Get Off the Hamster Wheel of Endpoint Reimaging

At times the IT department and the custodial department share a lot in common. Both spend hours cleaning and disinfecting. Both clean up after user misbehavior. Except custodians get the snappy jumpsuits.

For the IT department, though, its Christmas office party mop-up is the extensive malware infection. Reimaging and rebuilding a workstation after a malware infection is a long, repetitive process that takes a couple of hours.

Typical reimaging process:

  • Physically going out to the endpoint
  • Locating the latest backup
  • Determining if the backup is uninfected and uncorrupted
  • Downloading the backup
  • Locating and entering software license keys
  • Updating drivers if necessary
  • Patching vulnerable software
  • Endpoint customization to restore it to the user’s preferred functionality

Not quite on the level of squeezing spiked fruit punch out of the office couch cushions, but close.

You can see how this time quickly adds up. And there’s no guarantee that the restoration is seamless—there’s always the question of what was lost between the last clean backup and time of infection. The result is lost productivity, from the workstation downtime, to time spent by IT reimaging, to possibly lost work needing to be recreated by the user.

Yet, ask an IT admin anywhere, and he’s probably resigned to weekly reimaging despite having endpoint security in place.

According to testing by independent lab, many antivirus products can detect and block known malware, but many of those same products can’t completely remove the malicious files. And these are threats that have been identified. Polymorphic and other advanced evolving threats often aren’t even detected. Therefore, the reimaging.

There should be a better answer.

For any organization that devotes significant resources to malware infections, the goal should be finding an endpoint security solution or layer that effectively rips malware out by the roots. Removing (remediating) to save the hassles of reimaging. Properly executed, remediation removes all traces of malicious code while leaving legitimate files untouched. And it should take only a few moments.

The advantages of remediation over reimaging:

  • Is vastly faster to implement
  • Restores all work
  • Can often be done remotely over the network
  • Reduces workstation/user downtime

Attacking the problem from a new angle are the anti-exploit products. Anti-exploits block the transmission (“dropping”) of malware in the first place, and therefore are particularly effective against zero-day attacks that traditional endpoint security haven’t yet identified. An effective anti-exploit layer reduces the need to reimage even further—the workstation doesn’t even become infected. And, because they operate in an earlier phase of the malware attack, anti-exploits complement, and are compatible with, common endpoint security solutions.

By wrapping endpoints in a powerful remediation layer and an anti-exploit layer, reimaging really does become only a last resort. And IT can drop the mops and buckets.

This guest blog post was written by Chad Bacher, VP of Products at Malwarebytes. See more blog posts by Chad here. Malwarebytes is a Gold sponsor of Kaseya Connect; visit them in our Sponsor Pavilion.

Security Score Assessments

Top 5 Ways to Improve the Security of Your Business

Small and medium businesses (SMBs) have become more vulnerable to cyber attacks. About 43 percent of cyber attacks are aimedRead More

security patch management

Reduce the Risk of Vulnerabilities by Automating Security Patch Management

Managing software updates is one of the challenging and resource-intensive tasks the IT team undertakes on a daily basis. It is alsoRead More

Old clock sitting on wooden table

Take Back Lost Tech Time With These Omni MSP Workflows

Time is undoubtedly the most important resource your MSP business has. No matter how you slice it, there are onlyRead More

ROI of Omni IT

What’s the ROI of Omni IT?

According to Gartner, worldwide IT spending is projected to total $3.79 trillion in 2019, an increase of 1.1 percent fromRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now