Morphisec Cybersecurity Blog

EMET Refuses to Die

Written by Netta Schmeidler | November 18, 2016 at 5:09 PM

 

Microsoft recently announced it would extend support for its Enhanced Mitigation Experience Toolkit (EMET) until July 31, 2018. According to Microsoft, this 18 month reprieve –  originally support was scheduled to end on January 21, 2017 – is the direct result of customer feedback.

Microsoft describes EMET as a “free security mitigation tool designed to help IT Professionals and developers protect against emerging threats targeting vulnerabilities that are either unknown or for which a security update has not yet been applied.” And while it has been a welcome tool to harden systems against attacks, it also has many problems, especially when configured to prevent attacks of a more advanced nature. In particular, it has a very high performance penalty and tends to conflict with applications, causing reliability issues.

More concerning is that several of the more recent popular attacks (e.g. TeslaCrypt) were able to bypass EMET. This is a clear demonstration of the fact that Microsoft has pulled away resources from EMET as part of the end of life preparation process and that EMET cannot keep up with the latest exploit techniques.

However, the move to delay EMET’S expiration date is an indication of just how tenuous the current state of the fight against exploits is: Customers find even a severely flawed solution preferable to none. Exploits are the source of the most harmful and undetectable targeted and zero-day attacks. Organizations are willing to do a lot – risk performance issues, risk reliability issues – in order to be able to protect against these exploits as much as possible.

Yet, the extension is just a delay in the inevitable. July 31 2018 will arrive, and exploits will still be deadly. CISOs need to apply their mandate for constant, forward-looking innovation to the issue of advanced threats as well. Rather than relying on EMET until its expiration date, look for new solutions purpose-built to cope with an always changing threat landscape. Moving Target Defense as used in Morphisec’s Endpoint Threat Prevention solution is one technology proven effective against the latest exploit kits and ransomware attacks. It does not penalize performance or create reliability issues à la EMET or resource-heavy security products and resilience to new attack forms is baked into the system, securing the enterprise not only today but in years to come.