Malware Detection

When Quarantining is Not Enough

  • LinkedIn

Slider_2nd_Tier_Header_02

In 2016, organizations can no longer hope to successfully quarantine

and clean infected systems on a regular basis. Today, our strongest

recommendation is to DETECT, ISOLATE and RE-IMAGE; but this

is easier said than done without the proper strategy in place.

Here is what you need to know.

One of the most challenging obstacles for IT is to both identify and block malware as it crosses the network threshold. Malware can enter a host system through several attack vectors, such as:

  • Web SitesMalware
  • File Sharing Applications and Drop Boxes
  • Email
  • Removable disks and IoT (Internet of Things) Devices

which have become increasingly difficult to manage.

We’ve all heard the adage “a layered security approach is your best defense”.   Layering security increases the odds of defending your organization; but you must layer your security with the proper tools.  When applying this philosophy to malware prevention there are several specialized solutions that can dramatically increase your malware detection levels, and most importantly, isolate infected devices from the network before they become a major headache for your business.

Threat Management Systems, or “sandboxing”, has the ability to explode malware within it’s emulation systems, allowing for an increased chance to identify and block malicious traffic; but this on it’s own is not enough.  There must also be an ability to identify the endpoints that are triggering the traffic, automatically isolate them from the network and alert the security admins team.  To this end you will need tight integration between the sandboxing solution and the endpoints through a managed interface.

Malware2Once you have isolated the endpoints from the network, the task of cleaning the systems should be quick and efficient.   We have found that trying to quarantine and clean systems if very difficult regardless of the tools you have available.  Especially when your MBRs (Master Boot Records) are compromised.  The best cleaning method is to completely re-image your systems, thus, A2N has modified the expression; Detect Isolate Recover to Detect Isolate Re-Image.  This requires some forethought and a strategy to ensure endpoint data is not lost and is consistently saved in the proper place.  In the long run it will save you a lot of time, effort, headaches and money.

A2N partners with several manufacturers that fully support the detection and isolation strategy:

  1. Trend Micro:  Deep Discovery Sandbox, Deep Security for Virtualized Systems, OfficeScan for Endpoints with Control Manager to tie it together.
  2. Cisco Systems:  FireAMP for Endpoints is an excellent solution to continuously detect, track, analyze, control, and block advanced malware outbreaks across endpoints.
  3. Fortinet Networks:  FortiManager, FortiAnalyzer, FortiGate Firewalls, FortiSandbox and FortiClient are a holistic solution which ties all of your key security assets into a strong mitigation play.

A2N’s approach is to focus on solutions.  A solution approach is the combination of individual parts that function together as a whole to establish the security your organization requires.

Call A2N and create your own strategy to meet the unique needs of your business.  Keeping security simple – we are here to help!