Can you help me figure out what Microsoft's Enhanced Mitigation Experience Toolkit is, and when our security team...
could benefit from using it?
System administrators have become well practiced in the art of hardening their operating systems and this has pushed attackers toward targeting the applications running on those systems instead. The role of mitigation technologies is to make it difficult for an attacker to exploit vulnerabilities in a given piece of software. This is why they are becoming important in the battle to keep systems secure, particularly from zero-day vulnerabilities like we've seen recently in Adobe Acrobat and Adobe Reader.<
Microsoft is helping Windows-based users in this battle by providing the Enhanced Mitigation Experience Toolkit (EMET). This free utility allows system administrators to deploy the latest security mitigation technologies available to Windows 7 users to any system running earlier versions of Windows and older applications that don't necessarily support them.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented. EMET can help manage the risks during this period by blocking attacks that exploit attack vectors such as buffer overflows and memory corruption, common in many older systems. Also, to avoid recompiling in-house or custom-built applications so that they make use of mitigation technologies, such as Data Execution Prevention (DEP), or the application source code is not available, EMET can force applications to make use of them without recompilation.
It is best practice to thoroughly test how EMET affects your particular systems and applications to see whether you can benefit from using it before rolling it out to a production environment. For example, virtual machines don't support DEP, but this option will still show as being available in the EMET GUI and some security settings may break certain applications. There is a helpful video about EMET on Microsoft's TechNet site that will help you decide whether it's right for your situation. Microsoft's intention is to add new mitigation technologies as they become available, so even if it doesn't meet your specific needs now; it is worth keeping an eye on future releases to see if they can be of any benefit.
Dig Deeper on Windows Security: Alerts, Updates and Best Practices
Related Q&A from Michael Cobb
Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to ...continue reading
A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can ...continue reading
Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.