This literally happened yesterday to a WatchPoint client:
An employee at a WatchPoint protected insurance agency was casually browsing her favorite TV show (on a break of course). She had no idea she was about to become the victim of an attempted drive-by download.
The website suddenly redirected her to a malicious webpage - a drive-by download.
This is the site she was redirected to:
The malicious page slowed the computer to a crawl as it attempted to launch multiple exploits against her machine. The user could not exit out of the popup until the local tech ended the Internet Explorer (IE) task forcefully.
The machine at the time was fully up to date with patching, thanks to WatchPoint Patch Management, so the website was not able to launch any exploits against the machine. The WatchPoint Anti-Malware (AM) also cleaned the tracking cookies that the website attempted to use. The Anti-Malware, which is the most award winning AM on the market and was up to date, did not detect the site as malicious however. Even the best Anti-Virus systems are only 45% effective at stopping the malicious code in the wild. It was patch management and running the most up to date version of IE that provided the protection.
Most system admins and businesses operate their computer systems in the “if it ain’t broke, don’t fix it” mode. Hackers are counting on that. The most widely used exploit of 2014 was for a Microsoft patch that came out in 2010. Anti-Virus can’t protect you anymore, you have to have patch management.
You must stop operating under the assumption that you don’t want to update to the most current versions because it will break something. Patch management will break something, but do you want all of your data compromised or do you want to go through the minor inconvenience of getting everything up to date and protected? We've documented all the tweaks to make your 3rd party websites work. If we don’t have it documented yet, we will help you fix it.
