First, let\u2019s consider what a blind spot is. Any responsible executive that knows about their blind spot, no longer has a blind spot. So, keep an open mind here. Trust me, you have a blind spot.<\/p>\n\n\n\n
I have talked with IT execs at all levels. These folks are not just responsible for a secure organization, they are liable. So, when we talk about blind spots, there\u2019s generally some interest.<\/p>\n\n\n\n
Next, I tell them \u2026 your IT team is managing the infrastructure using PowerShell. It\u2019s the language of IT. PowerShell IS<\/em><\/strong> how you get granular control of systems, and it is how IT shops run. At that point, I get one of two blind spot responses:<\/p>\n\n\n\n In the 90\u2019s, I sat with a number of enterprise IT pros in a group called \u201cMECF \u2013 Microsoft Enterprise Customer Forum. We met quarterly at Microsoft Redmond campus to advise them on challenges using their software in the enterprise. Microsoft was emerging into the enterprise computing space and there was much to be learned. As early adopters of their technology, there was an ongoing need for feedback, most of it centered around challenges with administration of the systems. Microsoft was emerging out of the desktop space, and the only way to manage the infrastructure was either by mouse and keyboard, or as a developer with API\u2019s. This made it exceedingly difficult for IT staff to manage their systems.<\/p>\n\n\n\n Over the following decade, Microsoft\u2019s offerings became more sophisticated, but it wasn\u2019t until 2006 when the Monad project evolved into PowerShell that enterprise administration came into its own. IT teams could now manage the applications using a command line and batch scripts, more the way a UNIX admin would.<\/p>\n\n\n\n Now, 15 years later, PowerShell has grown into an extremely capable scripting language. Almost every enterprise software and hardware vendor has exposed their product through PowerShell modules. It is the go-to tool for IT people to effectively manage infrastructures: hardware and software of all flavours.<\/p>\n\n\n\n So, when I hear someone say, \u201cwe don\u2019t use PowerShell\u201d I think, either you don\u2019t understand the scope and use of PowerShell, or you have an IT team that has had their right hands cut off. It makes no sense.<\/p>\n\n\n\n Consider the above context. PowerShell talks to everything. It typically does it within administrative security contexts. It is used interactively at the command line, and extensively in batch mode with scripts that automate operations. It is a hacker\u2019s dream. It has been exploited before, which has led many an organization to shut it down.<\/p>\n\n\n\n But herein is the confusion. PowerShell is shutdown at the user desktop, but not for IT staff. They can\u2019t function without it. So, execs believe that it\u2019s shut down, but it\u2019s not. It\u2019s alive and well. This is where the security blind spot comes in.<\/strong><\/p>\n\n\n\n \u201cPowerShell is almost never shutdown on domain controllers and servers – that is the main blind spot of concern. 100% guaranteed, they aren\u2019t running it in signed-only mode with a code signing certificate. Organizations should review the active exploitations in the Mitre Framework via Powersploit \u201d <\/em><\/p>Michael Howden, director of security services, Novacoast<\/em><\/cite><\/blockquote>\n\n\n\n Let me say this: PowerShell is ADMINISTRATIVE and UNGOVERNED \u2013 a dangerous combo<\/strong>. There is no auditing, no change log, little control over access, it encourages dangerous behavior like embedding credentials in script – it is a serious security risk which executives should immediately address. It is also a blind spot because execs believe that the problem has been resolved by disabling it at the end-user desktop.<\/p>\n\n\n\n Most organizations have dozens if not hundreds of scripts. Some used on demand, some on scheduled basis. Some live in Azure Runbooks. It\u2019s all over the place. I have personally witnessed the most sophisticated of enterprise IT shops fail security audits because of this.<\/p>\n\n\n\n There is a solution. READI yourself \u2013 here comes the promotion<\/p>\n\n\n\n The READI Platform quickly identifies PowerShell scripts on your network, examines the script content for unsafe practices, ranks them for risk, and with minimal effort, moves them into their new secure, governed home in the READI Cloud Platform. It really couldn\u2019t be easier to eliminate a major security gap.<\/p>\n\n\n\n Welcome a new, secure, governed, roles-based access method of automating with PowerShell. Auditors and security professionals can be provided reviewer access while admins can be provided \u201cjust enough\u201d access to get the job done.<\/p>\n\n\n\n The READI Platform provides a cloud-based security and governance framework that enables enterprise customers to continue leveraging PowerShell automation while meeting infosec requirements. And best of all, it won\u2019t break the bank. The READI Platform is an affordable and immediate solution that will have executives and board members thankful that a major gap has been identified and quickly closed.<\/p>\n\n\n\nFirst, let\u2019s look at why this is even an issue\u2026 some background:<\/strong><\/h2>\n\n\n\n
So, what\u2019s the problem?<\/strong><\/h2>\n\n\n\n
Now the good news!<\/strong><\/h2>\n\n\n\n