Comprehensive software reviews to make better IT decisions
Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection
Microsoft unveiled the addition of its Windows 10 Tamper Protection controls for enterprise users of Microsoft Defender back in 2019. As of February 20, 2020, Microsoft has added the controls to the public version as well. Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.The increasing sophistication of cyberattacks against corporate networks is a constant source of tension for businesses. The cost of an average cyberbreach in 2019, according to IBM, was $8.19 million per incident, up from $3.54 million in 2006. This is in addition to reputational damage and breaches of trust, which further erode business value and confidence. “One thing I often see is the somewhat sophisticated criminal groups are starting to use the aftermath of breaches to do even more targeted social engineering or phishing attacks at scale. It’s not just the fact that a breach occurred; it’s that all of our company’s data is somehow in there,” said Paul Gigliardi, CISO for SecurityScorecard.
During a cyberattack, an attacker will often try to disable security features, antivirus protection and administrative controls. The purpose is to pave the way for easier access to your data. Tamper Protection helps to prevent:
- Disabling virus threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling antivirus
- Disabling cloud-delivered protection
- Removing security intelligence updates
The program gives a better overview of the machines that have Tamper Protection turned on and the ability to make remote changes on those connected devices. It provides real-time data to investigate the corporate network for the signs of an attack. Additionally, it allows administrators to examine file footprints, even their history in the past six months, within the organization and provide real-time actions and suggestions. Tamper Protection will automatically block or resist any attempts to change Windows Defenders settings or security settings, subverting the built-in protection. “This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature,” says Shweta Jha from the Microsoft Defender team.
Securing all endpoints is organizations’ top priority. Windows Defender Tamper Protection differentiates itself in the space because you can see what is happening on every endpoint across the network. If any Windows Security settings are changed, whether by an employee or by an external threat actor, Tamper Protection will immediately issue an alert on Windows Defer Security Center. This allows administrators to isolate and examine each issue on a case-by-case basis. Administrators can then examine which machines on a network are vulnerable and what preventative measures need to be taken. By using the Tamper Prevention features, security teams have a proactive tool in place that will provide immediate, rather than ad hoc, feedback.
Enterprises should consider adopting this new threat protection tool of Windows 10. The benefits of having a program that actively seeks changes in the Windows Defender files helps to secure not only the individual access points but also the entire network. More importantly, the Tamper Prevention tool can also help to improve the tracking of insider and external threats. External operators’ attempts to alter Windows Security protocols are transparent to your security team. More importantly, you can also detect insider threats to your industry. These threats come in the form of malicious insiders, accidental insiders, and negligent insider threats. To find out more about these types of threat vectors, and how to better prepare your organization, check out Info-Tech’s blueprint, Reduce and Manage Your Organization’s Insider Threats Risk.
Want to Know More?
The Department of Justice is looking to acquire a GRC tool for the Office of the CIO within the FBI’s Enterprise Information Security Section.
Google has identified “unsafe” code in the Chromium web browser engine. This flaw introduces a potential vulnerability that effects Google Chrome, as well as all Chromium-based web browsers.
The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor report, reviewing key software solution vendors within the space. This year’s report highlighted the recent addition of Data Subject Request (DSR) to the feature categories.
Among the full set of features available in Zecurion’s new DLP product is the ability to perform user behavior analytics to help spot data loss events before they occur.
Zecurion has one of the most robust DLP products on the market and this fact was recently recognized by SC Magazine, who placed the product in its “pick-of-the-litter" category for DLP.
In early March, Titus released Titus Illuminate 2020, which was the company’s answer to the question of analyzing data at rest. This latest version of Illuminate leverages machine learning and AI in an effort to manage data that contains potentially sensitive or high-risk personal information.
More than ever, cybersecurity solutions are core to any MSPs offering. No longer should technology service providers be farming this out to dedicated security providers. Trust and peace of mind are the core tenets of what they are selling and solutions like Acronis Cyber Protect Cloud can provide the platform upon which to deliver on those promises.
PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.