Adaptation

 

After the infection has been analyzed with the aforementioned remediation and response tools, and once the cause of the infection has been identified, the administrator will have to adjust the company's security policies to prevent any such situation from occurring again.

The Adaptation phase may result in a large number of initiatives depending on the results obtained through the forensic analysis: from employee training courses on appropriate Internet use, to reconfiguration of corporate routers or user permissions on their personal computers.

Adaptive Defense 360 can be used to strengthen endpoint security in a number of ways:

 

Changing the advanced protection settings  

If the company's users tend to always use the same software, but there are users who install programs from dubious sources, a possible solution to reduce the risk posed by those users is to implement the Lock mode provided by the advanced protection. This will minimize malware exposure on top risk computers, preventing installation of illegitimate programs.

 

Changing the antivirus protection settings

Scheduling a larger number of scans or enabling the protection of infection vectors such as email or the Internet will help protect computers.  

 

Restricting access to certain websites by category

Reconfiguring the categories of website content accessible to users will reduce the number of dubious sites, ad-ridden pages, and innocent-looking but dangerous download portals (ebooks, pirated software, etc.) that may infect users' computers.

 

Filtering out spam and phishing messages

Email is an infection vector commonly used by phishing attacks. Adjusting the settings of the content filtering and anti-spam features will reduce the number of unsolicited messages received at users' mailboxes, reducing the attack surface.  

 

Partially or completely preventing access to pen drives and other external devices

Another commonly-used infection vector is the USB drives and modems that users bring from home.  Limiting or completely preventing access to these devices will block malware infections through these means.

 

Using the firewall and the intrusion detection system (IDS) to restrict communications from and to installed programs

The firewall is a tool designed to minimize malware exposure on computers, by preventing communications to and from programs that are not malicious in nature but may leave the door open for malware to enter the network.  If malware is detected that infects the network via a chat or P2P application, configuring the firewall rules correctly can prevent those programs from communicating with the exterior.

The firewall and the IDS can also be used to prevent malware from propagating once the first computer has been infected.

 

Examining the actions triggered by malware with the forensic analysis tool

will help you generate new firewall rules that restrict communications from one computer to another or protect the network against network attacks.

 

 


Related topics

Remediation tools

Herramienta de anĂ¡lisis forense

Configuring the device control feature

General firewall settings