Comprehensive software reviews to make better IT decisions
Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection
Microsoft unveiled the addition of its Windows 10 Tamper Protection controls for enterprise users of Microsoft Defender back in 2019. As of February 20, 2020, Microsoft has added the controls to the public version as well. Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.The increasing sophistication of cyberattacks against corporate networks is a constant source of tension for businesses. The cost of an average cyberbreach in 2019, according to IBM, was $8.19 million per incident, up from $3.54 million in 2006. This is in addition to reputational damage and breaches of trust, which further erode business value and confidence. “One thing I often see is the somewhat sophisticated criminal groups are starting to use the aftermath of breaches to do even more targeted social engineering or phishing attacks at scale. It’s not just the fact that a breach occurred; it’s that all of our company’s data is somehow in there,” said Paul Gigliardi, CISO for SecurityScorecard.
During a cyberattack, an attacker will often try to disable security features, antivirus protection and administrative controls. The purpose is to pave the way for easier access to your data. Tamper Protection helps to prevent:
- Disabling virus threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling antivirus
- Disabling cloud-delivered protection
- Removing security intelligence updates
The program gives a better overview of the machines that have Tamper Protection turned on and the ability to make remote changes on those connected devices. It provides real-time data to investigate the corporate network for the signs of an attack. Additionally, it allows administrators to examine file footprints, even their history in the past six months, within the organization and provide real-time actions and suggestions. Tamper Protection will automatically block or resist any attempts to change Windows Defenders settings or security settings, subverting the built-in protection. “This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature,” says Shweta Jha from the Microsoft Defender team.
Securing all endpoints is organizations’ top priority. Windows Defender Tamper Protection differentiates itself in the space because you can see what is happening on every endpoint across the network. If any Windows Security settings are changed, whether by an employee or by an external threat actor, Tamper Protection will immediately issue an alert on Windows Defer Security Center. This allows administrators to isolate and examine each issue on a case-by-case basis. Administrators can then examine which machines on a network are vulnerable and what preventative measures need to be taken. By using the Tamper Prevention features, security teams have a proactive tool in place that will provide immediate, rather than ad hoc, feedback.
Enterprises should consider adopting this new threat protection tool of Windows 10. The benefits of having a program that actively seeks changes in the Windows Defender files helps to secure not only the individual access points but also the entire network. More importantly, the Tamper Prevention tool can also help to improve the tracking of insider and external threats. External operators’ attempts to alter Windows Security protocols are transparent to your security team. More importantly, you can also detect insider threats to your industry. These threats come in the form of malicious insiders, accidental insiders, and negligent insider threats. To find out more about these types of threat vectors, and how to better prepare your organization, check out Info-Tech’s blueprint, Reduce and Manage Your Organization’s Insider Threats Risk.
Want to Know More?
Have you ever thought of what else you could do to take your security operations center (SOC) to the next level and focus on prevention? Look no further – external attack surface management (EASM) was a popular managed service and topic of discussion at Rivest–Shamir–Adleman (RSA) Conference 2023, named after a popular public-key cryptosystem.
By exploiting a five-year-old configuration error, a hacker was able to access Amazon’s S3 cloud storage buckets on which Twilio’s code was loaded. As a result, customers were able to unknowingly download the modified code for twenty-four hours.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
Remote Work Landscape Pushes Microsoft to Releases Endpoint DLP and Double Key Encryption Features for Added Data Security
Microsoft recently previewed the specific features to tackle data security and risk management for end users with Microsoft Endpoint Data Loss Prevention (DLP) and Double Key Encryption. The reason for the launch? The increasing shift towards a remote work environment and a need to mitigate the accompanying risks.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
To bolster and broaden its data privacy capabilities for end users, cyber and data protection vendor Acronis has acquired DLP player DeviceLock. The acquisition aligns with the increasingly prevalent role that data privacy plays in cybersecurity.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
Navigating the vendor risk management space, particularly in the current environment that consists of a mix of cloud, managed services, and critical supply chain, is key to ensuring that you don’t inadvertently introduce new risks through this dynamic channel.