Generic exploit mitigation is not so much about vulnerabilities but rather methods used to exploit them.  Patching vulnerabilities is important, but consider mitigations for the vulnerabilities not so easily addressed.  By limiting where programs can execute, randomising the location of allowed programs, and refining your system security settings, you can augment overall system hardening.  Think of it as a lock that could be picked, but preventing access to the lock in the first place.  Upgrade older platforms to newer versions that already have these mitigations built in.  Deploy baseline images already hardened.  Defence in depth extends to within individual systems.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s