Best Mitre D3FEND advice to harden Windows networks

Mitre's recently released D3FEND matrix offers sound guidance for any security admin or CISO looking to harden a Windows network against attack.

A vault door security mechanism with abstract circuits. / increase security / harden against attacks
Grasetto / Chakis Atelier / Getty Images

Often it just takes a defensive mindset to come up with effective options to protect and defend against today’s threats. The Mitre organization has recently released its D3FEND matrix that documents ways to harden the network, detect and isolate threats, and deceive and evict attackers from your network. I’m focusing on D3FEND guidance Windows admins can follow to harden their networks.

Application hardening

Mitre D3FEND recommends these processes to harden applications:

  • Dead code elimination
  • Exception handler pointer validation
  • Process segment execution prevention
  • Segment address offset randomization
  • Stack frame canary verification
  • Pointer authentication

While you might have influence on software choices, you might not have the ability to influence the actual software coding. As a CSO for a larger organization, you can discuss these concepts with your software vendors and query them about their security processes. You can hire consultants to review your internal code projects to ensure that your applications are designed with security in mind.

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022