Exploit Protection

From attackics
(Redirected from Exploit Protection)
Jump to navigation Jump to search
Exploit Protection
Mitigation
ID M0950
NIST SP 800-53 Rev. 4 SI-16
IEC 62443-3-3:2013 SR 3.2
IEC 62443-4-2:2019 CR 3.2

Description

Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.


Techniques Addressed by Mitigation

NameUse
Drive-by CompromiseUtilize exploit protection to prevent activities which may be exploited through malicious web sites.
Exploit Public-Facing ApplicationWeb Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application.1
Exploitation for EvasionSecurity applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.2 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.3 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.
Exploitation for Privilege EscalationSecurity applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.2 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.3 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.
Exploitation of Remote ServicesSecurity applications that look for behavior used during exploitation such as Windows Defender Exploit Guard (WDEG) and the Enhanced Mitigation Experience Toolkit (EMET) can be used to mitigate some exploitation behavior.2 Control flow integrity checking is another way to potentially identify and stop a software exploit from occurring.3 Many of these protections depend on the architecture and target application binary for compatibility and may not work for all software or services targeted.