Software mitigation techniques are an important element of layered security for enterprises, says Jonathan Ness,...
security development manager at Microsoft.
Enterprises can use software mitigations to harden the operating system (OS) and applications by making it more difficult for software vulnerability exploits to execute successfully, Ness said.
While some software mitigations, such as Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) are built into Microsoft's Windows OS, enterprises can enable additional mitigations using Microsoft's free enhanced mitigation experience toolkit (Emet).
Emet, first released for public use in September 2010, gives enterprises the means to protect against unknown vulnerabilities and brings newer security protections to older platforms and applications, both Microsoft and non-Microsoft.
The utility, which provides mitigations such as dynamic DEP and mandatory ASLR, must be configured for each application, but may not be compatible with all non-Microsoft applications.
Microsoft has tried to make the latest version of Emet easier for enterprises to deploy, monitor and configure, said Ness.
Enterprises can now control Emet through Windows Group Policy and deploy and configure Emet through Microsoft's System Center Configuration Manager.
For monitoring, version 3.0 provides user notifications of Emet activity and logging to Windows Event Log of Emet actions.
For the first time, Emet allows the use of wildcards and includes default protection profiles. These are XML files that contain pre-configured Emet settings for common Microsoft and third-party applications.