There is a jewel in a security professional’s toolbox, which â€“ in my opinion â€“ is highly underused. At least this is true in infrastructures I know. Since years, Microsoft offers a free tool called EMET (Enhanced Mitigation Experience Toolkit). EMET helps you to leverage the security technology built into Windows. To quote the above mentioned website:
EMET helps protect against new and undiscovered threats even before they are formally addressed through security updates or antimalware software. EMET includes 14 security mitigations that complement other defense in-depth security measures, such as Windows Defender and antivirus software. EMET installs with default protection profiles, which are XML files that contain preconfigured settings for common Microsoft and third-party applications.
I use the tool since a long time at the highest security settings. It rarely causes one of the applications to crash and maybe rightfully so. But besides from that I do not feel any impact.
However, deploying it in a corporate infrastructure is a different story. Operations will find all sorts of excuses: It slows down the machine, it is unneeded, security has to pay because it is a security tool, â€¦ Been there, done that and most of these excuses are simply defensive statement without real facts. And there is another misconception: It definitely does not replace patching.
Finally it does not help against professional incompetence. We recently got the statement that one infrastructure does not need to be patched because it is behind a firewall and in a datacenter. As much as I would like EMET to help there but I guess this fight is lost even with EMETâ€¦
What it successfully does is protecting you against quite some zero-days and for sure buys you time. Since we deployed it on our corporate machines, we could reduce the number of emergency patch deployments and this by itself is worth the deployment.
So, if you do not yet use it, test it and roll it out.