BACK

Protecting workstations: How not to overblock

Protecting workstations: How not to overblockHow do cybercriminals attack workstations? They generally exploit vulnerabilities in frequently used programs or potentially dangerous features in legitimate software. There are other ways, of course, but those are the most common ploys. So, it might seem logical to restrict the use of such software. But how can you do …

  • 14 Mar 2019
3 min read
Protecting workstations: How not to overblock
How do cybercriminals attack workstations? They generally exploit vulnerabilities in frequently used programs or potentially dangerous features in legitimate software. There are other ways, of course, but those are the most common ploys. So, it might seem logical to restrict the use of such software. But how can you do that without harming business processes? Mindlessly blocking software can cause severe damage to business; you have to take into account differences in employees’ roles. Our approach was to reduce the attack surface through adaptive anomaly control with the use of machine-learning techniques. For many years, MS Office has had the dubious distinction of being top dog by number of exploited vulnerabilities. But that does not mean that the software is bad. Vulnerabilities are everywhere. It is just that cybercriminals focus more on Office than its counterparts, because it is the most widely used. Even if your company is prepared to spend money on retraining employees to use an alternative, as soon as another productivity suite gains popularity, it will knock Office off the top of the exploited software leaderboard. Some products have features that are clearly dangerous. For example, macros in that selfsame Office can be used to execute malicious code. But a blanket ban would be impractical; financial analysts and accountants need those tools in their day-to-day operations. The task is to somehow keep strict watch over such programs and intervene only when anomalous activity is detected. But there is one problem. How do you define anomalous? The essence of cybercriminal activity is to appear legitimate in the eyes of security systems. How can a cybersecurity system determine whether a message sent to an employee contains an important document with a macro or a Trojan? Did that person send a .js file for work purposes, or does the file conceal a virus? It would be possible, at least in theory, to manually analyze the work of each employee, ascertain what tools they do and do not need, and, on the basis of that information, construct a threat model and surgically block certain program features. But numerous complications arise here. First, the larger the company, the more difficult it is to build an accurate model for each employee. Second, even in a small business, manual configuration requires a great deal of time and effort on the part of administrators. And third, the process will likely have to be repeated whenever the corporate infrastructure or tools are changed. To preserve the sanity of administrators and IT security officers, the only option is to automate the process of configuring restrictions. Adaptive control We implemented the automation process in the following way: First, systems built on machine-learning principles combed our threat databases and generated standard patterns of potentially malicious activity. We then implemented pinpoint blocking of these patterns on each specific workstation. Second, we created an automatic adaptation (aka Smart) mode to analyze user activity and determine which rules can be applied and which would interfere with normal operation. It works as
Source: Kaspersky Lab official blogPublished on 2019-03-14
Blog Details
  • 14 Mar 2019

Newest Articles.

View all
  • 04 Mar 16

    Top 5 Recent Cyber-attacks/hacks and How They Could Relate to your Business.

    Read Article logo
  • 13 Mar 16

    Data leaks, how can they affect Sales and Business Integrity?

    Read Article logo
  • 20 Apr 16

    Common Cyber Security Threats Faced by Businesses and The Impacts

    Read Article logo
  • 11 May 16

    Regular Vulnerability Scans Assessments: Keeping You Safe

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.

Buy Cyber Essentials

price-popup-pattern