I also tweet, blog and . Contact Me|Research

Combating Malware in the Enterprise

The 2-day Combating Malware in the Enterprise course teaches a practical approach to discovering and mitigating malware threats in an enterprise environment. I authored the first half of the course, building upon my anti-malware experience. My co-author is Jason Fossen, who has amassed incredible expertise securing Microsoft Windows-based environments.

Join fellow IT and security practitioners to learn how to combat threats associated with malware by discussing practical techniques for keeping the malware out, detecting when it's in, and responding to large-scale malware outbreaks.

For learning how to analyze malicious software, please see the other course I co-authored: Reverse-Engineering Malware.

On this page you will find:

Course Overview

Malicious software (malware) is an integral and dangerous component of many security incidents, targeting end-users and organizations via web browsers, e-mail attachments, mobile devices, and other vectors. Modern malware, such as bots, trojans, and worms, is written to bypass perimeter defenses, evade detection, and resist efforts to disable it. Almost every day brings another publicly-disclosed security incident involving malware, whether it involves payment data, healthcare records, or trade secrets. Such breaches have highlighted the criticality and challenges of combating malware.

This succinct course will teach you how to plan, resist, detect, and respond to malware infections throughout the enterprise. The course focuses on malware threats targeting Microsoft Windows systems in an enterprise environment. Rather than drilling into the tasks for handling a malware infection of an individual Windows system, the course takes a broader look at the issues relevant to the enterprise as a whole.

The course is well suited for general IT and security professionals whose responsibilities include handling anti-virus and other measures the companies deployed to protect themselves against malicious software. These are not necessarily individuals who specialize in incident response, but those who maintain Windows systems and who perform initial response to incidents before escalating them to specialists.

The need to combat malware has been particularly urgent in organizations that process sensitive and regulated data. This includes industries such as financial services, healthcare, payment processing, government, and defense contractors. Organizations operating in these and other sectors will benefit from this course by improving their abilities to handle malware discovery, response, remediation, and pre-emptive hardening against infection at both the host and network levels.

Topics Covered

The key topics covered by the course include:

Join fellow IT and security practitioners to learn how to combat threats associated with malware by discussing practical techniques for keeping the malware out, detecting when it's in, and responding to large-scale malware outbreaks.

Overview of Day 1 Materials

Day one begins by surveying the essential aspects of malware to establish the foundation for the remainder of the course. We then explore practical approaches to discovering malware in the enterprise that goes beyond the use of traditional anti-virus software, encompassing human, system, network, and application-level indicators of compromise. We continue by briefly explaining methods for responding to incidents that involve malicious software. Staying within the structure of common incident response frameworks, we take a look at malware-specific aspects of incident handling, such as identifying components of the malicious software, removing them (when practical), and dealing with pandemic infections that span the enterprise beyond an individual system.

Day 1 materials cover:

Overview of Day 2 Materials

Day two focuses on the tools needed to thwart the spread of malware when there are thousands of computers to secure. The aim is to avoid touching any individual systems by hand, so the hardening and management must scale up to the enterprise level. At the same time, we don't have unlimited budgets or personnel, so another theme of the day is how to do it all without spending a fortune. Even if your network is relatively small, we will see how to use the security enhancements built into Windows 7 and Server 2008-R2 to full effect, such as the mandatory integrity control system and AppLocker, and how to harden Firefox, Adobe Reader, Internet Explorer, and Office 2010.

Day 2 materials cover:

Who Should Attend?

Course participants need to have a general understanding of core security topics, particularly in the areas of Microsoft Windows and network communications.