Solving for Root Cause 

by | Sep 18, 2023

The many layers of security 

Like delicious cakes, or gearing up for cold weather, its all about layers. Each layer adds its own benefit for the user to enjoy, keeping the core (you) happy and safe. It goes the same for cybersecurity. However choosing which layers will keep you the most satisfied is always tricky, and in the world of cybersecurity often these different layers work as silos, non-related to one another. While we have these tools in place, ultimately breaches continue to happen and organizations are at high risk instead of having high resilience. This brings us to our topic of today of solving for root cause. How do we stop the attacks before they spread at the operating system (OS) level? How about we stop the ones that do get past all our security layers and reach the OS level? Security hardening for the operating system is not something new, but agentless OS-Level remediation is. 

What is OS-Level Remediation 

OS-Level Remediation refers to the process of identifying and mitigating vulnerabilities and security weaknesses at the OS-level of our IT infrastructure. It involves: 

  • Vulnerability Scanning: Regularly scanning all operating systems for known vulnerabilities, misconfigurations, and weaknesses that could be exploited by cyber threats. 
  • Patch Management: Swiftly applying security patches and updates provided by OS vendors to address identified vulnerabilities. This is essential to prevent attackers from exploiting known weaknesses. 
  • Configuration Management: Ensuring that the OS configurations adhere to security best practices and compliance requirements. Misconfigured systems can provide easy access to attackers. 
  • Hardening: Implementing security hardening measures to reduce the attack surface and make it more challenging for malicious actors to compromise the OS. 

This has a huge significance for any organizations risk management strategy if they want to reduce the likelihood of security breaches and data leaks. Let’s take a look at some critical vulnerabilities affecting the operating system and how we can mitigate them at the OS-Level. 

High impact vulnerabilities that can be stopped at the OS-Level 

Example 1

Follina Vulnerability (CVE-2022-30190)

Exploitation:
The Follina vulnerability involves the exploitation of the MSDT (Microsoft Support Diagnostic Tool) protocol within Microsoft Office documents. Threat actors exploit this vulnerability through phishing campaigns, tricking users into opening malicious Office documents that contain a web link to an attacker-controlled online resource. The Office application automatically fetches the embedded link, invoking the MSDT protocol. This specially crafted link can then force the execution of attacker-supplied PowerShell commands without requiring additional user interaction.

Exploits may occur when users open Microsoft Office documents, such as Word .docx files, received via email or other communication channels. In some cases, even without directly opening the file, malicious code could run via the Preview Tab in Windows Explorer, particularly if the file is in .rtf format. The malware payload is activated through the MSDT protocol.

Follina OS-Level Fix:

  • Validating that all software, including Microsoft Office, are up-to-date with the latest security patches.
  • Disable the MSDT protocol if not required.
  • Implement robust email filtering and security solutions.
  • Provide user education on recognizing phishing attempts.
  • Employ endpoint security solutions to block malicious activities.

Example 2

WinRM Vulnerability (CVE-2021-31166)

The WinRM vulnerability involves the misuse of the Windows Remote Management service and protocol for malicious purposes. Adversaries can abuse WinRM for lateral movement and remote code execution within an organization. They can use valid accounts to remotely execute commands on multiple systems across the network, allowing them to move laterally. Attackers can also use WinRM to remotely execute arbitrary code, modify the registry, and perform various actions on compromised systems.

WinRM OS-Level Fix: 

  • Disable basic authentication for WinRM and use stronger authentication methods. 
  • Implement network segmentation to limit system access via WinRM.
  • Enforce strong password policies.
  • Enable auditing and monitoring of WinRM activities.
  • Configure firewall rules to control WinRM connections.
  • Regularly update the operating system and WinRM software for security patches.  

Like the examples presented above, most common vulnerabilities can be mitigated directly at the OS-Level, bypassing the many security layers we have in place. This ultimately allows you to leverage your current security tools and get the most out of your investments. 

Agentless OS-Level Remediation with Veriti 

In the quest to address root causes and fortify cybersecurity, Veriti’s agentless OS-Level Remediation meticulously identifies vulnerabilities deeply embedded within the operating system, covering everything from configuration settings to registry values. This comprehensive approach ensures no stone is left unturned, providing the thoroughness needed to safeguard modern organizations: 

Agentless Operating System Remediation – Reduce overhead, improve scalability, enhance resiliency without deployment or maintenance of an agent

Seamless and Non-disruptive Remediation – Avoid the need extensive downloads, system restarts, or downtime 

Coordinated Responses Across Teams – Provide multiple remediation options across different defense layers 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

VERITI FOR Enterprises

increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

State of Enterprise Security Controls

DOWNLOAD Report >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs