Do you have malware on your network? What about remote access tools? Are machines on your network connecting to a botnet? What about users visiting malicious web site? How do you even know? Odds are your current tools are not giving you a complete story about the malicious activity on your network. A recent Solera Networks report stated it took on average 80 days to detect a malicious breach and 123 days to resolve it. That is almost 3 months before the average breach was even discovered and another month before it could be removed. Why is this the case? There are two reasons. The first is that most tools are reactive only. Endpoint security solutions will scan a system and only tell you it is infected after there is a signature for a piece of malware and it finds it on your system. The second is that this malware doesn’t want to be found. It tries to go undetected for as long as possible in order to extract data from a network. The combination of these two makes finding malware, especially advanced persistent threats and target attacks, very difficult.

So what is someone to do? How can you get more information about the malware that may currently be in your network. The CDW Threat Check provides that type of visibility. It does passive inspection of all inbound and outbound traffic looking for evidence of malicious activity. It will not block any traffic but simply monitor and report on what it sees. This includes connections to botnets, connections to command and control servers, remote access tools, visits to sites hosting malicious code, or any other evidence of an infection. Powered by Symantec’s Global Intelligence Network, which has over 40,000 sensors in 200 countries, the CDW Threat Check is able to provide unparalleled visibility into the malicious activity on a network. Best of all, this is a no cost service offered by CDW. Combining the power of Symantec with the solutions, people, and intelligence of CDW allows you to get a much greater perspective on your network.

Screen Shot 2013-10-29 at 8.41.25 AM

CDW has performed over 300 assessments since launching in April 2013. I personally have been involved in almost 50 of these, and every single time a new insight was gained. Sometimes it was seeing that there were 10+ different botnets on the network or a remote access tool connecting to China being installed on a server. Sometimes it was as simple as validating that the right tools were in place to protect against malware. Those that went through the assessment were able to better understand the malicious activity that was on their network. It allowed them to take direct actions to both clean their network and take better preventative actions in the future. They were also able to confirm they had both the right solutions in place and the right policies to match the traffic in their network. It provided insight to prevent greater damage in the future by providing accurate actionable information now. It is very low impact on the network and only takes 1-2 weeks to gather the data needed. The assessment service has no cost but the results are priceless. For more information check out this overview or contact your CDW account manager.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.