Comprehensive Software Reviews to make better IT decisions
Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection
Microsoft unveiled the addition of its Windows 10 Tamper Protection controls for enterprise users of Microsoft Defender back in 2019. As of February 20, 2020, Microsoft has added the controls to the public version as well. Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.The increasing sophistication of cyberattacks against corporate networks is a constant source of tension for businesses. The cost of an average cyberbreach in 2019, according to IBM, was $8.19 million per incident, up from $3.54 million in 2006. This is in addition to reputational damage and breaches of trust, which further erode business value and confidence. “One thing I often see is the somewhat sophisticated criminal groups are starting to use the aftermath of breaches to do even more targeted social engineering or phishing attacks at scale. It’s not just the fact that a breach occurred; it’s that all of our company’s data is somehow in there,” said Paul Gigliardi, CISO for SecurityScorecard.
During a cyberattack, an attacker will often try to disable security features, antivirus protection and administrative controls. The purpose is to pave the way for easier access to your data. Tamper Protection helps to prevent:
- Disabling virus threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling antivirus
- Disabling cloud-delivered protection
- Removing security intelligence updates
The program gives a better overview of the machines that have Tamper Protection turned on and the ability to make remote changes on those connected devices. It provides real-time data to investigate the corporate network for the signs of an attack. Additionally, it allows administrators to examine file footprints, even their history in the past six months, within the organization and provide real-time actions and suggestions. Tamper Protection will automatically block or resist any attempts to change Windows Defenders settings or security settings, subverting the built-in protection. “This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature,” says Shweta Jha from the Microsoft Defender team.
Securing all endpoints is organizations’ top priority. Windows Defender Tamper Protection differentiates itself in the space because you can see what is happening on every endpoint across the network. If any Windows Security settings are changed, whether by an employee or by an external threat actor, Tamper Protection will immediately issue an alert on Windows Defer Security Center. This allows administrators to isolate and examine each issue on a case-by-case basis. Administrators can then examine which machines on a network are vulnerable and what preventative measures need to be taken. By using the Tamper Prevention features, security teams have a proactive tool in place that will provide immediate, rather than ad hoc, feedback.
Enterprises should consider adopting this new threat protection tool of Windows 10. The benefits of having a program that actively seeks changes in the Windows Defender files helps to secure not only the individual access points but also the entire network. More importantly, the Tamper Prevention tool can also help to improve the tracking of insider and external threats. External operators’ attempts to alter Windows Security protocols are transparent to your security team. More importantly, you can also detect insider threats to your industry. These threats come in the form of malicious insiders, accidental insiders, and negligent insider threats. To find out more about these types of threat vectors, and how to better prepare your organization, check out Info-Tech’s blueprint, Reduce and Manage Your Organization’s Insider Threats Risk.
Want to Know More?
Since its acquisition of Rsam in 2019, Galvanize (formerly ACL) has maintained its high-quality delivery of cloud-based security, risk management, compliance, and audit software. Recognized as one of Canada’s Best Managed Companies, Galvanize’s comprehensive product offerings have not gone unnoticed.
GTB Technologies has been recognized as “Best Data Loss Prevention Solutions Provider for 2020.” With organizations addressing digital transformation and a growing remote workforce, the risk of data breaches is increased from both insider and outsider perspectives.
SC Media had its recent 2020 SC Awards Honored in the U.S. event and has awarded Qualys recognition for Best Vulnerability Management Solution in the “Trust Awards” category.
RSA Archer, a leader in the governance, risk, and compliance space has been acquired by Symphony Technology Group, based in Palo Alto, California. Symphony, a private equity firm, has investments in a cross section of companies in the analytics space, HR and recruitment, and supply chain among many others.
Qualys announced its new flagship product, Qualys VMDR, at RSA Conference 2020. According to the Qualys website, VMDR will be available after March 30, 2020.
There is a vulnerability at the layer 2 Wi-Fi encryption level called Kr00k (formally CVE-2019-15126 in the NIST National Vulnerability Database) affecting Broadcom and Cypress Semiconductor Wi-Fi devices.
Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.
Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.
Startup security vendor SECURITI.ai wins RSAC “Most Innovative Startup” at the RSA Conference 2020 Innovation Sandbox Contest.