Will you be ready when the next attack happens?
Cyberattacks are the new normal. It’s no longer a question of “if” an attack is going to occur, but “when.” Your ability—or lack thereof—to quickly respond to a malware incident can make or break your business and client relationships.
To help you overcome this ongoing challenge to your network’s security, we’ve added a Host Isolation feature to The Huntress Security Platform.
Isolating infected hosts buys you invaluable time to plan and implement remediation and recovery actions, thus minimizing or completely stopping the spread of malware within your network. This is an especially powerful tool when an incident occurs outside of normal business hours—a common attack window for hackers and bad agents.
Huntress’ Host Isolation feature provides users with the ability to quickly block incoming and outgoing network activity on infected hosts—significantly reducing the risk of malware spreading across your network.
The Huntress SOC team determines when a ‘Host-Isolation’-worthy incident has occurred, usually defined as the infection of malware that is known to quickly spread (e.g., Emotet, Trickbot, etc.). If an incident meets this criterion (and the account has enabled ‘Huntress-Managed’ Host Isolation), the following steps are implemented:
Huntress ‘self-managed’ Host Isolation is also available from the Host Overview page. Here are some scenarios when you might want to manually isolate a host:
Account administrators can exclude entire organizations or specific hosts from ‘Huntress Managed Host Isolation’ events. The feature is designed to accommodate your specific business security needs.
Host Isolation beta relied solely on Local Windows Group Policy (GPO). GPO-based isolation has limitations when hosts are not connected to their domain controller or for networks that utilize Domain-level GPO policy that can override Local GPO.
The new and improved Huntress Host Isolation solution leverages the Windows Filtering Platform to manage the host firewall with a higher degree of efficacy. The rules applied by Huntress block all inbound and outbound network connections unless the traffic is destined for a Huntress service such as the agent or another essential service.
Host Isolation is triggered after a Huntress SOC Analyst sends an incident report for an isolation-worthy incident or a partner manually clicks “Isolate Host” from the host overview page. These actions will send an isolation task to the host, and it will be processed within seconds if the host is online.
To learn more about Host Isolation, visit our support page.
Get insider access to Huntress tradecraft, killer events, and the freshest blog updates.