In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender’s analysis of 700,000 high-severity incidents found legitimate-tool abuse in 84% of them.
The reaction we heard most was a fair one: We know. So what do we actually do about it?
That’s what Bitdefender’s complimentary Internal Attack Surface Assessment is built to answer. It’s a 45-day, low-effort engagement available to organizations with 250 or more employees that turns the abstract problem of “living off the land” into a specific, prioritized list of users, endpoints, and tools you can safely take away from attackers without breaking the business.
Why This, Why Now
A clean Windows 11 install ships with 133 unique living-off-the-land binaries spread across 987 instances. Bitdefender Labs telemetry found PowerShell active on 73% of endpoints, much of it invoked silently by third-party applications. This isn’t a malware problem — it’s an over-entitlement problem, and you can’t patch your way out of it.
Gartner now projects that preemptive cybersecurity will account for 50% of IT security spending by 2030, up from less than 5% in 2024, and that 60% of large enterprises will adopt dynamic attack surface reduction (DASR) technologies by 2030, up from less than 10% in 2025. The reason is mechanical: when most intrusions involve no malware and adversaries move in minutes, “detect and respond” is too slow a loop. You have to remove the moves attackers can make in the first place.
How the Assessment Works
The engagement runs in four steps over roughly 45 days, powered by GravityZone PHASR — Bitdefender’s Proactive Hardening and Attack Surface Reduction technology — and sits alongside whatever endpoint stack you already run:
- Kickoff and behavioral learning. PHASR builds behavioral profiles for every machine-user pair, typically over 30 days.
- Attack Surface Dashboard review. You receive an exposure score (0–100) and a prioritized list of findings across five categories: living-off-the-land binaries, remote admin tools, tampering tools, cryptominers, and piracy tools — each mapped to the specific users and devices they affect.
- Optional reduction sprint. Apply controls manually or let PHASR’s Autopilot enforce them. Users can request access back through a built-in one-click approval workflow.
- Reduction review. A final session quantifies how much surface you’ve shrunk and what shadow IT and unauthorized binaries surfaced along the way.
Early-access customers have reduced their attack surface by 30% or more in the first 30 days, with one reporting close to 70% by locking down LOLBins and…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
