Keeping your ERP system bug-free is almost impossible. Therefore, finding whatever tools and applications you can to increase your ERP security and prevent cyber attacks, which may lead to malware infections, loss of data, and extended downtime, is critical. One of the best security tools available today is Microsoft’s Enhanced Migration Experience Toolkit or EMET. Unlike other mitigation technologies (e.g. SafeSEH, DEP, and ASLR) that Microsoft has included in Windows over the past few years, EMET is a utility that can be installed separately when additional restrictions on the use of certain areas of the software are required.
How Does EMET Work?
Basically, EMET protects by blocking, disrupting, terminating, diverting, or invalidating attack techniques someone may use to access computing systems. This means that EMET can help companies respond to cyberattacks by making the exploitation of software vulnerabilities as difficult as possible.
Quite surprisingly, this utility can be used with a variety of software products, including ERP systems developed by different vendors. The only exceptions are the applications using protocols that exactly mimic the behavior EMET blocks.
Since there is an application-compatibility risk, it’s advisable to thoroughly test EMET before deploying it in an enterprise environment. To address as many compatibility issues as possible, EMET allows users to configure all the mitigation technologies included, such as:
- Structured Exception Handler Overwrite Protection (SEHOP) – Part of Windows OS, this technology protects against attack techniques used to exploit stack overflows. Users can turn it off or on, according to their needs.
- Heapspray Allocations – EMET’s ability to detect and block heapspray techniques by pre-allocating commonly used pages can help enhance ERP security. Heapspray techniques are typically used to place copies of shellcode (attack code used to exploit software vulnerabilities) at multiple memory locations to improve an attack’s chances of success. Any exploits programmed to use the pages pre-allocated by EMET will fail.
- Data Execution Prevention (DEP) – DEP is a mitigation technology that blocks attempts to exploit vulnerabilities at memory locations where exploit authors store executable files. If an attacker can access these files, he’ll be able to run the malicious codes included.
- Null Page Allocation – Since there is no known way to exploit null dereference, null page allocation technology has been developed as a preventive measure to stop potential null dereference attacks.
- Export Address Table Access Filtering (EAF) – Some malicious codes need to connect to application programming interfaces (APIs) to subvert processes. Once the shellcode finds useful APIs (e.g. ntdll.dll or kernel32.dll), it will use them to load onto computers, giving attackers access to software. EAF works by preventing the shellcode from looking for APIs. One important aspect relates to EAF’s incompatibility with certain debugging/anti-debugging technologies and programs behaving like debuggers, which may lead to a variety of system problems.
- Mandatory Address Space Layout Randomization (ASLR) – By randomizing data storage locations and code objects in memory, ASLR filters and blocks access to data at predictable times or locations. ASLR is a great mitigation technology, significantly improving ERP security.
- Return Oriented Programming (ROP) mitigations – ROP mitigations block attacks relying on the ROP exploitation technique, which can run attack codes despite other mitigation technologies being enabled. ROP mitigations perform load library checks, memory protection checks, caller checks, execution flow checks, and stack pivot checks.
- Bottom-up randomization – As the name suggests, bottom-up randomization technology changes the order of memory allocations (e.g. heaps, stacks, etc.), preventing attackers from accessing computing systems at preset time intervals.
In addition to all these, EMET provides advanced mitigation options, such as deep hooks, anti detours, and banned functions. It also verifies SSL certificates against preset, yet configurable rules, identifying fraudulent certificates.
Although these technologies can’t guarantee that ERP vulnerabilities won't be exploited, they make exploitations very difficult, if not impossible, to perform. Since anti-malware, antivirus, and intrusion detection systems are unable to identify and block all cyber attacks, complementing your network infrastructure with a complex and powerful security software solution like EMET is critical to enhance ERP security.
Get the Return on Investment You Need
Companies that invest in implementing solutions, such as Acumatica Cloud ERP, or Dynamics 365 quickly realize a return on their investment. These ERP solutions are easier to customize than previous legacy solutions.
About Clients First
Business software should increase productivity, improve profitability, and be easy for staff to use. Most of today’s ERP solutions are good at finance and have horizontal niches for distribution, manufacturing, maintenance, repair, and overhaul (MRO) for aviation and heavy equipment. This makes searching for a software solution more about what the implementation partner can do to help you get the most out of the system. That is why Clients First is not a software company--we are a business solutions and services company.
Contact Clients First Business Solutions to learn more about the right ERP solution for your business to help you get the most ROI out of your 2021 budget.
Email: Dallas/Fort Worth, Texas, or call us at 800.331.8382