Folder Encryption / End-to-End encryption Software Recommendations

a data breach may be,
ransomware no; Any ransomware can encrypt on top make your file unreadable.

with zero trust methodology, credential is the first guard.
any 3rdparty encryption will means you stuck with them until you decrypted.
key word is End-to-End encryption software. And I found a few of them like
Atakama https://www.atakama.com/enterprise-file-encryption-software
Winmagic https://www.winmagic.com/products/securedoc-file-encryption-sfe

Being a Microsoft guy, I will recommend using Microsoft information protection but again,is another piece of software you need to deploy


Best defends you gonna have is to monitor your log and react faster, instead of thinking you can implement a bullet proof solutions. Credential compromised should be the last thing to happen.

Agree -  End-to-End encryption is the keyword in my question. Does anyone else have input to my question.
Thanks 

Your approach makes no sense. Cause ransomware encrypts every file with their own keys. Thus an encrypted file or folder in your security model will be also encrypted. Thus it will be lost also.

additional security in case Domain Credentials were compromised.

Their is only one solution: MFA and credential changes in the case of incidents.

MFA means real MFA, thus credentials (knowledge) + inheritance (iris, fingerprint) + possession (separate hardware token).

Only the usage of all three give the wanted security. Caveat: no MFA must use a mobile. A mobile is to easy to pwn.

Unsure exactly what problem you're trying to fix.

1) If you secure your conversations with TLS certs, then the conversations are encrypted.

2) If you actually encrypt the data, then you'll have to do key management, so since everyone must have a key... and keys will be laying around every where... this is usually just complexity with no security improvement.

3) As @Jian mentioned... said differently... if you can do an ls/dir on a directory with Windows running... then Ransomware can potentially encrypt the data.

Suggestion: Describe the actual problem you're trying to solve + likely many people can provide potential solution approaches.

I re-emprises my question is NOT on the damage that is caused by ransomware or other, but protecting an organization from data dumps if an bad actor was able to gain access

David does make a good point on encryption keys and how to protect. Folder Encryption / end to end encryption  Software marketing makes it sound like it solves the problem of Data Dumps / Data  Leakage  but does it ???

In the corporate environment, why not use the EFS? This can be used along with BitLocker and you can restrict who can have access to the files and folder which are encrypted using EFS.

Thanks,
Sudeep

Thanks, Jian -- you have certainly given serious thought to my question of how to protect data at rest - (against data leakage/data dumps) Being a smaller manufacturing company with limited resources  -- Microsoft Information protection is probably not a fit. Do you have any recommendations beyond what you have already recommended?
Thanks