How to act on company-wide malware infestation
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
2
down vote
favorite
A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.
I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.
I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.
Any ideas of how to get out of this headache?
malware virus trojan worm
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
asked Aug 18 at 22:56
kimo pryvt
1241410
add a comment |Â
up vote
2
down vote
favorite
A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.
I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.
I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.
Any ideas of how to get out of this headache?
malware virus trojan worm
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
asked Aug 18 at 22:56
kimo pryvt
1241410
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.
I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.
I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.
Any ideas of how to get out of this headache?
malware virus trojan worm
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
asked Aug 18 at 22:56
kimo pryvt
1241410
A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.
I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.
I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.
Any ideas of how to get out of this headache?
malware virus trojan worm
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
asked Aug 18 at 22:56
kimo pryvt
1241410
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
edited Aug 18 at 23:33
schroeder♦
62.8k23136170
62.8k23136170
asked Aug 18 at 22:56
kimo pryvt
1241410
asked Aug 18 at 22:56
kimo pryvt
1241410
asked Aug 18 at 22:56
kimo pryvt
1241410
1241410
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
6
down vote
accepted
Two things come to mind.
- Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
- Get help. You might need to pay for extra hands.
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
add a comment |Â
up vote
2
down vote
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
answered Aug 21 at 0:12
McMatty
1,7611112
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
6
down vote
accepted
Two things come to mind.
- Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
- Get help. You might need to pay for extra hands.
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
add a comment |Â
up vote
6
down vote
accepted
Two things come to mind.
- Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
- Get help. You might need to pay for extra hands.
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
add a comment |Â
up vote
6
down vote
accepted
up vote
6
down vote
accepted
Two things come to mind.
- Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
- Get help. You might need to pay for extra hands.
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
Two things come to mind.
- Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
- Get help. You might need to pay for extra hands.
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
answered Aug 18 at 23:37
schroeder♦
62.8k23136170
62.8k23136170
add a comment |Â
add a comment |Â
up vote
2
down vote
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
answered Aug 21 at 0:12
McMatty
1,7611112
add a comment |Â
up vote
2
down vote
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
answered Aug 21 at 0:12
McMatty
1,7611112
add a comment |Â
up vote
2
down vote
up vote
2
down vote
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
answered Aug 21 at 0:12
McMatty
1,7611112
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
answered Aug 21 at 0:12
McMatty
1,7611112
answered Aug 21 at 0:12
McMatty
1,7611112
answered Aug 21 at 0:12
McMatty
1,7611112
answered Aug 21 at 0:12
McMatty
1,7611112
1,7611112
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f191853%2fhow-to-act-on-company-wide-malware-infestation%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
