|In our previous edition of this newsletter, we had discussed how ZTNA (Zero Trust Network Access) can be used to whitelist applications so that your organization can have control over what applications are allowed to run on computers inside your network, thereby eliminating the threat of accidentally downloaded utilities with malicious software from causing havoc.|
In this edition, we will discuss two (2) more layers of security which are: 1. Application Ring-Fencing and 2. Storage Control.
All three (3) cybersecurity strategies mentioned above have now become indispensable as criminals use multiple attack vectors to exploit application execution capabilities to deploy and run malicious payloads.
|Application Ring-Fencing and Storage Control:|
|Application Ring-Fencing – Modern applications do not run in isolation. They interact with other applications on the computer, often invoking and/or passing data to other applications on the same or even other computer systems. Ring-fencing limits the ability of a program to invoke other programs that may not be needed for normal users. A ubiquitous program like Microsoft Word may have hyperlink(s), that when clicked, will open a default browser and take the user to a website. However, Word also has capabilities to invoke PowerShell, which advanced computer users use to perform many administrative level functions using command line. Normal everyday user may not have any need for it. However, a Word document with malicious code embedded in it, when received and opened, could invoke PowerShell commands that could cause data to exfiltrate, modify registry settings, or even encrypt files using Adobe software’s ability to encrypt. Another example is remote desktop which is used by computer IT professionals to remote into other systems to fix issues. When 2 computers interact with each other in this manner, malicious payload copied on to clipboard from an infected system can easily transfer to the other thereby infecting the other system also. Through carefully planned ring-fencing, an organization can limit ability of program’s ability to interact with other unnecessary programs and make its computer systems more secure.|
Storage Control – An organization can set up policies to allow certain applications to access only certain drives and folders. This will not prevent a user from downloading a Word document with malicious code, but it will limit the damage to severely to only those drives and folders to which Microsoft Word has been granted access permission. A strategy like this can severely limit a malicious payload like ransomware from accessing and encrypting all possible data files on the network.