Anti-RANSOMWARE powerhouse "New Year's Tasks".
Number Eight: Implement, Constrained Language Mode + Device Guard User Mode Code Integrity [UMCI] into your Power Shell tool belt.
Now that you have standardized on Power Shell 5.1 or higher you can integrate it with Device Guard. Power Shell can and should be configured to detect the presence of a system wide UMCI and enforce UMCI application policies.
Make sure to add your Code Signing Authority to your UMCI policy store so that authorized and approved Power Shell Scripts can run as designed.
These three tools are things you own now, we're just suggesting a new recipe. Try something new, shake things up!
No solution is 110% fool proof, this one certainly isn't however it is a powerful, easy to maintain capability that will make a large, statistically significant chunk of risk our of your risk register.
Tips on running Power Shell in Constrained Language Mode
Tips on code signing for Power Shell
Copyright © 2020 by"the Secret CISO"
All Rights Reserved.
No comments:
Post a Comment