Moving beyond EMET, Part 2

microsoftMicrosoft has now mapped out the future for the Enhanced Mitigation Experience Toolkit (EMET) in part one and it looks pretty bleak. The advice given to EMET users was also a little vague: Upgrade to Windows 10. It’s a more secure operating system.

Although that’s true, it doesn’t cover everything that EMET does for you. Over on the CERT/CC blog, Will Dormann provides an excellent post about why Windows 10 can’t protect insecure applications like EMET can. The table seen in Dormann’s post highlights the protection available with and without EMET on Windows 7 and Windows 10. As you’ll see, Windows without EMET looks a little risky.

However, we thought we’d build upon the table in Dormann’s post by adding Sophos Intercept X to the mix.

image001

Intercept X includes many additional exploit technique mitigations that protect your applications. The software radar in Intercept X detects browser, audio, Office and PDF applications, automatically applying protection to those programs without needing any additional configuration.

Learn more about the exploit mitigation techniques in Intercept X.

Try Intercept X

2 thoughts on “Moving beyond EMET, Part 2

  1. I tested your product with the HitMan Exploit tool. Intercept X caught it every time I used an exploit method against the Hitman exploit tool itself, which is the default setting. However, whenever I told the tool to exploit through a different 32bit program, it didn’t catch the exploit attempt. EMET did (Separate tests). Is there a way to tell Intercept X which applications to protect? Or is there a limitation on what it is able to protect?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s