SlideShare a Scribd company logo

3 Cases for Quarantine Confirgurations

OPSWAT
OPSWAT

All organizations handle many types of files entering from a variety of digital communication channels and mitigating the risks of threats while maintaining productivity can be difficult. Utilizing a file quarantine can help administrators with these challenges; learn the top three questions you should be asking about your quarantine process.

Software
1 of 6
Download to read offline
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 1 Quarantine CONFIGURATION THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 1 Introduction When dealing with potentially malicious files, a digital quarantine has the same goal as a physical one; isolating the infection can prevent it from spreading and compromising other healthy individuals. Once the potential threat is isolated, forensic analysis can be done to determine the exact cause or source of the threat that has been quar- antined, however long it takes to complete the analysis. After the threat has been analyzed, it can be released, neutralized, or removed depending on the conclusions of the analyst(s). Advantages of File Quarantine When malware is suspected in digital files, there are significant advantages to quarantining them instead of remov- ing anything that is identified as a potential threat. The first is that the chance of misidentifying a harmless file as malicious (a false positive) can never be completely eliminated. If that file is permanently deleted, valuable data may be lost without the possibility of recovery. Quarantining the file instead allows for the possibility of restoring that file if it turns out not to be a threat. A second advantage of quarantining a file instead of deleting it emerges when a real threat is identified. It is valu- able to examine the file to determine its source; if the origin of the malware is identified either legal or technical action can be taken against that malicious actor. Forensic analysis can also find out more about the threat and use that information to identify or block similar threats that would not have been detected otherwise. This is especially true in the case of new and unique threats.
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 2 Considerations for Quarantine Configuration 1. When should the quarantine occur? If files are being checked at the entry point to a secure network, for instance, a quarantine can be used to hold onto any files that are potentially dangerous before they are allowed into the secure area. These files can then be analyzed using an organization’s secure data workflow policies to determine whether they should be allowed entry, sanitized to remove embedded threats, held for further analysis or deleted. Because the file is being held in the quarantine, there is an opportunity to gather more information about the file if it is needed to make a final decision. The source of the file could potentially be queried for more data, or additional systems could be used (such as dynamic analysis engines) to help clarify whether the file should be allowed. 2. What do we do when threats are detected? A key decision that needs to be made when defining a security policy is what to do if malware or other threats are found inside a secure network. One might assume that if entry to a secure network is controlled, then any data that has passed those checkpoints should be free of threats. In reality, there are many reasons that a malicious file could be found within a secure network. The first might be that files were introduced in such a way that they circumvented the security checkpoints in place. For example, end users could accidently bring in USB devices without first scanning them to see if there were any threats. Another possibility is that new threats often pass undetected for a period of time before they are identified as malicious by the security defenses in place. If a threat is brought in during this delay in detection, it could then
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 3 enter the secure network and still be active even after the perimeter security checks are updated and are detecting it as a threat. If such malware has been identified, the quarantine policy should specify at which level the threat should be quarantined. The individual file could be isolated, or it could be more appropriate to isolate the entire system or network where that threat was found. This will depend on the environment where the threat is found, as well as the characteristics of the threat itself. For low-security networks, it may be enough to simply isolate the file until it has been examined. On systems that have access to critical networks, however, you may want to isolate the entire system so that it can be investigated and cleaned before it is again allowed access to the network. In extreme cases, it may even make sense to isolate an entire network to make sure that the threat doesn’t spread. The appropriate level of response depends not only on the type of system/network affected but also the type of threat found. Many anti-malware systems classify potential threats according to their confidence in the severity of the threat in question. Some files are known to be malicious or clean, other threats may look similar to known threats even if they have not specifically been identified as a threat, while others still may look completely different than either known malicious or clean files and, therefore, be flagged for further analysis. 3. Who holds the keys? Another factor to take into account when defining a quarantine policy is who should have the right to assess the files that have been quarantined to determine whether they should be released or permanently deleted, as well as whether any further action is needed. This is also heavily dependent on the variables mentioned above, as well as on the roles assigned to particular users or groups of users. Users may need to have their privileges restricted either due to their access to sensitive information or due to their technical ability to properly assess the severity of
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 4 a threat. Organizations may also want to limit their potential liability by restricting the group of people who have access to potentially malicious files or sensitive content. Conclusion Overall the use of a quarantine allows security administrators to have increased control over analyzing security cases that are neither unambiguously malicious nor unambiguously benign. By allowing for a middle ground where potential threats are neither immediately removed, nor automatically allowed into a secure area, additional time is gained. Administrators can conduct further analysis of the threat and make a much more appropriate decision as to how to proceed. The additional configuration options add some complexity to defining and administering security policies, but the benefits of improving the response to potential threats should far outweigh the costs.
THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 5 http://www.opswat.com Disclaimer. © 2015. OPSWAT, Inc. (“OPSWAT”). All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. OPSWAT is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. Though reasonable effort has been made to ensure the accuracy of the data provided, OPSWAT makes no claim, promise or guarantee about the completeness, accuracy and adequacy of information and is not responsible for misprints, out-of-date information, or errors. OPSWAT makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

Recommended

Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 

Recommended

Detecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisDetecting Unknown Attacks Using Big Data Analysis
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunityamiable_indian
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)
SBC 2012 - Dynamic Access Control in Windows Server 2012 (Nguyễn Ngọc Thuận)Security Bootcamp
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
How to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMHow to Detect a Cryptolocker Infection with AlienVault USM
How to Detect a Cryptolocker Infection with AlienVault USMAlienVault
 
Sophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecuritySophisticated Attacks vs. Advanced Persistent Security
Sophisticated Attacks vs. Advanced Persistent SecurityPriyanka Aash
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd Iaetsd
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
ds-threat-intelligence-exchange
ds-threat-intelligence-exchangeds-threat-intelligence-exchange
ds-threat-intelligence-exchangeRobert D. Diaz
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systemsUltraUploader
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
Cyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 PresentationCyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 PresentationInfocyte
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISOSecurity Bootcamp
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Pamela Dempster
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineeringsoftware-engineering-book
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
M.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network securityM.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network securityDr.Florence Dayana
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceUltraUploader
 
AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
IDS Research
IDS ResearchIDS Research
IDS ResearchYehan Gunaratne
 

More Related Content

What's hot

Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd Iaetsd
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemCSCJournals
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSahithi Naraparaju
 
ds-threat-intelligence-exchange
ds-threat-intelligence-exchangeds-threat-intelligence-exchange
ds-threat-intelligence-exchangeRobert D. Diaz
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggAlienVault
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systemsUltraUploader
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
Cyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 PresentationCyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 PresentationInfocyte
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISOSecurity Bootcamp
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Pamela Dempster
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingEC-Council
 
M.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network securityM.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network securityDr.Florence Dayana
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMAlienVault
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceUltraUploader
 

What's hot (20)

Splunk for security
Splunk for securitySplunk for security
Splunk for security
 
Iaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threadsIaetsd evasive security using ac ls on threads
Iaetsd evasive security using ac ls on threads
 
A Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert SystemA Security Analysis Framework Powered by an Expert System
A Security Analysis Framework Powered by an Expert System
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting Infographic
 
Self protecteion in clustered distributed system new
Self protecteion in clustered distributed system newSelf protecteion in clustered distributed system new
Self protecteion in clustered distributed system new
 
ds-threat-intelligence-exchange
ds-threat-intelligence-exchangeds-threat-intelligence-exchange
ds-threat-intelligence-exchange
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usm
 
Demo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_ggDemo how to detect ransomware with alien vault usm_gg
Demo how to detect ransomware with alien vault usm_gg
 
An introduction to intrusion detection systems
An introduction to intrusion detection systemsAn introduction to intrusion detection systems
An introduction to intrusion detection systems
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
 
Cyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 PresentationCyber Incident Response Triage - CPX 360 Presentation
Cyber Incident Response Triage - CPX 360 Presentation
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
 
Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050Poster_PamelaDempster_40096050
Poster_PamelaDempster_40096050
 
Ch13 security engineering
Ch13 security engineeringCh13 security engineering
Ch13 security engineering
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
 
A Brief Introduction to Penetration Testing
A Brief Introduction to Penetration TestingA Brief Introduction to Penetration Testing
A Brief Introduction to Penetration Testing
 
M.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network securityM.Florence Dayana/Cryptography and Network security
M.Florence Dayana/Cryptography and Network security
 
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USMInsider Threats: How to Spot Trouble Quickly with AlienVault USM
Insider Threats: How to Spot Trouble Quickly with AlienVault USM
 
Approaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidanceApproaches to integrated malware detection and avoidance
Approaches to integrated malware detection and avoidance
 

Similar to 3 Cases for Quarantine Confirgurations

AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) ghayour abbas
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
How Pathology Lab Software Can Enhance Data Security.pptx
How Pathology Lab Software Can Enhance Data Security.pptxHow Pathology Lab Software Can Enhance Data Security.pptx
How Pathology Lab Software Can Enhance Data Security.pptxMocDoc
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIMAnton Chuvakin
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage PreventionIRJET Journal
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1Ankit Gupta
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfannaielectronicsvill
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Mikro Elektronik GmbH
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The SecurityRachel Phillips
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpointsCisco Canada
 
COMPUTER SYSTEM SECURITY.docx
COMPUTER SYSTEM SECURITY.docxCOMPUTER SYSTEM SECURITY.docx
COMPUTER SYSTEM SECURITY.docxToobaTanvir3
 

Similar to 3 Cases for Quarantine Confirgurations (20)

AI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from PatentsAI for Ransomware Detection & Prevention Insights from Patents
AI for Ransomware Detection & Prevention Insights from Patents
 
IDS Research
IDS ResearchIDS Research
IDS Research
 
CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System) CSI-503 - 10. Security & Protection (Operating System)
CSI-503 - 10. Security & Protection (Operating System)
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
How Pathology Lab Software Can Enhance Data Security.pptx
How Pathology Lab Software Can Enhance Data Security.pptxHow Pathology Lab Software Can Enhance Data Security.pptx
How Pathology Lab Software Can Enhance Data Security.pptx
 
Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage Prevention
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Lecture26 cc-security1
Lecture26 cc-security1Lecture26 cc-security1
Lecture26 cc-security1
 
CIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdfCIA = Confidentiality of information, Integrity of information, Avai.pdf
CIA = Confidentiality of information, Integrity of information, Avai.pdf
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The Security
 
Cisco amp for endpoints
Cisco amp for endpointsCisco amp for endpoints
Cisco amp for endpoints
 
COMPUTER SYSTEM SECURITY.docx
COMPUTER SYSTEM SECURITY.docxCOMPUTER SYSTEM SECURITY.docx
COMPUTER SYSTEM SECURITY.docx
 

More from OPSWAT

Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown ThreatsOPSWAT
 
How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsOPSWAT
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear FacilitiesOPSWAT
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftOPSWAT
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation SummitOPSWAT
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data BreachesOPSWAT
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxOPSWAT
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data WorkflowOPSWAT
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees OPSWAT
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureOPSWAT
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyOPSWAT
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizationsOPSWAT
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS FrameworkOPSWAT
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan ClientOPSWAT
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning TechnologyOPSWAT
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanningOPSWAT
 

More from OPSWAT (17)

Preventing Known and Unknown Threats
Preventing Known and Unknown ThreatsPreventing Known and Unknown Threats
Preventing Known and Unknown Threats
 
How to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted ApplicationsHow to Identify Potentially Unwanted Applications
How to Identify Potentially Unwanted Applications
 
Securing Nuclear Facilities
Securing Nuclear FacilitiesSecuring Nuclear Facilities
Securing Nuclear Facilities
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
Reasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record TheftReasons for the Popularity of Medical Record Theft
Reasons for the Popularity of Medical Record Theft
 
Defense Innovation Summit
Defense Innovation SummitDefense Innovation Summit
Defense Innovation Summit
 
Top 10 Facts About Data Breaches
Top 10 Facts About Data BreachesTop 10 Facts About Data Breaches
Top 10 Facts About Data Breaches
 
Metascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for LinuxMetascan Multi-Scanning Technology for Linux
Metascan Multi-Scanning Technology for Linux
 
Secure Data Workflow
Secure Data WorkflowSecure Data Workflow
Secure Data Workflow
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
 
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical InfrastructureUsing Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
Using Multiple Antivirus Engine Scanning to Protect Critical Infrastructure
 
Malware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny CzarnyMalware and Anti-Malware Seminar by Benny Czarny
Malware and Anti-Malware Seminar by Benny Czarny
 
Securing data flow to and from organizations
Securing data flow to and from organizationsSecuring data flow to and from organizations
Securing data flow to and from organizations
 
Introduction to OESIS Framework
Introduction to OESIS FrameworkIntroduction to OESIS Framework
Introduction to OESIS Framework
 
Introduction to Metascan Client
Introduction to Metascan ClientIntroduction to Metascan Client
Introduction to Metascan Client
 
Metascan Multi-scanning Technology
Metascan Multi-scanning TechnologyMetascan Multi-scanning Technology
Metascan Multi-scanning Technology
 
The Value of Multi-scanning
The Value of Multi-scanningThe Value of Multi-scanning
The Value of Multi-scanning
 

Recently uploaded

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

3 Cases for Quarantine Confirgurations

  • 1. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 1 Quarantine CONFIGURATION THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION
  • 2. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 1 Introduction When dealing with potentially malicious files, a digital quarantine has the same goal as a physical one; isolating the infection can prevent it from spreading and compromising other healthy individuals. Once the potential threat is isolated, forensic analysis can be done to determine the exact cause or source of the threat that has been quar- antined, however long it takes to complete the analysis. After the threat has been analyzed, it can be released, neutralized, or removed depending on the conclusions of the analyst(s). Advantages of File Quarantine When malware is suspected in digital files, there are significant advantages to quarantining them instead of remov- ing anything that is identified as a potential threat. The first is that the chance of misidentifying a harmless file as malicious (a false positive) can never be completely eliminated. If that file is permanently deleted, valuable data may be lost without the possibility of recovery. Quarantining the file instead allows for the possibility of restoring that file if it turns out not to be a threat. A second advantage of quarantining a file instead of deleting it emerges when a real threat is identified. It is valu- able to examine the file to determine its source; if the origin of the malware is identified either legal or technical action can be taken against that malicious actor. Forensic analysis can also find out more about the threat and use that information to identify or block similar threats that would not have been detected otherwise. This is especially true in the case of new and unique threats.
  • 3. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 2 Considerations for Quarantine Configuration 1. When should the quarantine occur? If files are being checked at the entry point to a secure network, for instance, a quarantine can be used to hold onto any files that are potentially dangerous before they are allowed into the secure area. These files can then be analyzed using an organization’s secure data workflow policies to determine whether they should be allowed entry, sanitized to remove embedded threats, held for further analysis or deleted. Because the file is being held in the quarantine, there is an opportunity to gather more information about the file if it is needed to make a final decision. The source of the file could potentially be queried for more data, or additional systems could be used (such as dynamic analysis engines) to help clarify whether the file should be allowed. 2. What do we do when threats are detected? A key decision that needs to be made when defining a security policy is what to do if malware or other threats are found inside a secure network. One might assume that if entry to a secure network is controlled, then any data that has passed those checkpoints should be free of threats. In reality, there are many reasons that a malicious file could be found within a secure network. The first might be that files were introduced in such a way that they circumvented the security checkpoints in place. For example, end users could accidently bring in USB devices without first scanning them to see if there were any threats. Another possibility is that new threats often pass undetected for a period of time before they are identified as malicious by the security defenses in place. If a threat is brought in during this delay in detection, it could then
  • 4. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 3 enter the secure network and still be active even after the perimeter security checks are updated and are detecting it as a threat. If such malware has been identified, the quarantine policy should specify at which level the threat should be quarantined. The individual file could be isolated, or it could be more appropriate to isolate the entire system or network where that threat was found. This will depend on the environment where the threat is found, as well as the characteristics of the threat itself. For low-security networks, it may be enough to simply isolate the file until it has been examined. On systems that have access to critical networks, however, you may want to isolate the entire system so that it can be investigated and cleaned before it is again allowed access to the network. In extreme cases, it may even make sense to isolate an entire network to make sure that the threat doesn’t spread. The appropriate level of response depends not only on the type of system/network affected but also the type of threat found. Many anti-malware systems classify potential threats according to their confidence in the severity of the threat in question. Some files are known to be malicious or clean, other threats may look similar to known threats even if they have not specifically been identified as a threat, while others still may look completely different than either known malicious or clean files and, therefore, be flagged for further analysis. 3. Who holds the keys? Another factor to take into account when defining a quarantine policy is who should have the right to assess the files that have been quarantined to determine whether they should be released or permanently deleted, as well as whether any further action is needed. This is also heavily dependent on the variables mentioned above, as well as on the roles assigned to particular users or groups of users. Users may need to have their privileges restricted either due to their access to sensitive information or due to their technical ability to properly assess the severity of
  • 5. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 4 a threat. Organizations may also want to limit their potential liability by restricting the group of people who have access to potentially malicious files or sensitive content. Conclusion Overall the use of a quarantine allows security administrators to have increased control over analyzing security cases that are neither unambiguously malicious nor unambiguously benign. By allowing for a middle ground where potential threats are neither immediately removed, nor automatically allowed into a secure area, additional time is gained. Administrators can conduct further analysis of the threat and make a much more appropriate decision as to how to proceed. The additional configuration options add some complexity to defining and administering security policies, but the benefits of improving the response to potential threats should far outweigh the costs.
  • 6. THREE CONSIDERATIONS FOR FILE QUARANTINE CONFIGURATION | PAGE 5 http://www.opswat.com Disclaimer. © 2015. OPSWAT, Inc. (“OPSWAT”). All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided “as is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. OPSWAT is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. Though reasonable effort has been made to ensure the accuracy of the data provided, OPSWAT makes no claim, promise or guarantee about the completeness, accuracy and adequacy of information and is not responsible for misprints, out-of-date information, or errors. OPSWAT makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.