Current Filter: Security>>>>>Review>

   

But, when their defences have been breached, all too many end up in a frantic fire-fight. Another problem is that some remediation systems are so inefficient that malware can remain undetected on endpoints for months at a time.

Malwarebytes comes to the rescue with a powerful new hunter-killer class weapon that provides drastically improved response times and immediate remediation across thousands of endpoints. Breach Remediation takes key features from Malwarebytes' flagship Anti-Malware product and teams up advanced remediation and anti-rootkit scanning with an intelligent definition - and heuristic-based scanning engine.

Breach Remediation differs dramatically from common anti-malware products, as it's deployed as a small-footprint 4MB program. This makes it extremely versatile, as it can be run locally via the command line or pushed automatically to compromised systems from central locations.

It works hand in glove with endpoint management platforms, including ForeScout and Microsoft SCCM, plus SIEM solutions such as ArcSight, Splunk and QRadar. When alerted to a potential threat, the Breach Remediation executable can be automatically deployed to affected endpoints and its XML log files used by SIEM products to create actionable events.

Support for Mandiant's OpenIOC (Indicators of Compromise) makes Breach Remediation even more versatile. Along with its own threat database, it can incorporate OpenIOC's XML threat descriptions as custom rules. It also has the ability to send log data to Syslog servers. It only outputs its logs in ArcSight's CEF (Common Event Format), so your Syslog server must support this.

Breach Remediation is easy to use and highly portable. The executable, definition databases and log files only take up 8MB, so it can be copied to a USB stick and run directly on an endpoint.

We found running it from the command line a simple process and copied the complete folder to a test Windows 10 system with Internet access. Registration was achieved quickly by running the executable using the 'register' parameter, followed by our licence key. Next, the 'update' parameter was used to download Malwarebytes' latest threat signatures. To avoid unauthorised use, the licence times out after 14 days, but can be quickly re-registered at no additional cost, using the same command.

Breach Remediation offers four scan types with the 'hyper' parameter causing it to look for malware actively running on the host by scanning memory objects and applying heuristics. The 'threat' parameter runs quick scans that look at typical malware hotspots, while the 'full' switch scans the entire computer and checks areas such as system drivers, the MBR, start-up objects, the registry and much more.

With no other parameters provided, Breach Remediation runs diagnostics scans and outputs its findings as XML files to its working directory. You can use extra parameters to exclude specific folders and files from the scan or create custom XML files with exclusion lists for file extensions, registry keys and vendor names.

To remediate threats, just add the 'remove' parameter to the scan command - it's that simple. It doesn't just delete them either, as malware, PUPS (potentially unwanted programs) or PUMs (potentially unwanted modifications) are moved to the working directory's quarantine folder.

For selective remediation scans, you can ask for confirmation before items are quarantined. You can also request the host system be rebooted, if the removal process requires this, request it occurs after a specific wait time and display a custom message.

Malwarebytes Breach Remediation provides enterprise support staff with an anti-malware magic bullet. It's a simple, yet remarkably powerful, tool and its ability to team up with all major endpoint management and SIEM solutions allows enterprises to respond quickly to threat alerts with efficient remediation. CS

Product: Breach Remediation 2.6
Supplier: Malwarebytes
Website: www.malwarebytes.org
Price: 99 devices - £14.95 per device (ex VAT)