Stay on the cutting edge. Subscribe to our blog.
Fighting Back Against Python Backdoors
Traditional defenses aren’t very effective in fighting scripting attacks. As already discussed, EDR has difficulty detecting them, and firewalls won’t be much use in stopping the attack from moving throughout the environment. That’s because firewalls depend on network addresses to determine whether traffic is “safe.” Unfortunately, though, they can’t verify exactly what is communicating on either end, so it’s not hard for malicious software and scripts to piggyback on “safe” network addresses.
The best way to protect yourself against scripting attacks is to adopt a true Zero Trust approach. I say “true” Zero Trust, because any approach that uses network addresses to create policies cannot be effective. It’s critical to verify what is communicating, whether it’s a device, software or a script, and at Edgewise, that’s exactly what we do.
Our Zero Trust Platform uses an identity-based approach, which means the platform creates a unique identity for each workload. These “fingerprints” are made up of dozens of immutable properties, such as SHA-256 hash of a binary, the UUID of the bios or a cryptographic hash of a script. In this way, we can decouple segments and policies from the network, which enables us to provide 100% protection for any segment with no more than seven policies.
These policies state explicitly which devices, software and scripts are allowed to communicate with one another, and all other traffic is blocked by default. In this way, we can prevent scripts from establishing backdoors, accessing sensitive assets and deploying malware throughout the environment.
Identity-based Zero Trust is the simplest way to protect your business against scripting attacks, and Edgewise can microsegment and create policies for your environment in just 1-click. It really is impossibly simple!