Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Trusted Application Protection Stops Zero-Day Threats

October 25, 2017

  • Blog
  • Archive

With the release of Avecto Defendpoint v5.0, we have not only made implementation faster and easier with our Quick Start policy but also increased the security of our customer's endpoints as well. This security boost comes in the form of Trusted Application Protection (TAP), a new feature designed to neuter the common attack techniques that plague organisations today.

Organisations are increasingly being attacked by cyber threats targeting their corporate installed & trusted applications. Our research has shown that the most common malware delivery mechanisms are malicious documents and links sent in phishing emails. The recent McAfee Labs report reflects this, showing how attackers are turning to script based malware in Office documents and PowerShell to conduct file-less attacks and evade detection.

To understand how TAP works, it is important to understand common attack patterns. The Avecto labs have analyzed the behavior of thousands of malware samples and identified the common attack patterns across hundreds of malware variants. These patterns generally involve a trusted application either executing malware directly as a new child process or executing a script using built-in tools such as PowerShell.

attack-chain.jpg?width=451&height=103

Common attack chain - Malicious content is sent via phishing email to exploit a trusted application, malware is downloaded and launched as a new child process.

Another finding from our research was that regardless of the initial vector, malware will introduce a binary payload (exe or DLL) as part of the infection, as confirmed by McAfee in their latest report. This means that, by controlling the child processes and DLLs that can be loaded by a trusted application, we can prevent the common malware attack chains and protect the endpoint.

Avecto Defendpoint v5.0 with TAP provides an out of the box config to protect trusted applications such as Word, PowerPoint, Excel, Adobe Reader and the common web browsers by controlling their child processes and DLLs. This prevents these high-risk applications from being used to launch malware payloads, load malicious DLLs or exploit commonly abused native applications such as PowerShell.

This means that when a user is tricked into opening a malicious document the ransomware payload or script is automatically blocked from launching. While this may seem obvious or even too simple, it has proven to be highly effective. Recent attacks including the yet-to-be-patched Office DDE exploits seen in the wild have all been prevented by the out of the box policy and protections.

Although this feature can protect against common attack vectors it is not designed to replace your AV solution but augment it with a proactive layer of defense that reduces your exposure to risk. As any security professional will tell you the earlier on in the attack chain you can stop an attack the less risk you are exposed to. By blocking common attack vectors before they execute TAP greatly reduces your risk of a breach.

Defendpoint v5.0 with its powerful combination Privilege Management and Application Control further raises the bar with reduced deployment time and increased security. To learn more about the benefits of Avecto Defendpoint v5.0 register for a demo today.

Photograph of Jonathan Clarke

Jonathan Clarke, Content Marketing Manager

With a Master's Degree in English Language and Media, Jonathan has a genuine passion for producing compelling and thoroughly researched cybersecurity content. Coupled with a B2B agency background, he is adaptable to a wide range of industry topics, and also looks after BeyondTrust's Public Relations and social media channels. A huge animal lover, he is the proud 'father' of Simba, a very hyperactive German Shepherd dog.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts

Rising CISOs: Ransomware, Cyber Extortion, Cloud Compromise, oh my!

Whitepapers

A Zero Trust Approach to Windows & Mac Endpoint Security

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.