Monday, February 10, 2014

Too Much Zeus, Need Recommendations

It's been a little over three months since I have started the new job.  To be certain, I love it.  I'm really starting to get  my arms around all that goes on (or doesn't) around here.  And while I know I have a daunting task to help guide this place towards becoming more secure; I know I have already taken great strides in moving forward.

I fully admit that there are some pretty basic controls that are not implemented.  If I were an auditor from my previous contracting job, my head would probably explode with some of the findings here.  Some of them are THAT basic.  But, these decisions have been made way in the past, and for the most part fall into the politics/culture category.  It will take a while to get movement on those controls.  Or a decent-sized breach.

All of that said, I was looking through my incident notes for the past month (or so.)  And looking at the fires I put out on a daily basis, I see that I work to eradicate at least one Zeus-infected host a day.  That's an average.  I've given up on remediating the hosts.  I send the IP to our helpdesk and let them get it off the network and reimaged.

In light of the controls that need grassroots work, I'm looking for a solution that I can dump on the client hosts to help combat zero-days, attachments, etc.

One recommendation I have received so far is Invincea.

Are there any potential solutions I should be aware of?

No comments:

Post a Comment