Question: "I received a malicious activity notification email from MyDigitalShield...what does this mean? What action should I take as a Partner?"
Answer: MyDigitalShield uses a layered approach for protection with multiple security engines combing through packets as they traverse from your network and exit our Datacenter and the inverse as well. If MDS engine(s) detect any activity that requires attention from the MDS Partner, MDS is going to send alerts to subscription owners with relevant information.
Action: Each notification should be take seriously and reviewed immediately by the recipient. It is the partners responsibility to perform a proper review of any affected system(s) and perform any cleanup procedures necessary to deems a system free of infection. Partners are urged to establish remediation procedures for infected hosts BEFORE the incident is underway. A range of tools should be used to scan a host, but specific procedures should be established by the Partner beforehand. MDS will continue alerting with relevant information, if the suspicious activity continues. MDS Partner's should check with MDS support if they believe you have cleared an infection, and want to be sure MDS is no longer seeing active alerting.
Notification Targets: If Partner has other team members or staff that need to be notified, partner should create forwarding rules to forward to your intended recipients.
Important: Partner's should whitelist email from firstname.lastname@example.org with this spam filtering solution to make sure no notifications are missed.
BDR: Partners are highly encouraged include an industry accepted backup solution that includes offsite replication or offsite rotation of critical data. Partners should keep their customer base educated with risks associated with not establishing and investing in a proper BDR plan.
Desktop/Laptop Disk Imaging: Disk imaging solutions are widely available and are ever more affordable. Preparation and planning can cut restoration time down to to minutes per host, with proper planning. Partners are encouraged to engage their customers finding an affordable disk imaging solution for when a host machine needs to be restored in a timely manner.
Offline tools and Remediation: Removing an infected machine from a production network or isolating to a restricted network where in can be more closely examined is highly recommended. Doing so reduces the risk of localized machine to machine infections on the same subnet and allows partners to gather more information on any threats. An offline machine then can then be properly examined with offline toolsets and a the Partners remediation plan can be executed proper by the partner.
Education: Recommend partner helps customers establish safe browsing habits. Use reputable websites when trying new software and always check reviews and take additional precaution before installing software from unknown publishers. Phishing campaigns continue to evolve, employees training should too. Keep your customers trained on verifying identities before sharing any sensitive information, and keep them alert to double check
For additional assistance, please contact MDS support team or MDS account manager