Slashdot: Microsoft Claims PowerShell Now More Secure

Microsoft Claims PowerShell Now More Secure
Published on August 26, 2017 at 04:22PM
An anonymous reader quotes Wired:
Last year, well over a third of the incidents assessed by security firm Carbon Black and its partners involved some sort of PowerShell component. But as network defenders catch on to Microsoft’s recent release of additional PowerShell protections, the attack sequences that exploit PowerShell are finding some long-overdue resistance… PowerShell 5.0, released last year, added a full suite of expanded logging tools… While it’s no panacea, and doesn’t keep attackers out, the renewed focus on logging aids flagging and detection. It’s a baseline step that helps remediation and response after an attack is over, or if it persists long-term… And PowerShell’s recent defense improvements go beyond logs. The framework also recently added “constrained language mode,” to create even more control over what commands PowerShell users can execute… The security industry at large has also made strides to determine what baseline normal activity for PowerShell looks like, since deviations could indicate malicious behavior.

Lee Holmes, Microsoft’s principal software design engineer for PowerShell, says they’ve been “laser-focused on security since the very first version,” adding that they’re now moving towards a more enlightened approach.

“You can focus harder on protecting against breaches and defense in depth, but the enlightened approach is to assume breach and build the muscle on detection and remediation — make sure that you’re really thinking about security end-to-end in a holistic manner.”