Ring Fencing

19th November 2024

Uncategorised

Hash based AntiVirus is ineffective in this day of ChatGpt. Bad guys can make custom threats or custom obfuscations.

I expect the future is Ring Fencing.which allows a set of access rules per application. eg we could allow Powershell to only access Privage networks. Now Powershell still works for my company RMM tasks but can’t fetch Malware from the internet.

The Co. I know with working Ring Fencing is ThreatLocker. Other companies like SentinelOne use them buzz words but only use the data to “help analysts make better decisions” aka doesn’t block any threats.

Ring fencing is more like behavioural analysis in that it doesn’t look for a specific hash/signature (traditional AV) which can be easily changed. Except it is Program behaviour and not End User behavior which has proven to be rife with false positives

I expect the ruleset needed to make this work will be fiddly but I’m not seeing a better solution.

demo