The more information we have about a device, the more secure we can make it. That would be a huge advantage for the administrator.
It wouldn't need to do anything other than collect and share the information.
If Symantec could do that, it would help managers improve their security, as they would know all the software installed on each device.īecause Symantec is already installed on a workstation, it would not be difficult for the agent to collect information about the software installed. That's really interesting, But we don't know about other software that is installed and that means we need to install and use other software on the workstation to collect that information. That would be a huge advantage for everyone who administers these tools.įor example, EDR gives me some applications with a version linked to a CVE or a MITRE attack. Irrespective of how many times the operating system is reinstalled, the malware will stay on the device.One suggestion I have for both regular and mobile would be to collect all the information about installed software, such as versions, and give that information to the manager to help with software management. This, and the fact that the firmware resides on a chip separate from the hard drive, makes attacks against UEFI firmware exceptionally evasive and persistent. If UEFI firmware is modified to contain malware, the malicious code will be launched before the operating system, making its activity potentially invisible to security solutions and to the operating system’s defences. UEFI firmware is a critical component in the vast majority of hardware, because its code is responsible for booting up a device and launching the software component that loads the operating system.
Researchers from Kaspersky have discovered a unified extensible firmware interface (UEFI) rootkit that stays on the victim’s machine even after the operating system has been rebooted or reinstalled.ĭub bed ‘CosmicStrand’, it was developed by an advanced persistent threat (APT) actor and i ts persistence makes it very dangerous in the long run, says Kaspersky.
0 kommentar(er)
