Once the behaviour characteristics of a specific malware sample are known various network techniques can be deployed to disrupt the communication channels that the malware uses to infect other devices and receive commands from external command and control (C2) servers.

Updating IPS and firewall rules with the specific network signatures of the malware will enable these security devices to alert and block malware traffic. Alerts sent to SIEM servers will allow the manual intervention to quarantine infected devices unless self-defending technologies are in place in which case quarantine will occur automatically. Additionally granular network access control policies can be deployed to disrupt malware traffic internally.

NGTS can assist in both the formulation of updated signatures and also the deployment of the new configurations.