How Does It Work?
Additionally, many other security features can be enabled with JITs turned off. These include Control Flow Guard (CFG), Control-flow-Enforcement Technology (CET), and Arbitrary Code Guard (ACG). These each add additional security layers to keep users and their data secure.
What To Do?
This new Edge security feature is still in the testing phase, but the Microsoft Edge preview release (including Beta, Dev, and Canary) users can enable this feature by heading to edge://flags/#edge-enable-super-duper-secure-mode and turning on the feature.
The head of the Security Engineering team, Johnathan Norman at Microsoft made a statement on Twitter mentioning the tool is likely to change with many technical challenges to overcome during the process of experimenting with the feature. He also stated the tool won’t be exclusive to Windows devices, they plan to have it available on Macs and Androids in the near future. Norman mentioned they may have to change the name when the feature goes ‘live’, but will continue to have fun with it.
It’s a good idea to keep an eye out for this new feature being released along with other web browsers following suit. If you or your company has a patch management solution or automatic updates, you shouldn’t miss the release, however, you will need to enable it. If you’re eager to use this feature, you can head to https://www.microsoftedgeinsider.com/en-us/download/ to install one of the three ‘channels’ to use Edge’s new features that are still being experimented on. Once installed, head to edge://flags/#edge-enable-super-duper-secure-mode when using the channel.
Once enabled, you should test whether enabling this feature breaks any of your critical applications. You can disable this feature when you need to access those critical applications that break when the JIT has been disabled.
Additional SMB Protections from CyberHoot
In addition to enabling this Super Duper Secure Mode feature, CyberHoot recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:
- Adopt a password manager for better personal/work password hygiene
- Require two-factor authentication on any SaaS solution or critical accounts
- Require 14+ character Passwords in your Governance Policies
- Train employees to spot and avoid email-based phishing attacks
- Check that employees can spot and avoid phishing emails by testing them
- Adopt a patch management solution
- Backup data using the 3-2-1 method
- Incorporate the Principle of Least Privilege
- Perform a risk assessment every two to three years