locked
What is the future of EMET? RRS feed

  • General discussion

  • Just a few questions about EMET to discuss!

    Will Microsoft continue to improve it and release new versions? Will the functionality (partially) integrated in Windows 10 and if so will EMET still be available for Windows 8(.1) and Windows 7. Will Microsoft update the program and/or protection profiles throug Windows Update? Will ......?


    W. Spu

    Saturday, December 6, 2014 12:47 PM

All replies

  • Have you looked at Palo Alto Traps Advanced Endpoint Protection?

    Because the approach we use in our Traps Advanced Endpoint Protection product can sound similar to that used by EMET, many customers ask how we differ. So let’s talk about how exploits that bypass EMET still get blocked by Traps, and how Traps stops malware that does not use an exploit and therefore cannot be blocked by EMET:

    • Anti-exploit effectiveness: Traps comes with more than twice the number of exploit prevention modules (EPM). This means that Traps blocks more exploit techniques, including techniques that are used specifically to bypass EMET. These EPMs are implemented at a lower level making them extremely difficult to bypass. Some of the modules in EMET only work on applications that were compiled to work with EMET, whereas the Traps EPMs are enforced on any application with no dependency on application awareness.
    • Self-protection mechanisms: Let’s face it, many of our users have highly privileged control over their own PCs. This means they can disable software and stop processes at will. While EMET can be easily disabled, sometimes even by an end-user with low privileges, Traps includes proprietary self-protection mechanisms that make it extremely difficult, even for a local administrator, to disable the agent. The specifics are top-secret but let’s just say that even successfully stopping the Traps related services is not going to stop us from blocking exploits.
    • Application coverage: Traps can prevent exploitation of any application process. Furthermore, the agent automatically discovers new processes being used on endpoints and populates a list in the admin console so the administrator can select the processes that should be protected. As an example, we have one customer that is using Traps to protect more than 250 applications in addition to the hundreds that are already included in our default policy. This is compared to roughly 10 applications covered by the EMET default policy. It’s also worth mentioning that Traps includes full protection for Java, including the very famous logic-flaws in it, whereas EMET merely stops memory corruptions in Java, which are rare.
    • Centralized Management: Traps is a scalable enterprise product with a centralized console for policy management and reporting. EMET is a tool that lacks any centralized policy management and only reports to the local event log on the endpoint.
    • Breadth of security layers: Traps components include anti-exploit, anti-malware, forensics, device control, application control and WildFire cloud integration. EMET is simply an anti-exploit tool, offering a small subset of our anti-exploit features.
    • Integration: Traps integrates with WildFire, a key component to our threat intelligence cloud, in order to leverage intelligence gathered from thousands of Wildfire customers submitting over a million suspect files each day. Traps also integrates with popular SIEM solutions, Syslog, ePO, and uses an MS SQL back end.


    Thursday, December 18, 2014 10:26 PM