I'm not sure what to think of this, we need more in depth statistics before we can make such conclusions. My general impression is that the most advanced security tools, who use a combination of isolation, AV/AE and behavioral monitoring, should be hard to bypass for even the most advanced malware.
Indeed, tight SRP is the key, lock the workstation from being modified by 3rd parties (users, scripts, etc.. ) and most of the issues are gone. Add virtualization underneath , and an infected stations would be restored to a clean slate in seconds. Btw, the authors lacks knowledge about current solutions/procedures. This is usual coming from Betanews, they are mostly average users writing for average users.
Well yes, the human factor will always be a problem, but if you really lock things down, then it should protect even against human error, in most cases. I also never read about which security tools were employed during successful attacks. Standard AV is indeed not going to save you, we all know that.
My experience in examining Windows installations in ex corporate laptops I've purchased over the years is that most corporations don't secure their windows installations any better than the average home user. In checking to see what common group policy security tweaks were applied, I generally found none whatsoever. LUAs were non existent, all users had full administrative access, neither srp nor applocker were implemented. The most common AV was Microsoft Endpoint Protection which is just an enterprise version of MSE. No encryption and full access to the corporate VPN were common and any local passwords were easily removed by booting to a USB stick. Not a lot of work for a potential hacker there and exploits and malware installation was only a click away. None of the built in security tools that come with enterprise versions of Windows were used.
Many admins in companies have no clues in security, they are just repair guys with network deployment knowledge... they rather buy a endpoint suite, install it by default and job done.
Re: 6 signs enterprise security is getting better. Unfortunately, complacency dictates that it (ransomware, etc) has to hit you where you live before you hustle to get your security improved. But this is encouraging.
Nothing wrong with it but it is insufficient in itself and Windows has lots of security features for sysadmins that should be implemented. Spending a half hour with the group policy editor setting up SRP, Login and USB access rules will do a lot more to secure the system. So would forcing all users on the network to use limited accounts and only allowing sysadmins to install software. And installing emet on all network clients would be a good idea too. It just takes one compromised host on the LAN to allow a hacker to access the corporate intranet.
No problem with the solutions itself, but the way some deployed them. They have many built-in tools under their sleeves but will install a suite without even tightening it to fit the security requirements...which is even less secure than the built-in tools. exactly.
This is more of a curiosity but this concerns a different business model. I'm talking about computers set up in something like a public library. Here's an example: I live in a large urban area and was temporarily without a computer. I needed to go online for tax info and while walking past someone, noticed he was watching something, uh, nasty. Next day, I had to go back and the entire system was down for hours, from malware. What approach would be effective there, without infringing on people's rights to free internet access? Hmm, glad it's not my problem. Edit: This was a few years ago; I do recall I was unable to download/install anything there so at least that safeguard was in place.
It exist since ages, it is called SRP (Software Restriction Policy) , basically , the admin allows only authorized programs to run and the rest is auto-blocked, people can still browse the net but malware wouldn't be able to run.
OK, guest, but it seems the public library system had basic SRP in effect at the time, like I said in my edit. The global system crashed regardless. No matter, it was only idle curiosity, seeing as I and others there who had to jostle for a tiny bit of use with the homeless folks were plenty miffed, believe me. Just for my own education, I took a look here: https://docs.microsoft.com/en-us/wi...tware-restriction-policies-in-the-same-domain That is some strong stuff, indeed now I somewhat understand better why these techniques should be deployed on a larger scale.
"How can businesses stop attacks when traditional security solutions are ineffective" - the answer to this question is that they train their employees correctly so they have a good understanding on good online security measures, and to allow them to identify when they are being targeted. Training could be as little as a few months to years, you get out results based on the effort with the work put in. Now moving on to the second part, traditional security solutions are not ineffective - they do catch both old and new threats quite commonly (depending on the product's capabilities & how it is being used), however if the user is an idiot or a noob then what do you expect other than to get infected. It's like clicking a crap ton of links to download malware, then blaming AVG for failing when you get infected for running it.
Some years back libraries were installing software like DeepFreeze. I would suggest they install Shadow Defender now days. Password protect it and hide the icon. Plus software policies. No matter what they would do, it would be undone on reboot.
