Other issues in this category (65)
Anti-virus pro forma 2: Problems and solutions
In the first issue of Anti-virus pro forma, we examined in sufficient detail what happens when a company fails to protect its IT environment in a systematic way. Can companies avoid this situation and establish real security? Yes, and it’s relatively easy to do!
Corporate anti-virus solutions support remote administration—I think everyone understands that it’s impossible to maintain the security of dozens, hundreds, or even thousands of machines without this feature. Dr.Web incorporates this feature, too, in its Dr.Web Enterprise Security Suite Control Center (although sometimes users don't use it for reasons unknown to us, even though it is provided free of charge). Here we won't discuss all the Dr.Web Control Center features (a step-by-step guide through the basic features would occupy over 300 pages). Let's focus on how it can be used to prevent the situation we described in the first issue.
The initial infection occurred because the anti-virus on an employee's PC was either disabled or was using outdated virus definitions, allowing malware from a phishing email containing documents.exe to be launched.
This is a simple one. First, prevent users from disabling the anti-virus.
Then configure automatic updates:
Among all the other things detected was suspicious behaviour on the part of the legitimate program Ammyy Admin.
Here the administrator could have used the Control Center to configure the anti-virus's response to malicious and potentially dangerous software:
The investigation showed that several employees had launched the files attached to the phishing emails at different times.
Different access permissions should have been set up for various groups of employees and individual users:
In addition, the Control Center lets you configure notifications about malware outbreaks—this will help prevent multiple infections:
To find and download various utilities (such as Mimikatz), criminals accessed legitimate sites, such as popular search engines, via the infected hosts.
Office Control, which is similar to the Parental Control that comes with Dr.Web Security Space:
An analysis of the software’s security logs confirmed that the compromised computers were engaged in network activities, including connecting to ATMs with RAdmin. Administrators in a bank network routinely use this software to remotely control network nodes including ATMs.
With the Control Center, administrator actions can be analyzed, which makes it possible to determine who is responsible for any loopholes that arise in the corporate environment. #corporate_security #anti-virus #Dr.Web_settings #Office_control
Use anti-virus solutions properly to avoid the headaches that can be caused by unwanted incidents. More often than not, this will prevent them from happening in the first place!