Securing workstatio...
 
Notifications
Clear all

Securing workstations and Servers.

7 Posts
6 Users
0 Likes
597 Views
(@jens321)
Posts: 2
New Member
Topic starter
 

Hey!
I just want to clarify come concerns and I hope someone here could help me.
We have 40 workstations all installed with Windows 10 x64 OS and 2 Servers, both running Windows 2012 Server. We have installed Malwarebytes and Kaspersky 2017 on all the workstations and Malwarebytes and Kaspersky Security 10 for Windows Servers.
There aren't any issues or troubles with any of the systems so far and everything is going fine.
Recently, I happen to view a video about Malware attacks that can ruin important data www.storagepipe.com/blog/DDoS-Bitcoin-Brute-Force-Malware/ . It makes me a little worried about the security of the systems. Are Kaspersky and Malwarebytes strong enough to defend against malware attacks and intrusive files? How effectively can they detect and destroy such attacks. Is there a need to take any kind of extra protection? Will they detect and block ransomware attacks?

 
Posted : 25/04/2017 9:50 am
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Hey!
Are Kaspersky and Malwarebytes strong enough to defend against malware attacks and intrusive files?

How effectively can they detect and destroy such attacks. Is there a need to take any kind of extra protection?

Will they detect and block ransomware attacks?

They can be effective, depending on if the malware has been detected before.

Assuming that AV will catch everything and save the day isn't a good strategy. You may want to be able to section off a part of the network, especially if this is a lab/examination network (VMs ar great for testing potentially malware infested images). Turn off unnecessary services to decrease the attack surface, activate firewalls, configure login so only one user can access each machine, patch your systems, practice safe security (too long a subject for these forums) and train your users.

Ransomware, maby. Most seem to operate using WSH (Javascript/VBScript) and soon also Powershell (is my guess, if someone haven't already written something using that) so turning that off and disabling script execution is a good practice, but your network administrators will hate you.

Talk to them and find a common ground.

 
Posted : 25/04/2017 10:54 am
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Will they detect and block ransomware attacks?

There are numerous articles on the web stating "Antivirus is dead" like this one
http//mspmentor.net/blog/endpoint-security-anti-virus-dead-0
The overall detection rate of AV products is below 30% and more than 90% of all malware pieces, which were used in a APT scenarios, were unique and built for only one target.

No, you are not fully protected by traditional antivirus products. All products, which rely on a database of hashes to detect malware, are not sufficient to protect you from ransomware and other malware. Have a look at products doing a dynamical analysis of the software behaviour to detect if they are malicious or not. FireEye, CrowdStrike and Payload Security are offering products for a central analysis, SentinelOne has one for Clients.

Last week i have published a blog article regarding this topic, but it is in german, sorry.

best regards,
Robin

 
Posted : 25/04/2017 3:41 pm
tracedf
(@tracedf)
Posts: 169
Estimable Member
 

It sounds like you're off to a good start. Keep the OS patched up, as well as any high-risk software such as Adobe Reader, Flash, Java, etc. If you can remove some of those altogether, that's even better. Beyond that, back up your data. The best defense against ransomware is to have a good copy of your data stored offline. Online backups are often used for convenience, but they can be corrupted by ransomware so you need an offline copy as well.

 
Posted : 25/04/2017 7:56 pm
(@c-r-s)
Posts: 170
Estimable Member
 

The first step to secure a Windows system (after configuring it down to its use case) is to stop arbitrary code execution through Applocker or SRP. This actually reduces attack surface instead of enlarging it by installing third party products.

 
Posted : 25/04/2017 8:43 pm
(@athulin)
Posts: 1156
Noble Member
 

Will they detect and block ransomware attacks?

They will detect and block any attack they can detect and block.

It is not in the interest of any attacker to use attacks that can be identified. So attackers will do whatever they find reasonable to evade detection, in order to maximize their returns. The most successful attacks do precisely that.

The conclusion and any corollaries seem obvious While antivirus tools may seem as sound as a strong line of defense, they are unlikely to offer more protection than the Maginot line once did.

Plan for recovering.

 
Posted : 25/04/2017 9:01 pm
(@jens321)
Posts: 2
New Member
Topic starter
 

Thank you guys! I am thinking about having 2 back up copies for all the data, one online and one offline. I hope this will work as an insurance against any data disaster. A periodic backing up may protect the data.
In addition to these, I will look into other suggested security options.

 
Posted : 28/04/2017 4:25 pm
Share: