NSA, CISA say: Don't block PowerShell, here's what to do instead

Image: Getty Images/iStockphoto

Cybersecurity authorities from the US, the UK, and New Zealand have advised businesses and government agencies to properly configure Microsoft’s built-in Windows command-line tool, PowerShell – but not to remove it.    

Defenders shouldn’t disable PowerShell, a scripting language, because it is a useful command-line interface for Windows that can help with forensics, incident response and automating desktop tasksaccording to joint advice from the US spy service the National Security Agency (NSA), the US Cybersecurity and Infrastructure Security Agency (CISA), and the New Zealand and UK national cybersecurity centres. 

It also lets admins automate security tasks on Microsoft’s Azure cloud platform. Users can, for example, write PowerShell commands to manage Microsoft’s Defender antivirus on Windows 10 and Windows 11.

SEE: Cloud computing dominates. But security is now the biggest challenge

But PowerShell’s flexibility has also made it amenable to attackers who’ve used it to remotely compromise Windows devices and even Linux systems. 

So, what should defenders do? Remove PowerShell? Block it? Or just configure it? 

“Cybersecurity authorities from the United States, New Zealand, and the United Kingdom recommend proper configuration and monitoring of PowerShell, as opposed to removing or disabling PowerShell entirely,” the agencies say.

“This will provide benefits from the security capabilities

Read More: https://www.zdnet.com/article/nsa-cisa-say-dont-block-powershell-heres-what-to-do-instead/#ftag=RSSbaffb68