Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
What will cybersecurity software look like in the future, say 10-30 years from now?
Message
<blockquote data-quote="ForgottenSeer 95367" data-source="post: 1005480"><p>You cite the very reason that Microsoft created SRP and how security policymakers recommend it to be used; when the attack context is not known, then it is common sense and expedient to block by default, even blocking globally. Back then Microsoft stated it was not possible to intercept it all, analyze it all, classify it all in order to separate benign from malicious actions. Breakages will happen, they are few and far between and easily fixed with allow exceptions. Other security policymakers within the IT security industry embraced these simple concepts. They showed enterprises how default-deny as a matter of course is one of the best protection models, and the rest is history. SRP was widely adopted and now is a part of the enterprise security paradigm in all of its forms.</p><p></p><p></p><p>Emsisoft incorporated this type of context-based security in its behavior blocker back during its Mamutu era. If an admin entered a script within a console or executed it from a script file, then it would not be blocked. If the same script were launched by a suspicious or known malicious process, then it would be blocked. This is on top of the behavior blocker parsing the command line, analyzing it, and blocking it if the admin did not know they were executing a malicious script.</p><p></p><p>Context, within your meaning of the word, has been used by all the security software vendors for well over a decade. Solving this problem:</p><p></p><p>1. Malware uses PowerShell</p><p>2. Your utility to tweak Microsoft Defender uses PowerShell</p><p></p><p>primarily improves usability, albeit marginally. It also improves security if it takes decision-making away from the user, based upon the presumption that the contextual analysis is correct.</p><p></p><p></p><p>"Zero Trust" is a protection model that assumes the network segment and everything connected to it is always at risk to internal and external threats. It is a protection strategy that has nothing to do with whether or not a security software uses context within your meaning of that word.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 95367, post: 1005480"] You cite the very reason that Microsoft created SRP and how security policymakers recommend it to be used; when the attack context is not known, then it is common sense and expedient to block by default, even blocking globally. Back then Microsoft stated it was not possible to intercept it all, analyze it all, classify it all in order to separate benign from malicious actions. Breakages will happen, they are few and far between and easily fixed with allow exceptions. Other security policymakers within the IT security industry embraced these simple concepts. They showed enterprises how default-deny as a matter of course is one of the best protection models, and the rest is history. SRP was widely adopted and now is a part of the enterprise security paradigm in all of its forms. Emsisoft incorporated this type of context-based security in its behavior blocker back during its Mamutu era. If an admin entered a script within a console or executed it from a script file, then it would not be blocked. If the same script were launched by a suspicious or known malicious process, then it would be blocked. This is on top of the behavior blocker parsing the command line, analyzing it, and blocking it if the admin did not know they were executing a malicious script. Context, within your meaning of the word, has been used by all the security software vendors for well over a decade. Solving this problem: 1. Malware uses PowerShell 2. Your utility to tweak Microsoft Defender uses PowerShell primarily improves usability, albeit marginally. It also improves security if it takes decision-making away from the user, based upon the presumption that the contextual analysis is correct. "Zero Trust" is a protection model that assumes the network segment and everything connected to it is always at risk to internal and external threats. It is a protection strategy that has nothing to do with whether or not a security software uses context within your meaning of that word. [/QUOTE]
Insert quotes…
Verification
Post reply
Top