For HomeFor BusinessFor Partners
Virtualization & Data Center Security
5 min read

Anti-Exploit Technology is Fundamental for Cloud Workload Security

Shaun Donaldson

April 01, 2021

Anti-Exploit Technology is Fundamental for Cloud Workload Security
  • All attacks include malicious activity, but not all attacks include writing malware to disk 
  • Anti-exploit technology prevents attackers from gaining a foothold 
  • What to look for in anti-exploit technology 

Attacks, exploits and vulnerabilities 

Any complete cloud workload security stack must feature robust anti-exploit technology for both end-user and server systems. Cloud workloads run on servers, either on-premises or in the cloud, and end-user systems access those workloadsEnd-user systems can give attackers indirect access to workload data, while servers can provide more direct access if attackers achieve a foothold.  

When trying to gain access to a Windows system, attackers exploit vulnerabilities, known or unknown (zero day). The exploits may be novel, or part of a widely used exploit kit. The vulnerabilities attackers exploit may be within the Windows operating system or applications running on the system. The vulnerable component may run in kernel or user-mode, providing different levels of privilege to the attacker. Attackers may also string together attacks to elevate privilege locally once they have gained a remote foothold on a system, or they may move laterally by attacking other systems 

File-less attacks 

Commonly, organizations believe the point of an attack is to place malware on a system. In the case of ransomware or cryptojacking, this is true, but it is not always true. In file-less attacks, the malicious activity occurs entirely in memory; no file is written to disk for traditional anti-virus solutions to detect. Instead, an attacker exploits a vulnerability then remotely runs commands on a system to either attack another system or exfiltrate sensitive data.  

Detecting the signs of a successful attack is important. Endpoint Detection and Response and Managed Detection and Response solutions do just that; look for indicators of compromise and/or attack. However, anti-exploit technology aims to detect and block attacks early in the attack cycle -- at the point when an attacker is attempting to exploit a vulnerability to gain initial access to a system.  

What to look for in anti-exploit solutions 

Part of a complete prevention and detection stack managed from a single console 

  • Point solutions have value, but tend to expand the impact of security when not included as part of a wider approach 
  • Look for a solution that encompasses multiple security techniques, from signatures to advanced machine learning and threat-hunting capabilities

Coverage of both kernel- and user-mode exploits of known and unknown vulnerabilities 

  • Detecting yesterday’s attacks is easy, preventing tomorrow’s attacks is difficult 
  • Look for a solution with advanced detection and mitigation that includes the full software stack in your environment 

Applicable across on-premises and cloud, end-user and server 

  • Adoption of hybrid-, multi-cloud has created complexity, which may lead to security costs 
  • Look for a solution that covers where your architecture is today, and will be tomorrow 

Support for Virtual Desktop Infrastructure, including full-session, terminal services hosts and Remote Desktop Protocol 

  • Work-from-home won’t end any time soon 
  • Look for a solution which with minimal impact on performance and administration 

While anti-exploit technology for Windows systems is not a panacea, it is a critical part of the security stack. Using focused, yet generic detection and mitigation techniques to prevent the abuse of common types of vulnerabilities will stop attacks before a foothold is gained. Attackers will continue to discover and exploit vulnerabilities in Windows systems, and the popular applications they run 

Bringing it all together 

Hybrid-, multi-cloud environments give organizations tremendous flexibility in furthering business goals, but they also introduce complexity for security teams. Even after a zero-day vulnerability is exposed, teams struggle to quickly patch systems, especially servers. Security teams struggle to update controls while vendors attempt to identify new exploits and variants. This is where strong anti-exploit capabilities fill in the gaps by detecting and mitigating exploit attempts, stopping attacks from succeeding in the early stages of an attack.  

Bitdefender GravityZone provides enhanced anti-exploit for Windows capabilities. Learn more and get your free trial here: https://www.bitdefender.com/business/enterprise-products/virtualization-security.html 

tags

Virtualization & Data Center Security

Author

Shaun Donaldson

Shaun Donaldson

Shaun Donaldson is Editor-at-large at Bitdefender Enterprise. Shaun is also responsible for supporting relationships with strategic alliance partners and large enterprise customers, and analyst relations. Before joining Bitdefender, Mr. Donaldson was involved in various technology alliances, enterprise sales and marketing positions within the IT security industry, including Trend Micro, Entrust, Bell Security Solutions and Third Brigade.

View all posts

Right now Top posts

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again
Ransomware Threat Research Threat Intelligence

ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again

November 13, 2024

Bitdefender Threat Debrief | November 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | November 2024

November 07, 2024

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Enterprise Security Endpoint Protection & Management

Empowering MSP Workflows: Bitdefender’s New ConnectWise PSA Integration Update
Bitdefender Enterprise

November 21, 2024

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Enterprise Security Endpoint Detection and Response

Security Advisory: Adversaries Abuse Microsoft Teams and Quick Assist
Jade Brown and Nikki Salas

November 20, 2024

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Enterprise Security Endpoint Protection & Management Endpoint Detection and Response

Balancing User Experience with Security: A New Frontier for CISOs in Minimizing Business Risk Exposure
Daniel Daraban

November 19, 2024

Bookmarks

loader