Educause Security Discussion mailing list archives
Re: A Real-Time malware antivirus console
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 18 Jun 2009 07:31:01 -0400
reflect ocean wrote:
Hi there. We are reviewing our entire organization antivirus solution. Aside of effectiveness in malware detection,I am trying to propose a solution that gives an real time overall malware threat monitoring tool.I'm looking something like real time malware monitor or console indicating real time trend of malware detection in my network which let me act right upon a malware breakup (incident response team) and not having to react after those incidents with a sad report of events hours ago. Are you aware of any corporate solution that offer this feature? McAfee and EPO can do that?
Our Symantec console allows us to view the log rollups from all the managed clients. We view it at least daily. The same software is sending us email when it detects malware on select systems. It can probably do more but we haven't looked into it enough to know for sure. In general, we view the Symantec report as an indication that somebody was exposed to something bad. We do not generally believe the reports at face value. The nature of the reported infection, the location of the reported file(s), whether the user was using an administrator or regular user account, the role of the user, detection timing (real-time, scan, post liveupdate), and external data (e.g. SMS reports of file creation in the Windows directory, network log files) determine the course of response. Ideally, some day we'll feed the AV logs, system event logs, file integrity checker (e.g. tripwire, HIPS), and other data into our SIM and a lot of this will be more automated and real time. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- A Real-Time malware antivirus console reflect ocean (Jun 17)
- <Possible follow-ups>
- Re: A Real-Time malware antivirus console Stanclift, Michael (Jun 17)
- Re: A Real-Time malware antivirus console Robert Clifford (Jun 17)
- Re: A Real-Time malware antivirus console Basgen, Brian (Jun 17)
- Re: A Real-Time malware antivirus console Curt Wilson (Jun 17)
- Re: A Real-Time malware antivirus console Valdis Kletnieks (Jun 17)
- Re: A Real-Time malware antivirus console Curt Wilson (Jun 17)
- Re: A Real-Time malware antivirus console Eric Case (Jun 17)
- Re: A Real-Time malware antivirus console reflect ocean (Jun 17)
- Re: A Real-Time malware antivirus console Gary Flynn (Jun 18)
- Re: A Real-Time malware antivirus console King, Ronald A. (Jun 18)
- Re: A Real-Time malware antivirus console Stanclift, Michael (Jun 18)