Video: Improving Macro Security though automated digital signatures (part 2)

In this Part 2 video, Robert Dunn, the head of customer success at oobe gives a short demo of the Macrosine Solution, which improves Macro Security through automated digital signatures.

Setup a call with Robert

Please submit this form, if you would like to setup a call with Robert.


Here we are. So let's start at the overview page. The overview page of MacroSign provides administrators a breakdown of all the files being uploaded by your team. This is the breakdown of risk ratings and file types being uploaded running a high level reporting.

Administrators can see all files uploaded, whereas users are only up to see their own upload history.

We can navigate to the files list, audit logging, documentation, and, of course, the upload page where we'll step through the simple process.

So MacroSign is one of those brilliant applications that focuses on primarily doing one thing and doing the one thing right.

Users can either drag and drop files into the drop zone or click in the space to open an explorer window and navigate to files.

So here are some real files I prepared earlier.

This is a cross section of some files that are macro files, office files, or password protected files, so a good good mix. But I'll select all of them, and we select open.

Now before we hit upload, pay attention to how MacroSign will handle files uploaded. At the upload stage, MacroSign performs file validation, which denies the upload of any non macro files, files over two hundred megabytes or files which have already been uploaded.

Right. So we see various files being uploaded, and any unsupported file types or files already uploaded, files without any content are being rejected.

Jumping over to the files list, we can see the files I've already uploaded earlier, and we can see MacroSign doing heavy lifting on our new files. When a file is uploaded to MacroSign or pending assessment, MacroSign sends the file to a forty sandbox hosted within your IT environment for a full divination testing for assessment.

Following assessment, a risk rating is applied based on industry standard YARA rules, and that rating is being returned in the risk column here.

If a file is unable to be signed, this is called out. In this case, we're not able to assess code that's contained within a password protected file, and Microsoft reports as such. So while Microsoft does its thing, this can usually take two to three minutes. It's running the file in real time in a VM sandbox. We can go into the auditing tab to see what our team's been up to.

From the audit logs, we're able to see in more detail what files have been uploaded by who and, of course, when, all identified by a unique file hash. We're also able to provide audit logging on any settings configuration, within MacroSign.

So now to settings. I'll come back to documentation to wrap up soon, but I wanna demonstrate how easy it is to invite the teams to MacroSign and apply file signing permissions or MacroSign roles.

Right. Within role assignments, we can see there's two key roles, users and administrators.

So if we wanna add a new group or new user, we can do simply by clicking the plus symbol, Searching by type, let's say we wanna add a new power users group and, enable these users to guys, coincidentally upload PowerShell files. So it searched for a group, search for the AD group name, in this case, power users.

We won't make them administrators. We'll just call them users, and we'll choose the extensions we can permit them to upload. So we'll allow them to upload and sign PowerShell files and why not VB strips too.

And we simply click add role assignment, and here they are.

So moving on to risk handling.

From the risk settings, you can choose which level of risk you're willing to allow code signing for. We generally recommend only signing files marked as clean, though we have many clients who elect to sign low risk files. We allow for an override in the event that you believe a false positive has occurred.

The risk labels are also customizable, so you can see suit these to match your, terminology used in your organization.

In some scenarios, we see clients saving clean to permitted.

So let's go back to the files list.

Okay. Alright. So back on the files list, we can see MacroSign's done its work, and we can see that risk ratings have been provided back from our assessment.

When a file is clean, we can simply click download for users to obtain a signed and assessed file. We'll use this PowerShell file, for example. I'll bring this up here so you can see what I'm doing.


Digital signatures. And there you go. The file has been signed with the MacroSign clean certificate, ready for use in your environment.

So when a file isn't clean, as per this malicious guy over here, we can learn more about that file by downloading the sandbox report.

So this report tells us exactly what's going on in the file, which has caused it to return an unclean rating.

So up here.

So this breakdown breaks down the rules, which cause the files to be marked as malicious. In this case, we had vba deloader dot m r you'll need probably a cybersecurity expert more cyber than me to explain what that one means, but you understand the concept there.

And if we believe that that's to be a false positive and maybe this PowerShell file was one that we, develop sorry. This, risky word macro was something that we developed in house. We can simply override the risk level to apply the override signature and allow our team to use that file.

So finally, I wanna wrap up on documentation and enablement.

In app, we have a knowledge base on how to use Macro and how to enable some of its key features.

We have clients that copy content straight from here and place it into their SOPs for enablement, but we also offer elearning modules for both administrators and users. And these are comprehensive user guides for both administrator and user on how to upload and sign files as well as how to configure the settings and risks within MacroSign.

Further to this, we have a dedicated support portal and support team for MacroSign, hit up by myself where additional product knowledge can be found or tickets can be logged.

So I'll leave it there for now. Let's let's open up the floor for questions.