The endpoint security marketplace is crowded with vendors claiming to have superior capabilities. Cutting through all the marketing and sales pitches to understand how these products perform isn’t easy. Luckily, The MITRE Corporation conducted an independent test of the detection and investigation capabilities of leading endpoint detection and response (EDR) products against real-world attack sequences. We’ll break down MITRE’s methodology, the results, and what it all means for your organization as you assess your current and future endpoint security toolkit.
Recently, Palo Alto Networks Unit 42 reported on a new exploitation platform that we called “DealersChoice” in use by the Sofacy group (AKA APT28, Fancy Bear, STRONTIUM, Pawn Storm, Sednit). As outlined in our original posting, the DealersChoice exploitation platform generates malicious RTF documents which in turn use embedded OLE Word documents. These embedded OLE Word documents then contain embedded Adobe Flash (.SWF) files that are designed to exploit Abode Flash vulnerabilities.
This checklist provides a step-by-step guide to implementing a true prevention-based platform that may help prevent you from falling victim to a ransomware attack.