Built for teams protecting critical infrastructure
The Problem
Your "Immutable" Backups Aren't
94% of ransomware attacks now target backup infrastructure. When attackers steal administrator credentials (which happens in 78% of human-operated ransomware campaigns), they delete backups before encrypting production data.
Every "immutable" backup solution on the market relies on software policies that administrators can override. S3 Governance Mode can be bypassed by root. Veeam immutable repositories can be cleared by local admin. Rubrik's protection requires support tickets, not physics.
of ransomware attacks target backups
involve compromised admin credentials
average cost per ransomware attack
The Solution
Physics, Not Policy
Gatekeeper uses Verifiable Delay Functions (VDFs), cryptographic computations that require a precise amount of sequential time to complete. A 7-day deletion delay means the VDF must compute for 168 hours before releasing the deletion token. No parallelization helps. No additional computing power helps. Mathematics enforces the delay.
Instant
Read operations execute immediately. Recovery is never delayed. When ransomware strikes, you can begin restoration within seconds.
7 Days Minimum
Delete operations trigger VDF computation and multi-party approval. Attackers cannot afford to wait. You have time to detect and respond.
How It Works
Three Steps to Ransomware Immunity
Deploy in Your AWS Account
Launch our CloudFormation template. Gatekeeper creates protected S3 buckets with Object Lock, deploys enforcement Lambda functions, and configures DynamoDB for immutable audit logging. Your data stays in your account. Deployment takes 2-4 weeks.
Connect Your Backup Software
Point your existing backup solution at Gatekeeper-protected S3 storage. No agent installation. No backup process changes. Your backups write normally; Gatekeeper protects them automatically. Native connectors for Veeam, Commvault, and Rubrik are coming soon.
Physics-Enforced Protection
Any delete request triggers a 7-day waiting period enforced by VDF computation, plus multi-party approval from designated keyholders. Recovery remains instant. Ransomware attackers cannot wait 7 days without detection.
Features
Enterprise-Grade Protection
VDF-Enforced Time Locks
Verifiable Delay Functions create a cryptographic hourglass. Computing the deletion proof takes precisely 7 days of sequential computation. No shortcut exists.
Bifurcated Access Architecture
Read operations execute instantly; recovery is never delayed. Delete operations are time-locked. This asymmetry defeats ransomware because attackers need immediate backup destruction.
Multi-Party Approval
Deletion requires approval from multiple designated keyholders (configurable as M-of-N). No single administrator can authorize permanent data destruction.
Cryptographic Audit Trail
Every operation generates an immutable audit event linked by cryptographic hash chain. Tamper with one entry and the chain breaks detectably.
Break-Glass Emergency Access
Critical situations require emergency override capability. Gatekeeper uses Shamir secret sharing (2-of-3) held by designated executives.
Instant Recovery Path
Recovery from backup is instantaneous. No time-lock on read operations. No approval required to restore data. Begin recovery immediately.
Compliance-Ready Architecture
Pre-mapped controls for SOC 2 Type II, ISO 27001, NIST 800-53, HIPAA, PCI-DSS 4.0, DORA, and NIS2 are on the roadmap.
Seamless Integration
Native connectors for Veeam, Commvault, Rubrik, Cohesity, and AWS Backup are on the roadmap. Currently supports any S3-compatible backup target.
Comparison
Policy v. Physics
| Aspect | Software-Based "Immutable" | Gatekeeper Physics-Based |
|---|---|---|
| Root credential bypass | Vulnerable | Impossible |
| Time enforcement | Policy-dependent | Cryptographic |
| Insider threat protection | Admin can override | Multi-party required |
| Support ticket bypass | Social engineering risk | No external override |
| Audit integrity | Logs can be modified | Hash chain verification |
| Compliance proof | Documentation only | Mathematical evidence |
Pricing
Simple, Transparent Pricing
Start with a 30-day free trial. Cancel anytime during the trial at no cost.
Lite Starter
For small teams getting started
10TB included
- VDF-enforced deletion delays
- Multi-party approval (2-of-N)
- Cryptographic audit trail
- S3 Object Lock integration
- Email notifications
30-day free trial
What Security Leaders Say
Trusted by CISOs
"After a ransomware attack encrypted our production environment, we discovered the attackers had also compromised our backup admin credentials. With Gatekeeper, the deletion requests were stuck in time-lock. We recovered within hours instead of paying millions."
(CISO, Healthcare Organization)
"Every vendor told me their backups were immutable. None could explain what happens when an attacker has root. Gatekeeper is the first solution that gave me a physics-based answer instead of a policy-based hope."
(VP of Security, Financial Services)
"Our cyber insurance carrier mandated improved backup protection. Gatekeeper's VDF enforcement and audit trail satisfied their requirements and reduced our premium by 15%."
(IT Director, Manufacturing)
FAQ
Common Questions
About
Built by Security Engineers
Gatekeeper was founded on a simple observation: 94% of ransomware attacks target backups, yet existing solutions rely on policies that attackers can disable. We built the first backup protection system where deletion delays are enforced by mathematics and physics, not configuration files.
Based in Cyprus. Backed by leading security investors. SOC 2 Type II certification in progress.