Skip to content

CIS18 Ransomware Compliance

Achieving CIS v8 Ransomware Resilience with BullWall’s Automated Containment

The CIS Controls v8 provide a crucial roadmap for cyber defense, but they are just that—a map. When a ransomware attack executes, compliance checklists offer little protection. The critical question becomes: how do you stop the attack in real time?

This is the gap BullWall is purpose-built to fill.

BullWall’s Ransomware Containment platform specializes in one thing: stopping active ransomware attacks instantly. By detecting and halting unauthorized encryption the moment it begins, BullWall activates the principles of the CIS Controls, turning guidance into automated, real-time defense. It directly supports multiple CIS safeguards, strengthening your resilience where it matters most.

Control 10: A Last Line of Malware Defence

(Safeguards 10.1, 10.4)

CIS calls for standard anti-malware solutions. But what happens when they fail? Modern ransomware is designed to evade signature-based and even traditional EDR tools.

BullWall acts as the essential last line of defense. By focusing on the behavior of unauthorized encryption—the ultimate goal of any ransomware—it stops attacks that have already bypassed your perimeter and endpoint prevention layers. This provides a crucial containment capability after infiltration but before damage.

Control 17: Transforming Incident Response

(Safeguards 17.3, 17.4, 17.5)

This is where BullWall provides its most significant value. A typical ransomware incident response can take hours, allowing the attack to spread. BullWall shortens that response time to seconds.

  • Automated Response: The platform instantly detects encryption, identifies the source, and isolates the compromised device to prevent lateral movement.
  • Actionable Intelligence: It feeds real-time logs and alerts to SIEM/SOAR systems (17.3), providing forensic data on the attack source and targeted files for post-incident analysis (17.5).
  • Realistic Testing: BullWall can be used in red team exercises to validate whether your incident response plan can actually stop a live encryption event (17.4).

Control 13: Upholding Data Protection

(Safeguard 13.1)

While BullWall is not a data classification tool, its primary function directly protects your most critical asset: data. By preventing unauthorized encryption, BullWall ensures that sensitive and classified information remains accessible and integral, thwarting an attacker’s ability to use your data as leverage.

Control 18 & 16: Validating and Mitigating Real-World Risk

(Indirect Support for 18.1 & Application Security)

Penetration Testing (18.1): BullWall allows penetration testers to validate your organization’s actual response to a live encryption attack, moving beyond theoretical vulnerability scans to test real-world resilience.

Application Security (16): If an application vulnerability is exploited to launch ransomware, BullWall mitigates the impact by ensuring the malicious payload cannot achieve its objective of encrypting files.

Summary: BullWall’s Contributions to CIS Controls

CIS Control How BullWall Delivers a Stronger Defense
10 – Malware Defences Complements AV/EDR with real-time containment for threats that get through.
17 – Incident Response Automates detection and containment, reducing response time from hours to seconds.
13 – Data Protection Prevents the unauthorized encryption of sensitive and mission-critical data.
16 – App Security Acts as a safety net, containing ransomware delivered via software vulnerabilities.
18 – Pen Testing Provides a method to test and validate real-time response to an active attack.

From Guideline to Active Defense

Achieving compliance with the CIS Controls is a foundational goal. However, true security lies in your ability to act when an attack is underway. BullWall translates the principles of CIS into automated, decisive action.

By providing an instant, reliable containment layer against ransomware, BullWall helps you move from compliance on paper to proven resilience in practice.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

August 2025 Product Release: CloudM Backup and Automate Updates

August 2025 Release: Introducing Google Chat Backup & Advanced Automation Features

Our August 2025 release is here, bringing critical new data protection capabilities and powerful administrative enhancements to your Google Workspace environment.

CloudM Backup 1.10 introduces highly-requested support for Google Chat, ensuring your vital conversations are protected from data loss. Simultaneously, CloudM Automate 2.17 delivers major upgrades to email signature management, domain notifications, and user lifecycle workflows.

CloudM Backup 1.10: Secure Your Google Chat Conversations

As tools like Google Chat become central to team collaboration, the data within them becomes a critical business asset. Accidental deletion or malicious activity can disrupt workflows and lead to the permanent loss of important information.

To address this, CloudM Backup now extends its comprehensive protection to Google Chat. This update allows you to securely back up and quickly restore:

  • 1-to-1 direct messages
  • Group direct messages
  • Reactions, links, and file attachments within conversations

This new capability integrates seamlessly with our existing protection for Gmail, Google Drive, Shared Drives, Calendar, and Contacts, providing a more complete data safety net for your entire Google Workspace.

CloudM Automate 2.17: More Flexibility and Control

This release introduces several powerful new features and enhancements to streamline your administrative tasks.

Dynamic Email Signatures for Multiple Roles

One of our most requested features is now a reality. Administrators can now create and assign multiple email signatures to a single user. The secondary “alias” signature is applied dynamically based on which email address the user is sending from, making it perfect for individuals with different roles or group memberships.

Accelerated Email Signature Sync

We’ve significantly reduced the sync time between CloudM and your Google Domain. Now, any updates made to email signatures are reflected for your users within minutes, ensuring brand consistency and timely changes.

Streamlined Domain Notifications

We have redesigned the Domain Settings page to give you more granular control over notifications. The opt-in process is now simpler, and it’s easier to select the specific types of notifications you want to receive, reducing noise and highlighting important alerts.

Flexible Google Calendar Transfers

To reduce manual work during user transitions, we’ve introduced more flexible modes for transferring calendars. This gives administrators greater control over how calendars, invites, and events are migrated to a new user, simplifying the offboarding process.

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

What Is a SIEM and Why Does It Matter: Dope.Security Launches New SIEM Integrations

Unified Threat Visibility: dope.security Launches Direct SIEM Integrations

In cybersecurity, context is everything. A Security Information and Event Management (SIEM) solution acts as the central hub for your security operations, collecting event logs from across your entire infrastructure. By correlating this data, SIEMs empower security teams to detect threats, streamline incident response, and maintain compliance.

But a SIEM is only as powerful as the data it ingests. That’s why we are excited to announce a major expansion of our integration capabilities, making it easier than ever to feed high-fidelity web security data from dope.security directly into your existing ecosystem.

Introducing Direct HTTP SIEM Integrations

Until now, integrating dope.security with a SIEM required configuring an AWS S3 bucket. To simplify and accelerate this process, we have introduced Direct HTTP Integrations. This new method allows for a seamless, API-based connection to the industry’s leading SIEM and security analytics platforms.

This update enables our customers to pipe real-time, endpoint-level web security data directly into their security operations center (SOC), enriching their overall threat visibility.

We now offer native HTTP support for the following platforms:

  • CrowdStrike
  • Splunk
  • Microsoft Sentinel
  • IBM QRadar
  • Taegis

Why This Integration Matters: The Power of Endpoint Context

By pairing the granular visibility of dope.security’s endpoint-based Secure Web Gateway (SWG) with the correlation engine of a SIEM, security teams can:

  • Enrich Threat Detection: Correlate web-based threats (e.g., phishing links, malware downloads) with alerts from other sources like EDR and firewalls to get a complete picture of an attack.
  • Accelerate Incident Response: Eliminate the need to switch between consoles. Analysts can investigate suspicious web activity, trace user actions, and pivot directly within their SIEM.
  • Strengthen Proactive Security: Analyze trends in web traffic, policy violations, and shadow IT usage to identify and address security gaps before they can be exploited.

Simple Configuration for Your SIEM

Getting started is straightforward. In the dope.console, navigate to Settings ➔ SIEM ➔ SIEM Integration Settings and select the HTTP option. From there, choose your SIEM platform from the dropdown menu and provide the required credentials.

  • For CrowdStrike: Create a HEC Connector in your CrowdStrike console to generate an API key and URL.
  • For Splunk: Use the API key and URI from your Splunk HTTP Event Collector (HEC).
  • For Taegis: Provide the integration URL and key from your Taegis HTTP Ingest configuration.
  • For Microsoft Sentinel: Use credentials from your Azure Monitor Logs Ingestion API, including Client ID, Tenant ID, DCE, and DCR information.
  • For IBM QRadar: Use the integration URL and key from your QRadar HTTP Receiver protocol.

From Silos to Synergy

This release breaks down the silos between endpoint web security and your central security analytics. By integrating dope.security directly with your SIEM, you transform raw security data into actionable intelligence, empowering your team to move from reactive alerting to proactive defense.

Request a demo or trial

About Dope Security
A comprehensive security solution designed to protect individuals and organizations from various cyber threats and vulnerabilities. With a focus on proactive defense and advanced technologies, Dope Security offers a range of features and services to safeguard sensitive data, systems, and networks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Best Secure Web Gateways (SWG) in 2025: Real-World Tests on Speed, Break/Inspect, and Privacy

The 2025 SWG Litmus Test: 3 Real-World Trials Your Security Gateway Will Likely Fail

In cybersecurity, the word “best” is subjective. For security architects, it might mean a single platform with the most features. For your employees, it means one thing: invisible.

When web pages lag, applications break, and the coffee shop Wi-Fi becomes a battle, your Secure Web Gateway (SWG) has failed the most important test. This guide moves beyond marketing hype and feature checklists to evaluate SWGs on what truly matters in 2025: speed, reliability, and privacy.

The Architectural Divide: Cloud Proxy vs. On-Endpoint Inspection

Most user experience problems can be traced back to one fundamental design choice.

Cloud-Proxy SWGs route all your web traffic to the vendor’s global data centers for inspection. This is the model used by major players like Zscaler, Netskope, and Cisco Umbrella. When network conditions are perfect, it can work well. But every extra hop introduces potential latency and a point of failure.

On-Endpoint SWGs, like dope.security, place the inspection engine directly on the user’s device. Traffic goes directly from the user to its destination without a detour through a vendor’s cloud, eliminating the “backhaul tax” on performance.

This architectural difference is the key to understanding why some SWGs feel seamless while others feel like a constant drag on productivity.

Three Tests to Separate Hype from Reality

You don’t need a lab to see which architecture performs better. Run these three simple tests on any SWG you’re evaluating.

1. The Human-Eye Speed Test

Forget synthetic benchmarks. Open a few complex websites (like a news site with many ads) with the SWG turned off. Notice how quickly the page feels fully loaded. Now, turn the SWG on and repeat the test.

What to Look For: Does the page load feel just as fast? Or do you see spinners, slow-loading banners, and lagging images? That perceptible delay is the latency introduced by routing your traffic through a third-party data center.

2. The Real-Time Policy Test

Security can’t wait 30-60 minutes to update. Log in to your admin console and make a simple policy change—for example, block a new URL category. Save the change and immediately try to access a site in that category.

What to Look For: Does the block take effect instantly? An on-endpoint SWG like dope.security pushes policy updates in seconds. Many cloud architectures rely on timed polling, leaving you with a significant enforcement gap.

3. The Captive Portal Challenge

Take a company laptop to a hotel, airport, or cafe. Try to log in to their public Wi-Fi. This is where most cloud-proxy SWGs fail catastrophically.

What to Look For: Can you connect seamlessly? Cloud proxies often interfere with the redirect mechanisms of captive portals, preventing users from getting online. Because an on-endpoint SWG doesn’t re-route traffic, captive portals work exactly as they should—no help desk ticket required.

Why Performance and Privacy Are a Design Choice

A direct flight is always faster and simpler than one with a layover. The dope.security on-endpoint SWG applies this same logic to your data.

By removing the cloud proxy hop entirely, we eliminate the primary cause of latency, application breakage, and privacy concerns associated with legacy SWGs. Security policies—blocking threats, controlling application usage, and protecting data—are enforced locally on the device.

The result is a secure internet experience that feels just like it did before you added enterprise-grade security. For organizations that prioritize user productivity and a stronger privacy posture, the choice is clear.

Request a demo or trial

About Dope Security
A comprehensive security solution designed to protect individuals and organizations from various cyber threats and vulnerabilities. With a focus on proactive defense and advanced technologies, Dope Security offers a range of features and services to safeguard sensitive data, systems, and networks.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

The Cyber Assessment Framework

Master CAF 4.0: Why a Ransomware Containment Strategy is Non-Negotiable

The UK’s updated Cyber Assessment Framework (CAF) 4.0 raises the standard for cyber resilience. It demands that leaders of essential services prove they can detect, stop, and recover from sophisticated attacks before they cause disruption.

One threat stands above all others in today’s landscape: ransomware. This is precisely where BullWall delivers a unique and measurable advantage to your security strategy.

The New Reality: Surviving the “Blast Radius”

CAF 4.0 isn’t another compliance exercise; it’s a direct challenge to withstand realistic, high-impact threats. Regulators want evidence that you can manage the critical moments after ransomware bypasses your initial defenses and begins its destructive encryption. This is the “blast radius” that can turn a single compromised device into an operational catastrophe within minutes.

Traditional prevention tools are essential, but they weren’t designed to stop an active encryption attack. Without a dedicated containment layer, you’re left vulnerable at the most critical moment.

How BullWall Delivers Demonstrable CAF 4.0 Compliance

BullWall provides a laser-focused solution to stop ransomware before it impacts your essential services, aligning directly with the core outcomes of CAF 4.0.

Managing Risk & Protecting Services (Objectives A & B)

CAF 4.0 requires you to mitigate the most realistic attacker behaviors. BullWall demonstrates this by actively protecting against ransomware, the number one threat.

  • Stops Malicious Encryption: It detects and halts ransomware encryption attempts in real time.
  • Limits Attack Impact: It automatically isolates the compromised user or device, instantly preventing the attack from spreading across your network and protecting critical data.

Mastering Detection & Incident Response (Objectives C & D)

When an attack is underway, every second counts. BullWall provides immediate detection and automates the initial response, giving your team the tools for rapid recovery and reporting.

  • Identifies Malicious Activity: It instantly recognizes the unauthorized encryption patterns that are the clearest sign of a ransomware compromise.
  • Automates Response: It triggers immediate alerts and automatically quarantines the threat, providing the forensic-quality data needed for regulator-ready investigations and post-incident reviews.

BullWall’s Contribution at a Glance

CAF Outcome BullWall’s Direct Contribution
A2.b – Understanding Threat Demonstrates active mitigation of ransomware, a primary attacker behavior.
B4.c – Malicious Code Prevention Detects and halts active ransomware encryption in real time.
B5.a – Limiting Impact Contains ransomware attacks before they can cause widespread disruption.
C3.b – Detecting Malicious Activity Identifies unauthorized encryption and triggers an immediate, automated response.
D1.a – Incident Response Automates containment of compromised assets to accelerate your response.
D2.b – Post-Incident Review Provides forensic data to inform regulator engagement and improve defenses.

The Bottom Line for Leadership

CAF 4.0 elevates ransomware from an IT issue to a board-level resilience risk. Regulators now expect proof that you can contain an attack in real time, not just after the damage is done.

BullWall delivers that proof. By instantly detecting and stopping unauthorized encryption, BullWall:

  • Strengthens cyber resilience against today’s most damaging threat.
  • Provides the verifiable evidence needed for compliance and regulator engagement.
  • Protects your ability to deliver essential services and safeguards your reputation.

With CAF 4.0 setting the new standard, the question isn’t whether ransomware will test your defenses—it’s whether you can stop it in time. With BullWall, the answer is yes.

About Bullwall
BullWall is a fast-growing international cybersecurity solution provider with a dedicated focus on protecting critical data during active ransomware attacks. We are the only security solution able to contain both known and unknown ransomware variants in seconds, preventing encryption and exfiltration across all data storage types.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.