Addressing Global Malware Download Issue

B.

When an organization discovers that malware has been downloaded from a website that currently does not have a known bad reputation, it is important to quickly and efficiently address the issue to prevent any further damage. In this scenario, there are several possible solutions to consider:

A. Creating a URL object in the policy to block the website: This is a possible solution that can be effective in preventing future attempts to access the website. By creating a URL object in the policy to block the website, the organization can ensure that no further access is granted to the website by any endpoint in the network. However, this solution does not address any existing malware that may already be present on the endpoint that downloaded the malware. Therefore, additional steps should be taken to address any potential infections.

B. Cisco Talos will automatically update the policies: Cisco Talos is a threat intelligence organization that provides real-time updates and protection against emerging threats. If the organization has enabled the automatic updating of policies, then Cisco Talos will automatically update the policies with any new information about the website and its reputation. This solution can be effective in quickly addressing the issue without requiring any manual intervention. However, it is important to note that this solution relies on the accuracy and timeliness of the threat intelligence provided by Cisco Talos.

C. Denying outbound web access: Another possible solution is to deny outbound web access from the endpoint that downloaded the malware. This can be achieved through a variety of methods, such as blocking specific ports or protocols, or using a firewall to block outbound traffic to all websites except for those that are explicitly allowed. This solution can be effective in preventing any further attempts by the malware to communicate with its command and control servers or to download additional payloads. However, it may also impact legitimate web traffic from the endpoint, which could cause disruption or inconvenience for the user.

D. Isolating the endpoint: Finally, another possible solution is to isolate the endpoint that downloaded the malware from the rest of the network. This can be achieved through network segmentation or using a virtual LAN (VLAN) to isolate the endpoint. This solution can be effective in preventing the malware from spreading to other endpoints in the network, but it may also impact the ability of the user to perform their job functions.

In summary, each of the proposed solutions has its own advantages and disadvantages, and the best solution will depend on the specific needs and constraints of the organization. Ultimately, the goal is to quickly and efficiently address the issue while minimizing the impact on legitimate network traffic and user productivity.