Ransomware, Solarwind, Exchange Server ... it always takes software or hardware that can be used as a springboard for an attack and then, of course, software that carries out the attack. Pure whitelisting of applications has proven to be very costly and not very practical - and does not allow control of the applications' little siblings: macros, embedded scripts, etc. In order to be able to securely protect oneself against attacks, one must also bring these small accessories under control.

It is therefore no longer sufficient to look only at the applications on the server and client. So what needs to be done to separate good from evil - or is it rather a question of intentional and unintentional? Since it is not only at the point of execution a ...