Can you help me figure out what Microsoft's Enhanced Mitigation Experience Toolkit is, and when our security team...
could benefit from using it?
System administrators have become well practiced in the art of hardening their operating systems and this has pushed attackers toward targeting the applications running on those systems instead. The role of mitigation technologies is to make it difficult for an attacker to exploit vulnerabilities in a given piece of software. This is why they are becoming important in the battle to keep systems secure, particularly from zero-day vulnerabilities like we've seen recently in Adobe Acrobat and Adobe Reader.<
Microsoft is helping Windows-based users in this battle by providing the Enhanced Mitigation Experience Toolkit (EMET). This free utility allows system administrators to deploy the latest security mitigation technologies available to Windows 7 users to any system running earlier versions of Windows and older applications that don't necessarily support them.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented. EMET can help manage the risks during this period by blocking attacks that exploit attack vectors such as buffer overflows and memory corruption, common in many older systems. Also, to avoid recompiling in-house or custom-built applications so that they make use of mitigation technologies, such as Data Execution Prevention (DEP), or the application source code is not available, EMET can force applications to make use of them without recompilation.
It is best practice to thoroughly test how EMET affects your particular systems and applications to see whether you can benefit from using it before rolling it out to a production environment. For example, virtual machines don't support DEP, but this option will still show as being available in the EMET GUI and some security settings may break certain applications. There is a helpful video about EMET on Microsoft's TechNet site that will help you decide whether it's right for your situation. Microsoft's intention is to add new mitigation technologies as they become available, so even if it doesn't meet your specific needs now; it is worth keeping an eye on future releases to see if they can be of any benefit.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
Oracle has moved from using a modified version of CVSS v2.0 to CVSS v3.0. Expert Michael Cobb explains criticism of the old version, and the changes ...continue reading
QuickTime for Windows was found to have two zero-day vulnerabilities, and was then suddenly moved to end of life by Apple. Expert Michael Cobb ...continue reading
Google's second Android Security Report revealed changes and upgrades made to the OS. Expert Michael Cobb covers the important takeaways for ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.