About Show #359
Richard chats with Microsoft PFE Kurt Falde about the Enhanced Mitigation Experience Toolkit (EMET). It might be a weak name, but it's an amazing set of tools - a whole different way of defending a workstation from malware exploits. Kurt dives into how EMET can lock down PCs in a standardized way, including controlling specific SSL certificates for key web sites. But the bulk of the focus of EMET is on protecting software from changes by malware. Rather than using fingerprint matching the way typical anti-virus software works, EMET tracks known-good states of common software and stops changes to them from happening - an effective strategy for zero-day exploits!
Kurt Falde has been with Microsoft for more than ten years. During that time he has worked initially as a Rapid Response Engineer (Precursor to Premier Field Engineer) supporting Active Directory and other Platforms type items. I at one point switched and worked for approximately 4 years in our CSS Security group which supports customers with security incidents as well as a number of our security related products (WSUS/MBSA/AV Engine/EMET/SCW). For the past 3 years I have worked again as a Premier Field Engineer supporting AD/ADFS/GPO’s/Security/DNS for the first 2 of those and the last year have been moved into a role specifically focused on Cybersecurity support for our customers. Prior to Microsoft I worked various IT admin jobs supporting NT Domains/AD and some Checkpoint Firewalls.