The Network: US East Coast government contractor, hundreds of servers, hundreds of workstations, multiple locations
The Expectation: Up to date leading AntiVirus and patching, IDS and regular vulnerability scans provide protection
The Catch: EventTracker v8 sensor detects the creation of a new service on a workstation. Minutes later, it connects to a site hosted on Amazon EC2.
The Find: Malware infection detected after deep scan with a separate anti malware product.
The Fix: Quarantine the workstation and re-image the hard drive from the golden master.
The Lesson: Up to date AV and patching is necessary but not sufficient in today’s threat landscape.