![]() It wasn't a very good solution overall, which is why we ended up replacing it. There was no way to lock that node down immediately when you see something out of the ordinary. It immediately tried to find other machines on that network segment with the same vulnerability to infect that particular node. Case in point, we had an issue where we had a machine that was affected. We can use that information to beef up the firewall rules. For example, if it's trying to call home to a specific IP or domain. It'll also help if they give us more of an explanation of what the malware tries to do once it's on the network. You can usually do that with a policy setting. Then it can't probably get onto another node. It would be really good if they had a proactive feature to isolate the node with the agent on the endpoint when it sees some type of erroneous behavior and knock it off the network. Still, there's no way to actually determine a workflow of how it actually came in, how it was executed, and how it was distributed within the enterprise if indeed it did migrate or propagate through. You're just notified if there is an instance. The platform itself can be improved as there's no way to track how infections get into the organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |