Any complete cloud workload security stack must feature robust anti-exploit technology for both end-user and server systems. Cloud workloads run on servers, either on-premises or in the cloud, and end-user systems access those workloads. End-user systems can give attackers indirect access to workload data, while servers can provide more direct access if attackers achieve a foothold.
When trying to gain access to a Windows system, attackers exploit vulnerabilities, known or unknown (zero day). The exploits may be novel, or part of a widely used exploit kit. The vulnerabilities attackers exploit may be within the Windows operating system or applications running on the system. The vulnerable component may run in kernel or user-mode, providing different levels of privilege to the attacker. Attackers may also string together attacks to elevate privilege locally once they have gained a remote foothold on a system, or they may move laterally by attacking other systems.
Commonly, organizations believe the point of an attack is to place malware on a system. In the case of ransomware or cryptojacking, this is true, but it is not always true. In file-less attacks, the malicious activity occurs entirely in memory; no file is written to disk for traditional anti-virus solutions to detect. Instead, an attacker exploits a vulnerability then remotely runs commands on a system to either attack another system or exfiltrate sensitive data.
Detecting the signs of a successful attack is important. Endpoint Detection and Response and Managed Detection and Response solutions do just that; look for indicators of compromise and/or attack. However, anti-exploit technology aims to detect and block attacks early in the attack cycle -- at the point when an attacker is attempting to exploit a vulnerability to gain initial access to a system.
Part of a complete prevention and detection stack managed from a single console
Coverage of both kernel- and user-mode exploits of known and unknown vulnerabilities
Applicable across on-premises and cloud, end-user and server
Support for Virtual Desktop Infrastructure, including full-session, terminal services hosts and Remote Desktop Protocol
While anti-exploit technology for Windows systems is not a panacea, it is a critical part of the security stack. Using focused, yet generic detection and mitigation techniques to prevent the abuse of common types of vulnerabilities will stop attacks before a foothold is gained. Attackers will continue to discover and exploit vulnerabilities in Windows systems, and the popular applications they run.
Hybrid-, multi-cloud environments give organizations tremendous flexibility in furthering business goals, but they also introduce complexity for security teams. Even after a zero-day vulnerability is exposed, teams struggle to quickly patch systems, especially servers. Security teams struggle to update controls while vendors attempt to identify new exploits and variants. This is where strong anti-exploit capabilities fill in the gaps by detecting and mitigating exploit attempts, stopping attacks from succeeding in the early stages of an attack.
Bitdefender GravityZone provides enhanced anti-exploit for Windows capabilities. Learn more and get your free trial here: https://www.bitdefender.com/business/enterprise-products/virtualization-security.html
tags
Shaun Donaldson is Editor-at-large at Bitdefender Enterprise. Shaun is also responsible for supporting relationships with strategic alliance partners and large enterprise customers, and analyst relations. Before joining Bitdefender, Mr. Donaldson was involved in various technology alliances, enterprise sales and marketing positions within the IT security industry, including Trend Micro, Entrust, Bell Security Solutions and Third Brigade.
View all postsDon’t miss out on exclusive content and exciting announcements!