Can you help me figure out what Microsoft's Enhanced Mitigation Experience Toolkit is, and when our security team...
could benefit from using it?
System administrators have become well practiced in the art of hardening their operating systems and this has pushed attackers toward targeting the applications running on those systems instead. The role of mitigation technologies is to make it difficult for an attacker to exploit vulnerabilities in a given piece of software. This is why they are becoming important in the battle to keep systems secure, particularly from zero-day vulnerabilities like we've seen recently in Adobe Acrobat and Adobe Reader.<
Microsoft is helping Windows-based users in this battle by providing the Enhanced Mitigation Experience Toolkit (EMET). This free utility allows system administrators to deploy the latest security mitigation technologies available to Windows 7 users to any system running earlier versions of Windows and older applications that don't necessarily support them.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented. EMET can help manage the risks during this period by blocking attacks that exploit attack vectors such as buffer overflows and memory corruption, common in many older systems. Also, to avoid recompiling in-house or custom-built applications so that they make use of mitigation technologies, such as Data Execution Prevention (DEP), or the application source code is not available, EMET can force applications to make use of them without recompilation.
It is best practice to thoroughly test how EMET affects your particular systems and applications to see whether you can benefit from using it before rolling it out to a production environment. For example, virtual machines don't support DEP, but this option will still show as being available in the EMET GUI and some security settings may break certain applications. There is a helpful video about EMET on Microsoft's TechNet site that will help you decide whether it's right for your situation. Microsoft's intention is to add new mitigation technologies as they become available, so even if it doesn't meet your specific needs now; it is worth keeping an eye on future releases to see if they can be of any benefit.
Dig Deeper on Microsoft Windows security
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.