2

A colleague left and I have been entrusted with the security of the company. Checking an initial status I found that the machines are infested with viruses and there are multiple port scans and brute force attacks that are showing on the firewall between all the machines of the company towards other LAN machines. This problem is on servers and client computers.

I am overwhelmed by 900 daily alerts that I am unable to handle, and I need to give a solution to the problem.

I have previous experience with antivirus consoles, but I don’t know how to manage this infestation problem that seems that our current antivirus "Endpoint protection" can’t handle.

Any ideas of how to get out of this headache?

schroeder
  • 123,438
  • 55
  • 284
  • 319
kimo pryvt
  • 469
  • 4
  • 6
  • 12

2 Answers2

6

Two things come to mind.

  1. Isolate as much of your network as you can into zones and tackle each zone on its own. Set up firewall rules to prevent any incoming connections to any device that is not expecting it. Start with the machines that contain your most precious info.

And by "handle it", I mean nuke each machine and rebuild from known good backups.

  1. Get help. You might need to pay for extra hands.
schroeder
  • 123,438
  • 55
  • 284
  • 319
2

You may be out of your depth here.If this is the case you need to go to management and ask they open the coffers for professional external help as you are in over your head.

Running AV and nuking all the machines will not guarantee a clean environment if you do not know what to look for or more importantly how they got into your environment in the first place.

McMatty
  • 3,192
  • 1
  • 7
  • 16