In this InfoSec Insider, Tim Bandos looks at why network admins will want to keep a close watch on network traffic within the enterprise.
Conventional wisdom has shown there’s a short line between a company’s highest point of risk – its employees and a compromise.
Unsanctioned, or shadow applications, are apps that haven’t been cleared by a company’s information security team. These apps, on employee machines, have long been a popular attack vector for saboteurs and employees looking to leak data.
While risky insiders have increasingly taken to using legitimate, hard to detect tools already installed on the endpoint – such as PowerShell, WMI, Cmd.exe to hijack machines with malware – there’s no shortage of seemingly benign apps that can evade detection, exfiltrate data and jeopardize an organization.
For More Details :
https://threatpost.com/unsanctioned-apps-invite-fox-into-cybersecurity-hen-house/133926/
