Endpoint Security

Absolute Delivers New Workflows to Protect Against Cyber Criminals

October 22, 2018

How long has it been since you read about a breach that started with an employee unwittingly opening a malicious file in an email they thought was legitimate? It likely wasn’t long ago.

Phishing is on the rise and cyber criminals use the elusive tactic to extort ransom from businesses, swipe medical data from healthcare organizations and steal money from the bank accounts of hopeful home buyers. Social engineering attacks, such as phishing and a more nuanced form of it called pretexting, represents 93% of the breaches the 2018 Verizon Data Breach Investigations Report (DBIR) examined.

As also noted in the DBIR report, phishing is very often the first step in a larger chain of events leading to a breach. Once a user clicks on a link or an attached file in an email, a malicious application can download which gives the intruder the access they were seeking. From there, thieves can work to gain control of sensitive information and access to corporate admin credentials. Unfortunately, this is a scenario we’ve seen played out time and again.

New Reach Workflows Improve Diagnostics, Block Hacker Lateral Movements

To help IT run needed diagnostics on their fleet of devices and stop a threat before it has a chance to gain any traction, Absolute has released new scripts for Reach, a powerful custom query and remediation feature that is part of the Absolute platform. With these important new tools, IT can effectively disable intrusive Windows processes or services, clear tampered host files on endpoints and restore them to a previous version, reset admin account passwords and modify admin shares to eradicate or, at a minimum, limit the effects.

Because Absolute Reach lets you ‘reach’ any device, even if these devices are off your network and outside the bounds of traditional tools, you can still take action on these devices. The full list of new Reach scripts is below.

New Script Name Description
Backup/Clear Hosts File Backup or clear a hosts file on device
Restore Hosts File Restore a previous version of a hosts file on a device
Set Local Admin Password Set the password for the local administrator on a device
Kill Windows Process Terminate a specified Windows process on a device
Enable/Disable Admin Shares Enable or disable admin shares on a device
Remove Windows Service Remove a Windows service from a device
Set Max Event Log File Size Set the maximum file size for Windows event logs.
Remove Windows Shares Remove one or more Windows file shares on a device
Stop Windows Process Stop one or more Windows process running on a device

More scripts are coming soon; be sure to watch our blog for further updates. To explore Reach for yourself, check out this short video.



Endpoint Security

Share this article

Financial Services