{"id":242445,"date":"2020-12-03T09:00:18","date_gmt":"2020-12-03T09:00:18","guid":{"rendered":"https:\/\/onsystemlogic.com\/?p=242445"},"modified":"2023-10-28T16:20:30","modified_gmt":"2023-10-28T16:20:30","slug":"microsofts-emergency-software-patches-reveal-the-absolute-inadequacy-of-traditional-and-nextgen-anti-virus-and-endpoint-security-products","status":"publish","type":"post","link":"https:\/\/onsystemlogic.com\/blog\/microsofts-emergency-software-patches-reveal-the-absolute-inadequacy-of-traditional-and-nextgen-anti-virus-and-endpoint-security-products\/","title":{"rendered":"Microsoft\u2019s \u201cEmergency Software Patches\u201d Reveal the Absolute Inadequacy of Traditional and Nextgen Anti-virus and Endpoint Security Products."},"content":{"rendered":"
[et_pb_section fb_built=”1″ _builder_version=”4.11.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_row _builder_version=”4.11.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.11.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.11.4″ _module_preset=”default” global_colors_info=”{}”]On October 16, 2020, Microsoft published two out-of-band security updates or \u201cpatches\u201d to address security issues in the Windows Codecs library and the Visual Studio Code application. These patches came almost immediately after Microsoft released their regular monthly batch of security updates (patching 87 vulnerabilities). Both of the vulnerabilities needing immediate response are remote code execution flaws that allow attackers to execute code on impacted systems. This means malicious code can run on your endpoint (physical, or virtual workstation and or server, inside or outside of container, etc.) and do damage before your current antivirus software can act. I suspect Microsoft acted because systems were being actively attacked. These leaks had to be plugged.<\/p>\n
The first thing to understand is that this news regarding emergency and regular security patches is not unusual. It\u2019s not even news. Patching security vulnerabilities is an essential part of your enterprise\u2019s cybersecurity practices, in part because Microsoft and others have failed to deliver solutions built to STOP any attacker trying to leverage these application flaws. It\u2019s this failure that is the news.<\/p>\n
I used to be responsible for the most widely used endpoint security software in the world, at the largest security company in the world. In my opinion, Microsoft Defender is arguably the best AV\/EDR (Anti-virus\/Endpoint Detection and Response) software on the market today. But, if Microsoft believed their AV\/EDR capabilities could and would STOP an attacker, regardless of how they tried to take advantage of these flaws, they wouldn\u2019t have needed to resort to issuing emergency patches for their software. They would have simply said \u201cyes, we see it, but we rendered it benign.\u201d Turns out, they can\u2019t say that, and in fact, none of the market leaders in the AV\/EDR space can say that. They all suffer from the glaring hole of being blind to what is happening INSIDE OF APPLICATIONS, which is where the majority of today\u2019s successful security attacks are occurring and thriving. As a customer of AV\/EDR vendors, you are running multiple antivirus or EDR products on your organization\u2019s endpoints but they ALL have this glaring hole. What you\u2019re using today, regardless of the vendor you\u2019ve chosen, while absolutely necessary, is unfortunately also absolutely insufficient, tragically insufficient.<\/p>\n
Why haven\u2019t the AV\/EDR vendors been successful in closing this most important protection hole in their products? Because the technology required to stop these attacks is very complex and has not been a top priority for many of them. In addition, these antivirus companies derive much of their revenue by performing cleanup for their clients, after clients have suffered a cybersecurity event. They simply lack the incentive to solve the problem, but we\u2019ve solved it!<\/p>\n
None of the endpoint security products you are familiar with, or using today, provides adequate protection against well-known or benign-looking applications doing operations they should never be doing. Regardless of the AV\/EDR claims, they DO NOT protect against:<\/p>\n
NOTE: THE MECHANISM THROUGH WHICH THE ABOVE MALICIOUS SOFTWARE WILL GET ON A SYSTEM IS NOT OF IMPORTANCE TO THIS DISCUSSION. Bad\/misbehaving software could have gotten on the endpoint because of Phishing attacks, credential stealing, pictures, links, or other data files containing its bad payload, malicious Microsoft Office macros, or any other method. What is important, is to make sure that bad\/misbehaving software CANNOT execute its damaging instructions no matter how hard it tries. This is the problem we have solved.<\/p>\n
The concepts of self-defending and contained applications must be applied, now. Windows Endpoints (workstations, servers, physical, virtual, containerized or not) are the number one path through which sophisticated security products are fooled and bypassed today. The goal of any security system should be to STOP an attack at the earliest point instead of trying to, potentially, detect it and deal with it at some future time AFTER damage has been done. So, given that ALL Windows endpoints run one or more next-gen antivirus and\/or Endpoint Detection and Response products, why are successful attacks on the rise? Why aren\u2019t your vendors successfully defending your endpoints? The answer is found here: ALL current next\/current-gen AV\/EDR products have an Achilles heel. Their defenses are built based on:<\/p>\n
If they have not seen a particular attack mechanism or variation of it, they cannot contain a good application (e.g. white-listed, from reputable sources, etc.) if it has been compromised, or if it\u2019s a bad one that may look benign but has bad intentions not visible outside of the application.<\/p>\n
Does the above happen? YES. Everyday. And we are all left asking, again, \u201cgiven that ALL Windows endpoints run one or more next gen antivirus and\/or Endpoint Detection and Response products, why are successful attacks on the rise?\u201d And remember, you don\u2019t hear about most successful attacks. Many of them are simply not publicized.<\/p>\n
Which applications are we talking about? ALL of them. EVERY good application on your system needs to self-defend and EVERY benign-looking application needs to be contained. A system that doesn\u2019t do that will continue to suffer from this Achilles heel.<\/p>\n
Most importantly any technology\/product that claims to provide application self-defense and containment must have the highest level of self-protection, otherwise the protection it provides to applications can and will be defeated by attackers.<\/p>\n
Is there such a product on the market? Only one: OnSystem Defender. OnSystem Defender does not duplicate the functionality of your current AV\/EDR system. It simply removes the Achilles heel of ANY AV\/EDR system that you may be running. It solves the problem! OnSystem Defender allows each good application to learn its own most important valid behaviors — behaviors attackers will try to misuse. OnSystem Defender contains each benign-looking application so that it cannot perform dangerous operations from inside of the application in ways not visible to your AV\/EDR systems. It does this without any previous knowledge of the application, changes to the application, user-visible behavior, performance impact, or additional administrator workload. In short, it is totally transparent and frictionless.<\/p>\n
OnSystem Defender does not care how an attacker does its initial compromise of a system. The attack could have been initiated from:<\/p>\n
If the attack code cannot run, it cannot do damage. If it can run, it has the ability to:<\/p>\n
Can we prove OnSystem Defender works? Yes, we can! OnSystem Defender has been successfully protecting early adopters for over 2 years. It is trivial to deploy and manage. It can run in detection or prevention mode with its complete self-protection always at work.<\/p>\n
See for yourself what difference REAL endpoint PREVENTION can make in today\u2019s WFH environments and the peace of mind that you can enjoy by deploying the most capable endpoint security enhancement product on the market today. Instead of adding more analysts to handle the load created by an endless number of events created by your current AV\/EDR product, add a product that will make your systems an order of magnitude more secure and eliminate the false positives, or after the fact issues, that your current AV\/EDR products have or cause for you.[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
Onsystem Defender enables application self-defense to protect infrastructure even when anti-virus and other endpoint security products fail.<\/p>\n","protected":false},"author":1,"featured_media":242448,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[42],"tags":[],"yoast_head":"\n