Storm Control

tstrip007tstrip007 Member Posts: 308 ■■■■□□□□□□
Recently have had several storms that completely paralyze the network. Today was at users desk and AV popped up with a malware alert. I said "thats not good", and two min later... BOOM lost the network.

Had to drop everyone to start manual scans and bring them up one by one. It seems like even with AV on all hosts with scheduled scans, they still find a way to infect the network.

Has to be another line of defense... what do you guys/gals have in place to prevent this happening? Thanks

I have firewalls, gpo's, AV, web filters ...

Comments

  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Mail filters and link scanners?
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    Hmm. The threat type will determine the way of defeating or at least detecting it.

    firewalls are limited, gpos are good, but you cant stop users from executing everything, av is signature based, web filters depends on how and what you are filtering.

    honestly you are going to get hit, what matters is quick detection and response. For you, i'd advise network based intrusion detection with malware detection capabilities.

    What was the malware? Not much can take down an entire network in minutes, maybe a worm.
  • lilysimithlilysimith Member Posts: 10 ■□□□□□□□□□
    just in the right time; we've just had an issue caused by a faulty NIC which forced all WAN links to flap among others, indicating how vulnerable could an enterprise be when features like this are ignored.
Sign In or Register to comment.