Solution Corner: Malwarebytes Incident Response

Solution Corner: Malwarebytes Incident Response

Unless you’ve been stuck at a fiery music festival, I don’t need to tell you the threat landscape is constantly evolving and that threats have become increasingly sophisticated at evading detection. Recent Malwarebytes Labs reports, including the 2017 State of Malware shine a light on just how fast these threats continue to spread around the globe impacting businesses of all sizes.

In fact, according to eWeek the latest Ponemon Institute 2017 Cost of Data Breach report came out this week and shows dwell times for malicious attacks now average 214 days. The report also highlights that 1 out of 4 businesses will experience a breach. The cost to businesses and the complexity involved in responding to these types of incidents, including remediating the threats from endpoints, continues to increase as well. Osterman Research uncovered that more than 60 percent of attacks take organizations more than nine hours to remediate.



We recently announced Malwarebytes Incident Response, a centralized threat detection and remediation platform that helps businesses accelerate their response workflows for these types of threats while reducing attack dwell times. Malwarebytes Incident Response scans networked endpoints for advanced threats including malware, PUPs, and adware, and removes them.

Our threat detection and remediation technologies are powered by the world’s best-informed telemetry. More than 500,000 consumers and businesses download Malwarebytes every day when their existing solutions fail. Driven by our big data analytics systems and expert research analysis, we process more than 3 million endpoint remediations each day. This valuable telemetry on zero-day malware makes our technology more responsive to emerging threats, and helps us anticipate tomorrow’s malware.

By scheduling and automating scans with Malwarebytes Incident Response, the prolonged downtime that typically accompanies incident response and re-imaging processes can be significantly reduced, along with management complexity. All of this helps optimize efficiency and effectiveness for admins and incident responders.


Flexibility and extensibility

Malwarebytes Incident Response integrates with and minimizes impacts to your existing security stack. With flexible deployment options, businesses can choose to run scans and remediate endpoints using the cloud-managed persistent endpoint agent or the included non-persistent agents (aka “agentless”). The non-persistent agent makes it simple to deploy and integrate with your existing third-party tools, including endpoint management platforms and SIEMs.


Thorough remediation

Malwarebytes is viewed as the gold standard in remediation, and that’s thanks in part to our Linking Engine technology. This signature-less technology works in concert with our main remediation engine to identify and remove dynamic and related threat artifacts which are linked with the primary threat payload. Additionally, our Linking Engine applies associated sequencing to ensure malware persistence mechanisms are eradicated in such a way that disinfection is permanent.


Threat hunting

Unfortunately for many businesses, it’s likely threats already exist in their environment. When an endpoint is successfully infected, attackers often initiate lateral movement to infect other endpoints. Malwarebytes Incident Response empowers organizations to proactively hunt for malware and thoroughly remediate endpoints leveraging on-demand, scheduled, and automated scans—reducing the complexity of the whole remediation process. This solution makes it easy to adopt a proactive, assume-the-compromise approach that greatly improves your security posture. Businesses can use the included non-persistent agent to scan, or hunt, for threats using recently reported indicators of compromise (IOCs) for instances of that threat elsewhere in their environment. For example, Malwarebytes can conduct an automated threat response based on an alert from your existing Splunk or ForeScout solutions.

Static forensics

Malwarebytes Incident Response also includes a static forensic tool for more in-depth forensic investigations. Forensic Timeliner quickly tracks forensic events so your security team can uncover attacker actions, or address security gaps and unsafe user behavior. It gathers system events prior to, during, and following an infection from more than 20 Windows log repositories and presents the data in a convenient chronological timeline view for comprehensive analysis of vector and attack chain. Events covered include file and registry modifications, file execution, and websites visited.


Introducing Malwarebytes cloud platform

Malwarebytes Incident Response includes a single unified endpoint agent which is built on our cloud-based management platform. This new cloud platform makes deployment and ongoing management of Malwarebytes Incident Response and other Malwarebytes solutions easy. Administrators benefit from simplified deployments onto their endpoints along with effortless scalability.

The cloud management console provides easy, direct, centralized management of security policies, deployments, and threat visibility across all geographically distributed endpoints.

Asset Management is another built-in feature of the cloud platform that delivers dozens of actionable endpoint system details to a security or system admins’ fingertips. This allows them to quickly glean info that might ordinarily require them to log into different, separate consoles or applications. See detailed information including OS, network interfaces, storages devices, memory objects, installed software, software updates, startup programs, and more.


Time happens, act now

Built for Windows and Macs, Malwarebytes Incident Response provides the most complete and thorough remediation possible, improves threat detection for businesses of all sizes, and minimizes the time it takes to respond to an attack.

I encourage you to check out this new solution for your business today.


Dana Torgersen

Senior Product Marketing Manager

Dana is a veteran product marketer with more than 10 years in the infosec industry. He helps businesses, schools, and government agencies understand how they can protect their endpoints against advanced threats including exploits, malware, and ransomware attacks.