Can you help me figure out what Microsoft's Enhanced Mitigation Experience Toolkit is, and when our security team could benefit from using it?
System administrators have become well practiced in the art of hardening their operating systems and this has pushed attackers toward targeting the applications running on those systems instead. The role of mitigation technologies is to make it difficult for an attacker to exploit vulnerabilities in a given piece of software. This is why they are becoming important in the battle to keep systems secure, particularly from zero-day vulnerabilities like we've seen recently in Adobe Acrobat and Adobe Reader.<
Microsoft is helping Windows-based users in this battle by providing the Enhanced Mitigation Experience Toolkit (EMET). This free utility allows system administrators to deploy the latest security mitigation technologies available to Windows 7 users to any system running earlier versions of Windows and older applications that don't necessarily support them.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented.
EMET can be a huge benefit to an enterprise security team if it is in the position of having to support legacy or older systems, both for the foreseeable future or until an upgrade path is agreed and implemented. EMET can help manage the risks during this period by blocking attacks that exploit attack vectors such as buffer overflows and memory corruption, common in many older systems. Also, to avoid recompiling in-house or custom-built applications so that they make use of mitigation technologies, such as Data Execution Prevention (DEP), or the application source code is not available, EMET can force applications to make use of them without recompilation.
It is best practice to thoroughly test how EMET affects your particular systems and applications to see whether you can benefit from using it before rolling it out to a production environment. For example, virtual machines don't support DEP, but this option will still show as being available in the EMET GUI and some security settings may break certain applications. There is a helpful video about EMET on Microsoft's TechNet site that will help you decide whether it's right for your situation. Microsoft's intention is to add new mitigation technologies as they become available, so even if it doesn't meet your specific needs now; it is worth keeping an eye on future releases to see if they can be of any benefit.
Dig Deeper on Microsoft Windows security
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading