How to act on company-wide malware infestation
How to act on company-wide malware infestation
A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.
I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.
I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.
Any ideas of how to get out of this headache?
2 Answers
2
Two things come to mind.
And by "handle it", I mean nuke each machine and rebuild from known good backups.
You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.
Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.