Joe, a user at a company, clicked an email links that led to a website that infected his workstation.
Joe was connected to the network, and the virus spread to the network shares.
The protective measures failed to stop this virus, and it has continued to evade detection.
Which of the following should a security administrator implement to protect the environment from this malware?
A.
Install a definition-based antivirus. B.
Implement an IDS/IPS C.
Implement a heuristic behavior-detection solution. D.
Implement CASB to protect the network shares.
C.
Joe, a user at a company, clicked an email links that led to a website that infected his workstation.
Joe was connected to the network, and the virus spread to the network shares.
The protective measures failed to stop this virus, and it has continued to evade detection.
Which of the following should a security administrator implement to protect the environment from this malware?
A.
Install a definition-based antivirus.
B.
Implement an IDS/IPS
C.
Implement a heuristic behavior-detection solution.
D.
Implement CASB to protect the network shares.
C.
In this scenario, Joe's workstation was infected with malware from a website, and it spread to the network shares despite protective measures failing to stop it. The security administrator needs to implement additional measures to protect the environment from further infection.
A definition-based antivirus (option A) relies on known malware signatures to identify and block malicious code. However, if the malware is new or has been modified to evade detection, a definition-based antivirus may not be effective in detecting it. Therefore, option A is not the best choice in this scenario.
An IDS/IPS (option B) can detect and block malicious traffic on the network. It can also monitor network activity for suspicious behavior and alert security personnel. However, it may not be able to detect all types of malware or prevent its spread. Option B is a viable choice, but it may not be sufficient on its own.
A heuristic behavior-detection solution (option C) uses algorithms to detect suspicious behavior on a system or network. It can identify new and unknown threats that signature-based solutions may miss. This is an effective option in detecting malware that has evaded other protective measures. Option C is a good choice for this scenario.
A CASB (Cloud Access Security Broker) (option D) is a security solution that protects cloud services and data accessed by users. While it can protect network shares, it may not be effective in detecting malware on endpoints. Option D is not the best choice in this scenario.
In conclusion, the best option for the security administrator to implement to protect the environment from the malware is option C, a heuristic behavior-detection solution.