auditing and compliance requirements

Dynamic network/device/application monitoring, auditing and control

  • Dynamic network access controls enforce wired, wireless and VPN policies while on the corporate network, off the corporate network and on public networks
  • Wi-Fi protections secure connections and enforce policies to restrict connections to specific wireless access points
  • Integrated device control monitors, audits and enforces removable device policies at a granular level to ensure that worker productivity remains high but data remains in IT's control at all times
  • Application whitelisting capabilities gives IT confidence their systems are using the right applications for the jobs intended and automatically stops applications that are unsafe

Built-in and extensible data encryption for content protection and collaboration

  • Full disk encryption ensures the entire drive is protected in the case of a lost or stolen system
  • File and folder-based encryption applies additional protections in the case of a malicious insider
  • Removable device encryption ensures data is protected at all times, even when the data leaves the endpoint system via USB drive or other removable media
  • Integration with Stormshield Data Security for encrypted data rooms that enable secure content collaboration

Stormshield Data Security

Safeguarding your data...everywhere


The Stormshield Next Generation Data Protection security (SDS) provides a comprehensive suite of device and data encryption protections so that data in any state, on any devices, in the cloud, shared with internal teams, provided to business partners, etc. can be easily encrypted and managed – centrally or by empowered users.  A critical aspect of SDS is to provide data encryption tools that safeguard information, customer data, employee data, company confidential data and intellectual property, but in alignment with the organizational workflow to ensure security without slowing down productivity.  SDS provides contemporary users with the broader and unhindered access to organizational data and need to share their data with internal and external co-workers. 

SDS NGEPP Data Protection combines top down enforced encryption rules and policies with the empowerment of users to apply file and folder encryption for secure team collaboration.  It includes disk and file encryption, encryption for removable media, encryption for file shares and cloud storage.  SDS provides the means for compliance with the many regulatory requirements worldwide relating to the protection of private and sensitive data (for example, PCI DSS, HIPPA).

The Stormshield Next Generation Endpoint Data Protection is the most complete data protection solution available on the market today and is being used by industry leading organizations – worldwide.


Integrated Disk, File, and Data Room Encryption

  • Transparent full disk encryption.
  • File Encryption for sensitives file
  • Temporary accounts
  • SSO withWindows authentication
  • Support smart cards
  • Centralized encryption policies based on the file/folder.
  • Deletion of secure files and cleanup of exchange files.
  • FIPS140-2 certification.
  • AES 128, 192 and 256 bits
  • Recovery Tool (CD and  USB)
  • Encryption of data stored on removable devices


Data Protection for Secure Enterprise Collaboration

  • Seamless encryption of local or shared folders
  • Supports creation of a personal or collaborative trust bubble in a shared location
  • Automated encryption
  • Encryption for cloud storage
  • Integration with mail clients for electronic mail signature and confidentiality
  • Security of data shared confidentially between internal and external collaborators
  • Confidentiality of data contained in a virtual volume
  • Authentication and destruction
    • Sign any type of file
    • Help provided for digitizing administrative and sales procedures
    • Secure and irreversible deletion of files and folders
  • Centralized administration for security policies and user identities
  • Smart Card Extension allows the user to store private keys in an external cryptographic device (SmartCard or USB), including the PKCS11 standard
  • SDS “Shredder” irreversibly destroys all sensitive data
  • SDS “File” protects data inside and outside of the organization by guaranteeing integrity
  • SDS “Mail” protects the confidentiality contained in emails


Seamlessly Works With Existing Organizational Communication Tools

The Stormshield Data Security solution allows your specialized teams to create safe collaboration environments, regardless of the medium (e-mail, USB keys), device (computer, smartphone, tablet) and application (collaborative, intranet, shared networks) being used to conduct business within your organization.


Benefits of Protecting Your Data with Stormshield

  • Share and store confidential data for members of ad-hoc collaboration units
  • Total independence from the infrastructure means system and network administrators, as well as any hosting providers utilized, will not have access to sensitive information
  • Simple to use thanks to its easy integration into standard organizational business tools (Outlook, SharePoint, Windows, etc.)
  • EAL3+-certified cryptographic implementation qualified by ANSI and NATO, adapted to the protection of “Restricted” data
  • Integration into an organization's infrastructure regardless of whether it has an Active Directory or PKI
  • Fully turnkey solution (centralized administration, PKI, encryption agent)
  • Comprehensive data security service based on a trusted infrastructure that SDS provides
  • Certified solution
  • Scalable solution: adapted to large scale deployments (existing deployments up through 160,000+ seats) 


Host Intrusion Prevention (HIPS) | Memory Intrusion Prevention (MIPS) | Host-Based Firewall | Removable Device Control | Application Control | Wireless Security | WiFi Protection | File Encryption | Full Disk Encryption | Removable Device Encryption | Data Room Encryption | Cloud Data Encryption | Anti-Virus | Anti-Spyware | Anti-Malware | Dynamic Policy Enforcement | Centralized Enterprise Management