Absolute Delivers New Workflows to Protect Against Cyber Criminals
Absolute Delivers New Workflows to Protect Against Cyber Criminals

How long has it been since you read about a breach that started with an employee unwittingly opening a malicious file in an email they thought was legitimate? It likely wasn’t long ago.

Phishing is on the rise and cyber criminals use the elusive tactic to extort ransom from businesses, swipe medical data from healthcare organizations and steal money from the bank accounts of hopeful home buyers. Social engineering attacks, such as phishing and a more nuanced form of it called pretexting, represents 93% of the breaches the 2018 Verizon Data Breach Investigations Report (DBIR) examined.

As also noted in the DBIR report, phishing is very often the first step in a larger chain of events leading to a breach. Once a user clicks on a link or an attached file in an email, a malicious application can download which gives the intruder the access they were seeking. From there, thieves can work to gain control of sensitive information and access to corporate admin credentials. Unfortunately, this is a scenario we’ve seen played out time and again.

New Reach Workflows Improve Diagnostics, Block Hacker Lateral Movements

To help IT run needed diagnostics on their fleet of devices and stop a threat before it has a chance to gain any traction, Absolute has released new scripts for Reach, a powerful custom query and remediation feature that is part of the Absolute platform. With these important new tools, IT can effectively disable intrusive Windows processes or services, clear tampered host files on endpoints and restore them to a previous version, reset admin account passwords and modify admin shares to eradicate or, at a minimum, limit the effects.

Because Absolute Reach lets you ‘reach’ any device, even if these devices are off your network and outside the bounds of traditional tools, you can still take action on these devices. The full list of new Reach scripts is below.

New Script Name Description
Backup/Clear Hosts File Backup or clear a hosts file on device
Restore Hosts File Restore a previous version of a hosts file on a device
Set Local Admin Password Set the password for the local administrator on a device
Kill Windows Process Terminate a specified Windows process on a device
Enable/Disable Admin Shares Enable or disable admin shares on a device
Remove Windows Service Remove a Windows service from a device
Set Max Event Log File Size Set the maximum file size for Windows event logs.
Remove Windows Shares Remove one or more Windows file shares on a device
Stop Windows Process Stop one or more Windows process running on a device

More scripts are coming soon; be sure to watch our blog for further updates. To explore Reach for yourself, check out this short video.

endpoint visibility

 

 

ABOUT THE AUTHOR

Neeraj Annachhatre

Neeraj Annachhatre is Technical Marketing Manager within Absolute’s Product team. He provides customer and market insights for the Product Management and Development teams to leverage while leading go-to-market initiatives centered on the Absolute platform. Prior to Absolute, his work experiences include technical and managerial roles within the Cybersecurity, Semiconductor and Financial Technology industries in North America and Asia. He holds bachelors and masters degrees in Electrical Engineering from Purdue University and the University of Southern California respectively and an MBA from the Ivey Business School at Western University.



0 COMMENTS

Leave a Reply

Your email address will not be published.