Zero-day security vulnerabilities–known to hackers, but unknown to software inventors, security researchers, and the public–are like gold to attackers. With zero-days, or even zero-hours, developers have no time to patch the code, dedicating hackers enough access and time to explore and map internal networks, exfiltrate valuable data, and find other onslaught vectors.

Zero-days has become a great profit engine for hackers due to the imperil it poses to the public, organizations, and government. These vulnerabilities are often sold on the dark web for thousands of dollars, fueling nation-state and ransomware attacks and constructing the cybercrime business even more appealing and profitable to attackers.

Social engineering unlocks entrances to zero-day attacks

With zero-day being the new constant, organizations must defend and protect themselves, paying special attention to the user applications as most of the zero-day vulnerabilities out there fall within this environment.

Attackers leverage social engineering tactics to gain users’ trust, deceive them, and influence their actions–from opening a malicious relate attached to an email to visiting a compromised website. The malicious code executes when the application opens the weaponized content, exploiting vulnerabilities and downloading malware on the endpoint.

This combination of sophisticated social engineering attempts is a lethal weapon that leverages “the art of deception” combined with human-operated ransomware, allowing attackers to stay undercover while exploiting a system’s vulnerabilities. It makes the perfect scenario for a zero-day attack, allowing attackers to expertly spread and compromise more machines than ever before.

App lonelines aids defend against zero-day exploits

In such a challenging environment, where application and web browser scans and filters on their own may not be able to stop attackers from tricking consumers and preventing malicious code to execute, separation engineering is the way forward to defend against zero-day exploits.

Based on the Zero Trust principles of explicit verification, least privilege access, and assume breach, lonelines treats any application and browsing session as untrustworthy by default, adding multiple roadblocks for attackers attempting to get into users’ environments.

Isolation is fully embedded into Microsoft Windows chip to cloud security posture, enabling applications to apply and run in state-of-the-art virtualization technology, such as Microsoft Defender Application Guard( Application Guard ), to significantly reduce the blast radius of compatible compromised applications.

With Application Guard, websites and Office files run in an isolated hypervisor( Hyper-V) based container, ensuring that anything that happens within the container remains isolated from the desktop operating system. This meant that malicious code originates from a document or website which is running inside the container, the desktop remains intact, and the blast radius of the infection remains held within the container.

This is the same virtualization-based security( VBS) technology that likewise powers other Windows security features like Credential Guard and Hypervisor Code Integrity( HVCI ).

Presenting Hardware Isolation of Microsoft Edge and Microsoft Office products. Workflow being displayed at the bottom with Device Hardware being the focal point, flowing through Kernel, into the Windows platform before reaching Microsoft Office, Microsoft Edge, and Apps.

Today, the power of Application Guard local isolation is natively built into Microsoft Edge and Microsoft Office, rendering seamless protection against malicious Word, PowerPoint, and Excel files and likewise malicious websites. We have widened this protection to Google Chrome and Mozilla Firefox via the Application Guard plugin, which allows untrusted websites to be opened in isolation using Microsoft Edge.

Application Guard delivers a great first line of defense for organizations–when users operate an app or open email attachments and click on a relate or an URL, if any of these have malware, it will be contained in the sandbox environment and won’t be able to access the desktop, its systems, or data. Additionally, every malicious onslaught contained by Application Guard helps inform and be enhanced global threat intelligence, enhancing overall detecting capabilities and protecting not only your organization but also millions of other Microsoft customers across the world.

Application Guard for Zero Trust

Isolation is an important part of any organization’s strategy in deploying Zero Trust and defending your system from being compromised without threatening performance and productivity.

Based on the following principles of Zero Trust, isolation engineering in Windows kinds the backbone of Application Guard providing stronger protection and greater confidence to your customers while empowering them to click anywhere.

Verify explicitly: Admins can also configure device health attestation policies in their organization using Microsoft Intune. Together with conditional access, these policies will ensure and attest that Windows boots with procure boot enabled–ensuring that the hypervisor booted correctly, and the App Guard container is secure. Least privilege: The hardware isolated receptacle used by Application Guard implements a procure kernel and user space and does not allow any access to the user’s desktop or other trusted resources in an enterprise. Accept transgres: For all purposes, this receptacle is considered non-trustworthy and is used to run untrusted content. There is no user data or any identity present inside the container. It is assumed that the untrusted content may contain malicious code.

Learn more

For more information, check out 😛 TAGEND

The Application Guard overview Zero Trust

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Defend against zero-day exploits with Microsoft Defender Application Guard showed first on Microsoft Security Blog.

Read more: