You’ve done all you can to secure byods, but byod risk mitigation is necessary in the event of the inevitable, a compromised host. Let’s be sure your security team is equipped with the necessary solutions to detect such events, including endpoint security tools like MacAfee Endpoint Security and Carbon Black Defense, and understands what to do in the event a device is compromised.
One of the most common indicators of a risk introduced from a BYOD device is a compromised host containing malware. What steps should you be prepared to take if this does happen?
Steps for Mitigating Byod Risks
Once a host with malware has been detected, the next steps should be to:
Isolate the Host
Isolate the compromised host and, by following the file path of the infected file, manually remove the malware. You’ll want to inspect load points, as malware is run each time a computer starts, and brush up on identification of legitimate objets, or true files under their current names, not imitations.
Second Antivirus Scan
Run a second antivirus scan to ensure the malware has been successfully removed. If it is still detected, there is an option to run your scan outside the normal operating system by rebooting your computer in safe mode. This will hopefully prevent the malware from loading and you can have a chance of finding it.
If the malware still hasn’t been successfully removed, a reimage of the unit may be required. Be sure to backup any files that you don’t want to lose on a separate drive.
After these steps are taken, your team should perform a search on the infected file artifacts, such as the hash, to ensure no other hosts have been compromised. Indicators of compromise or evidences of a breach are usually left in files, images and links.
Other Compromised Hosts
If other compromised hosts are found, repeat the scenario on each of these hosts.
By following this incident response process, your team should be able to quickly find and resolve a compromised host.
The traditional workplace is quickly becoming a thing of the past. By following these steps above as mitigation strategies, and by having a streamlined process to manage devices you can reduce the security risks that accompany a BYOD environment.
Detect and respond to BYOD risks with ReliaQuest GreyMatter
ReliaQuest GreyMatter integrates and normalizes data from disparate technologies including SIEM, EDR, multi-cloud and point tools, on demand, so you always have a unified view to immediately and comprehensively detect and respond to threats from across your environment all within the GreyMatter UI.
Other resources you may like: