APEX Backup Services is designed to help you limit the impact of ransomware and get back up and running without paying a ransom. Here’s how it supports ransomware protection and recovery: 1. **Secure, point-in-time backups** APEX Backup Services automatically protects key assets that are common ransomware targets: - End-user endpoints (laptops, mobile devices, etc.) - Data center workloads such as virtual machines, NAS systems, and databases - SaaS applications like Microsoft 365, Salesforce, and Google Workspace You can define configurable backup policies and use pre-configured compliance templates to ensure the right data is backed up with appropriate retention. In the event of an attack, you can roll back to a clean, point-in-time backup from before the infection. 2. **Flexible recovery options from a single console** IT teams can perform both granular and bulk restores from one console: - Restore individual files, emails, or objects - Restore entire systems or large data sets - Recover to the original location or to an alternate location This flexibility helps you align recovery to the severity and scope of the incident. 3. **Alignment with cyber resilience best practices** APEX Backup Services supports the “protect” and “recover” functions of the NIST Cybersecurity Framework. By maintaining secure, isolated backups, it gives you a practical way to respond to and recover from ransomware without relying on attackers to provide a decryption key. 4. **Coverage for distributed and remote environments** With more employees working remotely, endpoints and SaaS apps are often the first entry points for ransomware. APEX Backup Services provides unified protection across endpoints, SaaS, and hybrid workloads, helping you close those gaps and improve overall resilience.

APEX Backup Services takes a cloud-native, zero-trust approach that addresses several limitations of traditional on‑premises backup. 1. **Immutable, isolated backups** On‑premises backup systems are usually connected to the same network as production workloads. If ransomware spreads across your environment, it can also encrypt or delete your backups. With APEX Backup Services: - Backup data is **isolated from your corporate network** and stored in the APEX Backup Services cloud platform. - Backups are **immutable** by design—ransomware cannot modify or delete them. - You don’t need to bolt on extra hardware or processes to achieve this isolation; it’s built into the service. 2. **Zero‑trust security architecture** APEX Backup Services is built around a zero‑trust model and leverages AWS’s security framework: - Data is split into blocks, deduplicated, and stored in **Amazon S3**, with metadata in **Amazon DynamoDB**, and compute handled by **Amazon EC2**. - The application layer is separated from the data layer, so access to the application does not automatically grant access to the underlying data. - Within the data layer, APEX Backup Services uses proprietary **envelope encryption**, so only the customer can access their data. 3. **Strong encryption in flight and at rest** - Data in flight to the cloud is protected using **TLS 1.2**. - Data at rest, whether on‑premises via Cloud Cache or in the cloud, is encrypted with **AES‑256**. 4. **Tight access control and admin governance** - Access is controlled and monitored using a combination of **VPN, MFA, Bastion, and auto‑expiring dynamic credentials**. - There is **no SSH access** to production nodes, reducing a common attack vector. - Administrative controls prevent end users from deleting backup data. - You can customize admin roles and restrict snapshot deletion rights to a very small number of APEX Backup Services Admins, while other admins can be created with no delete permissions. 5. **Reduced operational overhead** With on‑premises backup, your team must manage software upgrades, patching, and appliance maintenance to stay ahead of vulnerabilities—often under tight budgets. APEX Backup Services: - Is updated frequently in the background with new features and security enhancements. - Does not require you to schedule or manage upgrades. - Undergoes ongoing third‑party penetration testing (e.g., Coalfire, Bishop Fox, Cobalt.io) to identify and address vulnerabilities. 6. **Compliance and data residency** APEX Backup Services inherits AWS’s global security, compliance, and data residency controls and adds its own certifications for the cloud service. These certifications are available upon request, supporting your internal and external compliance requirements.

APEX Backup Services is built to secure your data across the full lifecycle—collection, transfer, storage, and recovery. 1. **Data protection in transit** - All data sent from your environment to the APEX Backup Services cloud is encrypted in flight using **Transport Layer Security (TLS 1.2)**. - This helps protect against interception or tampering while data moves over the network. 2. **Data protection at rest** - Data stored on‑premises via Cloud Cache and in the APEX Backup Services cloud is encrypted using **AES‑256**. - Data is broken into blocks and deduplicated, with unique blocks stored in **Amazon S3** and metadata in **Amazon DynamoDB**. - The application and data layers are separated, so access to the application does not equate to direct access to raw data. 3. **Customer‑controlled access to data** - Within the data layer, APEX Backup Services uses proprietary **envelope encryption**. - Only the customer has access to their data, which aligns with a “secure by design” philosophy and supports strict internal security policies. 4. **Zero‑trust access controls** - Access to applications is controlled using **multi‑factor authentication (MFA)** and a combination of **Bastion, VPN, MFA, and auto‑expiring dynamic credentials**. - There is **no SSH access** to production nodes, closing off a common administrative attack path. - Administrative settings prevent end users from deleting backup data, and you can tightly control which admins (ideally no more than two) can delete snapshots. 5. **Security compliance and validation** - APEX Backup Services leverages AWS’s global security, compliance, and data residency capabilities. - On top of that, APEX Backup Services maintains its own security certifications for the cloud service, which can be shared on request. - Regular third‑party penetration tests (by firms such as Coalfire, Bishop Fox, and Cobalt.io) help validate and strengthen the security posture. Together, these measures help you reimagine backup as a secure, cloud‑based control point that supports your broader cyber resilience, compliance, and business continuity strategy—especially in the face of ransomware and accidental or malicious data deletion.