Question : Worm Spreading rapidly on network

Hi,

   I have around 250 machines on my network. In my network infrastructure we have a sonicwall firewall, Mcafee antivirus & Trend Micro antivirus too. Now the issue is there is a network worm in some of machines, And we are damn sure that 4-5 desktops & laptops still dont have antivirus solutions. I need some solution such that whenever a laptop attaches to my network the Infrastructure should be able to alert me if the machine is broadcasting viruses.

Because users in my organisation take their laptops home and also do use Pen-drives, sometimes their laptops are also not protected with antivirus. So the System should be capable enough to generate an alert whenever such un-protected system comes to my periphery. Bcoz my current central antivirus is not able to detect the source although it's detecting and removing them.

I can invest on some hardware also if something is available in market.

Answer : Worm Spreading rapidly on network

Hi,

I have a couple of questions and recommendations as well:

1) Are you able to identify the name of this worm? and what was the taken action by your AV?

2) Do you know any suspicious symptoms on the network/computers? please mention them

My recommendations to you:

1) Patch Management (Use MS WSUS to deploy windows patches)

2) USB Lockdown (This will cut down the number of infections)

3) Force All users to install an AV on their laptops

4) You need to deploy some NAC solution that will check connected computers and remediate them if they don't comply with the policy

5) You need to deploy some Web Filtering solution that will block users from accessing malicious websites and download malwares


A Symantec Certified Specialist @ your service