Quote:

How do cybercriminals attack workstations? They generally exploit vulnerabilities in frequently used programs or potentially dangerous features in legitimate software. There are other ways, of course, but those are the most common ploys. So, it might seem logical to restrict the use of such software. But how can you do that without harming business processes? Mindlessly blocking software can cause severe damage to business; you have to take into account differences in employees’ roles. Our approach was to reduce the attack surface through adaptive anomaly control with the use of machine-learning techniques.

For many years, MS Office has had the dubious distinction of being top dog by number of exploited vulnerabilities. But that does not mean that the software is bad. Vulnerabilities are everywhere. It is just that cybercriminals focus more on Office than its counterparts, because it is the most widely used. Even if your company is prepared to spend money on retraining employees to use an alternative, as soon as another productivity suite gains popularity, it will knock Office off the top of the exploited software leaderboard.

Some products have features that are clearly dangerous. For example, macros in that selfsame Office can be used to execute malicious code. But a blanket ban would be impractical; financial analysts and accountants need those tools in their day-to-day operations.

The task is to somehow keep strict watch over such programs and intervene only when anomalous activity is detected. But there is one problem.