Strengthen IT Security

Improve ransomware defences

Safe Swiss Cloud’s security products help Information Security officers with risk mitigation and recovery, to protect against security breaches due to ransomware and other kinds of malware. They help to continuously improve IT security and strengthen defences against malware and ransomware.

Our security services provide a modular toolkit which can be used independently, to improve security. These ransomware risk mitigation tools can be be used with cloud or “on premise” IT infrastructure.

Security monitoring: get early warnings and alerts for relevant security events in your IT environment.

Ransomware Recovery

Recover your IT environments from independent backups at Safe Swiss Cloud in case of an attack.

EDR: Extended Detection & Response

Add EDR threat detection to protect against currently unknown malware: for servers, workstations and other devices.

Security Monitoring

Early warning: Safe Swiss Cloud monitors the central dashboards for customers and raises alerts. This is perfect for organisations without their own SOC or NOC.

Email Security

Protect your Email: prevent it from being a channel for malware and ransomware to enter your organisation.

SIEM – Network Detection & Response

Analyse the big picture on your network devices and servers to detect suspicious anomalies with our SIEM system.

Active Directory Monitoring & Audit

Get warnings for unauthorised changes; alerts and audit reports for your active directory.

Firewalls & Web Application Firewalls

Perimeter and application protection to prevent unauthorised access, intrusion detection & web application hacking attemps.

Security Support

Safe Swiss Cloud’s support packages offer support hours, which can be used to implement measures to strengthen security, for consulting or for implementation.

The ransomware recovery solution allows a restoration of infected / attacked IT environments from an independent backup. The ransomware recovery system allows for regular safe, encrypted backups to Safe Swiss Cloud’s data centers from IT environments anywhere (in house, cloud, traditional hosting). Mitigate your risk of a ransomware attack, by making sure you can always recover your IT environment by restoring from a backup which is outside the reach of malware.

Why do you need this?

Many successful ransomware attacks disable or encrypt in house backups, making a recovery from them impossible. Customers therefore, need to keep independent backups outside their own network, to always be able to mitigate the risk of ransomware or malware attacks.

Servers (or groups thereof) can be compromised in spite of the best protection tools. Typically malware and ransomware uses so-called “zero day exploits” in operating systems and application software to gain unauthorised access to systems. “Zero day exploits” are unknown software weaknesses (they have been known for zero days) and the protection systems in place may not always be able to prevent malware attacks, which exploit these.

Typicallly ransomware and malware attacks encrypt customer’s files, making them unusable. A restore from an independent backup, is the only way to recovery in such situations.

How does it work?

In case of a malware or ransomware attack, customers can restore their hijacked server from these independent backups to ensure a good recovery of their IT environments. To allow a full recovery, long term backups for at least 12 months or more are kept at Safe Swiss Cloud.

This easy to use ransomware recovery service, provides a web based interface, secured with https and two factor authentication (TFA or MFA) to manage the backups and recovery activities when needed.

The ransomware recovery system supports for Windows, Linux and Mac operating systems, while image backups are supported for Windows only.

The backups are compressed, encrypted and stored safely and redundantly, in Safe Swiss Cloud’s Swiss data centres using Object Storage technology. 

Service Details

The ransomware recovery service makes long term (at least 12 months) backups of your servers and data. It is a managed service by Safe Swiss Cloud, so in case an IT environment is compromised by ransomware, they cannot gain access to this system.

In case of a breach in an IT environment, these long term backups make sure that clean restores of all systems can be made quickly, allowing a quick recovery for employees to start working again.

The long term backups make sure that even if a file was encrypted a long time ago, it can be restored.


Safe Swiss Cloud’s standard support packages can be used with the Ransomware Recovery service to get help with setup, changes and operational issues.

In case of a breach, Safe Swiss Cloud engineers are available to support IT departments with their recovery operations.

Extended Detection & Response

EDR is advanced threat detection and protection, which is urgently needed to identify malware and ransomware, which evades the basic “anti-virus” systems commonly in use. The EDR system can be installed in addition to the existing anti-virus system or used to replace it. This protection needs to be installed on every server, workstation and device in a network and monitored regularly, to provide absolutely essential malware & ransomware protection.

Why do you need this?

Traditional anti-virus products are no longer sufficient to prevent malware and ransomware attacks. Protection from malware & ransomware threats, needs so-called Extended Detection and Response (EDR) systems. These are able to identify currently unknown threats and raise alarms when they detect suspicious activity.

In addition, it is necessary to monitor suspicious activity warnings regularly and take additional actions to protect the security of workstations, laptops and servers when needed. EDR products provide a central dashboard

How does it work?

This protection comes in the form of a software agent which is installed on every workstation (PC, Mac, Linux) and server (Windows, Linux) as well as other devices in use (tablets, mobile phones etc.).

This agent works silently in the background quarantining unwanted malware and ransomware or preventing them from executing code, while reporting everything to a central logging console.

A central monitoring console provides alerts and insights into attack, penetration and unusual activity. Safe Swiss Cloud provides an optional monitoring service to alert customers.


Bitdefender is one of the market leading providers of end point protection. It involves the installation of an end point protection agent on every end point (workstation, laptop, server).

The GravityZone console provides dashboards with drill-down tools to centrally analyse the data collected at the all the end points about threats.

Bitdefender Standard

Provides anti-virus and malware scanning and protection

Bitdefender ATS & EDR

This is a set of add-on predictive technologies which warn against potentially unknown threats.

IT Security Monitoring Service

Safe Swiss Cloud monitors your security situation and alerts you when you need to take action. This is ideal for customers who do not want to run their own monitoring operations.

Security Support

Safe Swiss Cloud’s standard support packages can be used for all kinds of security related support related to the EDR Security (and all the Safe Swiss Cloud security products).

Safe Swiss Cloud offers a service to monitor the central dashboards of its security products and raise alerts. Many oranisations don’t have a SOC or NOC to check the dashboards for warnings and alerts. This service fills this need.

Why do you need this?

Early warning can be the key to preventing the spread of ransomware. But does your IT have an operations centre which can monitor the central security dashboards and warn you? This service fills this important function.

How does it work?

Our security services have central dashboards which raise warnings. This service makes sure somebody is watching and you get alerted when there are security relevant events.

Improve email security by scanning emails for infected attachments, “phishing attempts” which try to get the user to click on a dangerous URL or filter out spam effectively.

Why do you need this?

Email remains one of the most common channels used by malware and ransomware to invade an IT organisation. Therefore identifying inappropriate email, whether spam or carrying an infected attachment or getting users to click a dangerous URL need to be identified and disabled, protecting users from this menace.

How does it work?

This tool is typically placed “in front” of a mail server, where it scans all incoming email for malware, phishing attempts and spam, before sending only clean emails to a user’s Inbox on their email server (typically Exchange).


This product is an ideal combination of spam and malware filtering of Emails. This technology is constantly updated to ensure very good spam protection.

It can easily be integrated into any Email server including Microsoft Exchange, Microsoft 365 or anything else.


Safe Swiss Cloud’s standard support packages can be used for this product.

This covers help with setting up the service, making changes, solving problems and answering questions.

Network Detection & Response

SIEM (Security Information and Event Management) systems analyse the network traffic and server logs and look for anomalies in network traffic and server usage patterns, which could hint at dangerous malware or ransomware activity. SIEM systems look at the “big picture” in an IT organisation to determine what is normal activity and identify deviations from normal and raise alarms. A SIEM system is a must for multi-site / multi-branch IT environments with major exposure. The SIEM is the best tool for an early warning against sophisticated attachs.

Why do you need this?

By analysing the “big picture” of what is going on across the whole network of an organisation and its servers, the SIEM and/or Network Detection & Response (NDR) technologies can identify unusual, suspicious activity. The SIEM provides a very useful indicator of when malware and ransomware has slipped through the first line of defence and raise an alarm, allowing IT organisations to take special measures to prevent a malware attack.

How does it work?

The central monitoring console of the SIEM provides insights into attack and penetration attempts, alerting IT of unusual activity. The SIEM and Network Detection & Response (NDR) solutions aggregate the log files from network nodes and servers, analyse them continuously and raise alarms when anything unusual is detected.


Safe Swiss Cloud’s standard support packages can be used with the SIEM – Network Detection & Response service.

This tool monitors all changes to the Active Directory and blocks or alerts when suspicious changes to permissions and access rules are attempted. This is one of the most important tools for security, maintaining data privacy and reducing the chances of data theft. The compliance regimes at many companies, require this kind of system to maintain audit trails of such changes. 

Why do you need this?

Malware often tries to attack the Active Directory of an organisation, to misappropriate the permissions necessary, to access sensitive data or encrypt files. Customers need tools that prevent certain kinds of Active Directory changes, raise alerts when suspicious change attempts are detected and allow the scrutiny of changes to ascertain if they were legitimate. This system can warn when insiders try to gain access to sensitive data, they should not have access to.

How does it work?

The system allows the setting of policies which determine who is allowed to make which kind of changes in the Active Directory system. It maintains audit trails and can prevent unwanted changes. Attempts to manipulate permissions to gain access to sensitive servers and data, will lead to alerts being raised immediately.

Audit reports allow regular reviews of changes to the Active Directory, highlighting who tried to change the Active Directory to access sensitive data.

AD Audit+

AD Audit+ is provided by Safe Swiss Cloud as a service.

Help with the setup and customisation for the customer’s IT environment is available as part of Safe Swiss Cloud’s flexible support packages.

Monitoring Service

Safe Swiss Cloud provides an optional monitoring and periodic auditing service for the Active Directory based on this tool.

We warn customers if we notice anything unusual continuously. The periodic audit is designed to raise awareness among customers about how their users are behaving and to take appropriate improvement steps where needed.


Safe Swiss Cloud’s standard support packages can be used with the Active Directory Auditing service.

Firewalls, Intrusion Prevention & Web Application Firewall

Every IT environment should protect its network perimeter with a firewall to prevent unauthorised access. Modern firewalls also provide intrusion detection (IDS) and intrusion prevention (IPS) services which detect attempts to breach the perimeter. The Web Application Firewall (WAF) functionality protects against attempts to attack web based applications.

Why do you need this?

It is important to protect as many entry points into your systems as possible. Protecting your network is absolutely essential, because an intruder with network access can cause havoc by attacking servers and applications on the network. A good firewall with intrusion prevention and web application firewall functionality is part of the first line of defense for servers and workstations.

How does it work?

Firewalls work by limiting access into an organisation’s network to the very minimum needed, blocking traffic from suspicious sources and scanning the traffic traversing the network for suspicious or anomalous traffic. A well managed firewall makes the job of attacking an IT environment much more difficult.

Safe Swiss Cloud sells various standard products with support, setup and various services.


Safe Swiss Cloud’s standard support packages can be used for the Firewall, Intrusion Detection and Web Application Firewall products.

Free briefing

Get your free briefing and find out how we can protect your infrastructure from malware and ransomware.