Excess software access creates unnecessary risk. Uncover unused risky binaries and applications, restrict access to them, and cut your attack surface by up to 95%.

Threat actors are increasingly weaponizing legitimate tools to carry out cyberattacks, by blending into typical network traffic. This is forcing organizations across Asia Pacific to rethink how they protect their businesses as threat surfaces expand. It’s no longer sufficient to lock down your network with traditional cybersecurity tools or focus solely on detection. It’s time to redefine the way we approach endpoint security.

The Scope of the Challenge

According to the Cyber Security Agency of Singapore, more than 70,000 systems were infected by malicious actors across Singapore in 2023 – a shocking number for the regional tech hub. Threat actors have moved from using custom malware and tool-based attacks to a technique that utilizes existing tools, binaries, and applications within the environment to mimic regular activities. 

Called Living Off the Land (LOTL) attacks, these threats disguise themselves within legitimate traffic and tools as a way to get around traditional cybersecurity controls. Statistics from Bitdefender and industry research show that more than 70% of all attacks now utilize LOTL techniques.

The challenge lies in that traditional attack surface management tools and approaches rely on static, generic, or role-based policies, and manual allow/deny decisions. This method is nearly impossible to manage well in today’s complex environments.  

This type of approach leaves organizations with difficult choices: restrict access to too many necessary tools and disrupt productivity, or allow too many people access to tools they don’t need. And if employees have access to various tools, so may threat actors if they manage to compromise the user. Legacy cybersecurity solutions provide no middle ground and do little to mitigate the expanding attack surface and the threat of LOTL attacks. 

Tailored Proactive Hardening and the Future of Cybersecurity

Proactive hardening offers a powerful new approach to mitigating the risk of LOTL attacks. By establishing a detailed behavioral baseline down to the individual user level, organizations can quickly identify subtle deviations that indicate a threat. This approach also compares typical threat actor tactics against normal user behavior, enabling security teams to spot abnormal activity and shut down the pathways most often exploited in these types of attacks. With proactive, tailored hardening, organizations can build stronger security strategies without disrupting users’ ability to work effectively. 

Bitdefender

We recently launched GravityZone Proactive Hardening and Attack Surface Reduction (PHASR), a breakthrough in endpoint security that customizes protection and configuration settings based on each user’s specific actions and active attack vectors. PHASR uses AI algorithms to continuously monitor and learn the behavior of every user-device combination. It correlates these behaviors with threat intelligence from Bitdefender Labs to identify unusual activities and risky tools/ applications that can be restricted without disrupting legitimate workflows. This approach enables organizations to safely permit necessary tools for specific roles or situations while minimizing exposure to LOTL techniques and other attack methods. 

Take PowerShell, for example. It’s a legitimate tool that some departments rely on—but one that threat actors frequently abuse during attacks. Upon closer inspection, only certain, very specific actions within PowerShell tend to be exploited by attackers. PHASR automatically blocks these risky behaviors within the tool while allowing users to continue leveraging it for legitimate needs. Combined with PHASR’s automatic restriction of unused tools, this approach rapidly shrinks the attack surface. In fact, up to 95% of the employee attack surface in most organizations is unnecessary, making PHASR’s targeted hardening a practical way to reduce threat exposure. 

GravityZone PHASR mitigates unnecessary risk and enforces compliance, dynamically restricting tools or privileges that fall outside established norms. Most importantly, it continuously adapts to changing user behavior and the threat landscape – an absolute necessity in today’s always-on, dynamic business environment. 

Proactive Hardening Outcomes 

A proactive hardening solution continuously adapts to evolving behaviors and threats, without requiring maintenance of granular policies and exceptions. Additionally, this approach helps reduce the attack surface for organizations in several ways: 

1. Closing Attack Entry Points  

It groups users with similar behavior patterns and applies recommended policies to these specific groups —such as everyone in the accounting department or a particular region. For example, PHASR may determine that the HR department of an organization doesn’t use a particular tool and blocks its use by the entire group. This approach drastically reduces the entry points and potential options for threat actors. Also, PHASR tailors defenses to each system, making it harder for attackers to reuse the same techniques across environments.    

2. Address Configuration Drift 

Configuration drift occurs when users change roles or leave the organization, but their privileges are not updated – either by accident or due to limited resources. PHASR allows organizations to continually monitor for changes and automatically adjust access controls.  

3. Changing How Organizations Approach Risk 

Attackers are moving fast, pivoting to automation and using an organization’s tools against it, from operating system tooling and infrastructure management to automation tooling. 

Strengthening defenses and minimizing attack surfaces starts with prevention, along with detection-focused tools and services like extended detection and response (XDR) and managed detection and response (MDR), are part of a multi-layered security approach.  

Read more about PHASR and its unique approach to security here.