wonderfully unique software solutions

Automox targets unsigned scripts with PowerShell signing capability

Endpoint management company Automox is unveiling Worklets Signing, which complements Worklets and Ask Otto with a view to helping companies dodge the dangers of PowerShell abuse and unsigned scripts.

Jason Kikta, chief information security officer (CISO) at Automox, said that scripting actions on a Windows machine to push out using Active Directory (AD) group policy has become harder, with on-prem versions of AD increasingly deprecated for “modern cloud-compatible” identity and access managers (IAMs).

“Writing PowerShell can be daunting and time-consuming for junior employees – and more than a few senior ones as well. Moreover, PowerShell itself has become a major focus for abuse by threat actors,” Kikta explained via an Automox blog post.

Automox has been tackling related PowerShell issues in three phases – including plug-and-play automations or Worklets enabling scheduling, policy setting and PowerShell push-out to the Windows endpoint.

Secondly, the vendor has rolled out gen-AI tool Ask Otto. This uses a large language model (LLM) to help teams draft scripts, while also taking advantage of the Automox Worklets Catalog library of plug-and-play IT automations for “hundreds” of Windows, macOS and Linux use cases, Kikta said.

“Soon we’ll unveil phase three: Worklet Signing,” he added.

Kikta said signing and validation of PowerShell scripts was about addressing security concerns around PowerShell abuse yet managing keys securely had been burdensome for IT departments.

Automox was aiming to reduce this pain by handling “the most pernicious bits”, he said, such as secure key generation and storage, public key distribution to the endpoint, and seamless signing for authorised IT team employees.

“Signed PowerShell paired with RemoteSigned or AllSigned execution policies can help to reduce your potential attack surface,” Kikta said.

“Signing scripts offers assurance that what you wrote is what will be executed – no malicious modifications. Signed scripts as well as a well managed RBAC (role-based access control) can ensure the strongest possible technical control between authorisation to write and authorisation to execute.”

Customers can opt in to sign every PowerShell command sent through Automox, helping ensure critical endpoint management tasks, such as configuration updates, aren’t changed in transit to managed devices, said Kikta.

“Dual-use and fileless PowerShell scripts comprise [many] of the critical security threats on endpoints,” he added.

A 2020 survey by Cisco found that PowerShell was the source of “more than a third” of critical endpoint security threats in one six-month period, as reported by eSecurity Planet in 2021.

( Photo by Gabriel Heinzer on Unsplash )

Recent Articles

Agreement management vendor DocuSign to add AI with Lexion buy

Cloud documentation management software company DocuSign has agreed to acquire Lexion, rolling the latter's AI capabilities into its DocuSign Intelligent Agreement Management...

LastPass urges SMBs to tackle human cyber vulnerabilities

SMBs are more proactive yet still aren't patching cybersecurity gaps caused by the "human factor" -- that is, based on human psychology...

Four core GFI business manager applications add AI co-pilot

GFI Software has integrated AI co-pilot capabilities into four of its key business-focused applications with a view to optimised network performance and...

Extended detection and response (XDR) has become vital, says Stormshield

Extended detection and response technologies (XDR) have become a vitally important shield for all companies, according to sovereignty focused data, network and...

Is OSCP or CEH the best security certification for staff? CBT Nuggets explains

Deciding between Offensive Security Certified Professional (OSCP) and Certified Ethical Hacker (CEH) cybersecurity skills certifications can be "make or break" for staff,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Weirdware monthly - Get the latest news in your inbox