For example, while Windows filter drivers often have the ability to monitor system operations, very rarely can they deny system operations from occurring, or the granularity offered by such mechanisms is not fine enough to prevent simple bypass mechanisms. In the Windows world, such platform-wide mitigations are typically implemented by Microsoft themselves, as 3rd parties don’t usually have the same tools that would allow them to operate in the kernel at a level that would allow such mitigations to be implemented. However, there is a third, even more powerful solution which can be generalized: system-wide/platform security improvements that prohibit entire classes of attacks from successfully running. Such preventative measures are usually implemented by preventing the execution (or other operations) of malicious applications, or sometimes by hardening processes by using mitigations against common exploit techniques. A comprehensive Next-Generation Endpoint Protection strategy shouldn’t just be about reacting and responding to threats, but also be complemented by the ability to prevent such threats from successfully operating to begin with.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |