Can you help me figure out what Microsoft's Enhanced Mitigation Experience Toolkit is, and when our security team...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
could benefit from using it?
System administrators have become well practiced in the art of hardening their operating systems and this has pushed attackers toward targeting the applications running on those systems instead. The role of mitigation technologies is to make it difficult for an attacker to exploit vulnerabilities in a given piece of software. This is why they are becoming important in the battle to keep systems secure, particularly from zero-day vulnerabilities like we've seen recently in Adobe Acrobat and Adobe Reader.<
Microsoft is helping Windows-based users in this battle by providing the Enhanced Mitigation Experience Toolkit (EMET). This free utility allows system administrators to deploy the latest security mitigation technologies available to Windows 7 users to any system running earlier versions of Windows and older applications that don't necessarily support them.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented. EMET can help manage the risks during this period by blocking attacks that exploit attack vectors such as buffer overflows and memory corruption, common in many older systems. Also, to avoid recompiling in-house or custom-built applications so that they make use of mitigation technologies, such as Data Execution Prevention (DEP), or the application source code is not available, EMET can force applications to make use of them without recompilation.
It is best practice to thoroughly test how EMET affects your particular systems and applications to see whether you can benefit from using it before rolling it out to a production environment. For example, virtual machines don't support DEP, but this option will still show as being available in the EMET GUI and some security settings may break certain applications. There is a helpful video about EMET on Microsoft's TechNet site that will help you decide whether it's right for your situation. Microsoft's intention is to add new mitigation technologies as they become available, so even if it doesn't meet your specific needs now; it is worth keeping an eye on future releases to see if they can be of any benefit.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to ...continue reading
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.