{"id":42137,"date":"2021-08-03T00:00:00","date_gmt":"2021-08-03T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/h\/automate-malware-quarantining-for-workloads.html"},"modified":"2021-08-03T00:00:00","modified_gmt":"2021-08-03T00:00:00","slug":"automate-malware-quarantining-for-workloads-solution-engineer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/","title":{"rendered":"Automate Malware Quarantining for Workloads Solution Engineer"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/automate-malware-thumb.png\"><!-- Begin mPulse library --><!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"Leverage automated and programmable APIs to quickly secure and remove malware in workloads without interrupting downstream workflows.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"workload security,cloud native,azure,article,aws,best practices,google cloud platform,multi cloud\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"defaultArticleWithoutHero\"> <meta property=\"article:published_time\" content=\"2021-08-03\"> <meta property=\"article:tag\" content=\"workload security\"> <meta property=\"article:section\" content=\"best practices\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/h\/automate-malware-quarantining-for-workloads.html\"> <title>Automate Malware Removal &amp; Quarantine in Workloads<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/h\/automate-malware-quarantining-for-workloads.html\"><br \/>\n<meta property=\"og:title\" content=\"Automate Malware Removal &amp; Quarantine in Workloads\"><br \/>\n<meta property=\"og:description\" content=\"Leverage automated and programmable APIs to quickly secure and remove malware in workloads without interrupting downstream workflows.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/automate-malware-thumb.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Automate Malware Removal &amp; Quarantine in Workloads\"><br \/>\n<meta name=\"twitter:description\" content=\"Leverage automated and programmable APIs to quickly secure and remove malware in workloads without interrupting downstream workflows.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/automate-malware-thumb.png\"> <\/head> <body class=\"articlepage page basicpage context-business context-devops\" id=\"readabilityBody\" readability=\"50.462849533955\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1324731934\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8\">\n<div class=\"article-details\" role=\"heading\" readability=\"36\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Workload Security<\/p>\n<p class=\"article-details__description\">Leverage automated and programmable APIs to quickly secure and quarantine workloads without interrupting downstream workflows.<\/p>\n<p class=\"article-details__author-by\">By: Amar Babu <time class=\"article-details__date\">August 03, 2021<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div>\n<div class=\"richText\" readability=\"35.423542354235\">\n<div readability=\"22.139713971397\">\n<p>Manually tracking and investigating workloads for malware is nearly impossible given the speed of building in the cloud. Automated security policies that detect and protect new workloads as quickly as you create them is essential to staying on track.<\/p>\n<p>In this article, we will demonstrate how <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud\/cloud-one-workload-security.html\" target=\"_self\" rel=\"noopener\">Trend Micro Cloud One\u2122 \u2013 Workload Security<\/a> uses APIs to automatically isolate a workload and quarantine it with a firewall module when a threat is detected.<\/p>\n<p><span class=\"main-subtitle-black\">Architecture and configurations overview<\/span> To follow along, sign up for your <a href=\"http:\/\/cloudone.trendmicro.com\/SignUp.screen\" target=\"_blank\" rel=\"noopener\">free, 30-day<\/a> trial of <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud.html\" target=\"_self\" rel=\"noopener\">Trend Micro Cloud One\u2122<\/a> and clone the <a href=\"https:\/\/github.com\/Amar-Babu\/TM-CloudOne-AutoQuarantine-Workload\" target=\"_blank\" rel=\"noopener\">GitHub repository<\/a>. We will be using <a href=\"https:\/\/www.eicar.org\/?page_id=3950\" target=\"_blank\" rel=\"noopener\">EICAR<\/a>, a well-known benign malware that evokes a similar response to other \u201creal\u201d malwares. We will also be using four AWS services: Simple Notification System (SNS), Elastic Computing (EC2), Secrets Manager, and Lambda. Below is an overview of the use case solution architecture:<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/use-case-solution-architecture.png\" alt=\"Use Case Solution Architecture\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32.5\">\n<div readability=\"10\">\n<p>We have already integrated the test compute instance <b>18.188.15.133 (am-demo-1) [i-0d81213afa3ea2637]<\/b> with Workload Security. Now that your instance is installed, let\u2019s take a look at its configurations.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/instance-configuration.png\" alt=\"Instance Configuration\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"39\">\n<div readability=\"23\">\n<p>As you can see, <b>Anti-Malware<\/b> scanning is on, but <b>Firewall<\/b> is currently off, meaning there\u2019s no filtration of ingress and egress traffic. For <b>Anti-Malware<\/b>, you can configure many rules, policies, and actions to be taken after detection. In this demo, we have configured it to activate the <b>Firewall<\/b> <u>only<\/u> after malware is detected. If no malware is detected, <b>Firewall<\/b> will remain off and reset to its original state, so you don\u2019t have to worry about adjusting the rules every time.<\/p>\n<p>Next, let\u2019s dive deeper into the configurations for the four unique Lambda functions in our architecture.<\/p>\n<ol>\n<li><span class=\"rte-red-text\">Step Function (TM-Workload-Quarantine-Cycle-Trigger-StepFunction-Lambda):<\/span> This function triggers the AWS Step Function cycle for the anti-malware event. Under <span class=\"rte-red-text\">Environment variables<\/span>, you can see we have set up a delayed auto-release (value = 1. Indefinite quarantine value is 0) with a quarantine period of 180 seconds. You have the flexibility to set any time value of your choice, but for the purpose of this demo, we chose 3 minutes so you can see the entire lifecycle without waiting around for too long. It\u2019s highly recommended that you indefinitely quarantine any potential threats until it is inspected and approved by a security professional.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/step-function.png\" alt=\"Step Function\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"2\">\n<li><span class=\"rte-red-text\">Impose Quarantine (TM-Workload-Impose-Quarantine-Lambda):<\/span> Here, we have configured our API key, Host ID, and AWS Secrets Manager. The API key is used to authenticate the function before it can communicate with the Trend Micro Cloud One server.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/impose-quarantine.png\" alt=\"Impose Quarantine\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<p>To configure API keys:<\/p>\n<ol type=\"a\">\n<li>Go to the Workload Security console<\/li>\n<li>Click <span class=\"rte-red-text\">Administration<\/span> tab<\/li>\n<li>Click <span class=\"rte-red-text\">API Keys<\/span><\/li>\n<li>Click <span class=\"rte-red-text\">New<\/span> and add the permissions, which will be stored in AWS Secrets Manager<\/li>\n<\/ol>\n<ol start=\"3\">\n<li>Release Quarantine: This is identical to the Impose Quarantine function but here we activate the release after 180 seconds.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/release-quarantine.png\" alt=\"Release Quarantine\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"4\">\n<li><span class=\"rte-red-text\">Quarantine Status (TM-Workload-Quarantine-Status-Teams-Publisher-Lambda):<\/span> This function sends an alert via Amazon SNS. Here you can specify where the notifications will be published, which in our case is Microsoft Teams. Setting up alerts is a great way to foster a collaborative environment and keep development and security teams on the same page.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/quarantine-status.png\" alt=\"Quarantine Status\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"32\">\n<div readability=\"9\">\n<p><span class=\"main-subtitle-black\">Demo<\/span><\/p>\n<p>Okay, now that we\u2019ve covered the basics of our setup, let\u2019s trigger the event:<\/p>\n<ol>\n<li>Open your AWS EC2 dashboard and copy the public IP address <span class=\"rte-red-text\">(18.188.15.133)<\/span> associated with the instance you\u2019ve set up for this demo<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/trigger-event.png\" alt=\"Trigger Event\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"2\">\n<li>Ping the IP address to check for the network connectivity. You should receive a response and see the traffic is flowing.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/ping-ip-address.png\" alt=\"Ping IP Address\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"3\">\n<li>Open the SSH session and input the <a href=\"https:\/\/www.eicar.org\/?page_id=3950\" target=\"_blank\" rel=\"noopener\">EICAR malware text<\/a> (X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*)<\/li>\n<li>Return to the Workload Security console, click <span class=\"rte-red-text\">Anti-Malware<\/span> then scroll down.<\/li>\n<li>Under <span class=\"rte-red-text\">Malware Scan<\/span>, click <span class=\"rte-red-text\">Full Scan for Malware<\/span>.<\/li>\n<li>Go to <span class=\"rte-red-text\">Anti-Malware Events<\/span> and you should see a new anti-malware event has been detected and the EICAR malware was identified (under <span class=\"rte-red-text\">Malware Type<\/span>). Under <span class=\"rte-red-text\">Action Type<\/span>, you will see the quarantine has been automatically triggered.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/anti-malware-events.png\" alt=\"Anti-Malware Events\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"31\">\n<div readability=\"7\">\n<p>Now it\u2019s time to sit back and watch the magic of Workload Security.<\/p>\n<ol>\n<li>After the anti-malware event begins, it will communicate with the first Lambda function in line <span class=\"rte-red-text\">(TM-Workload-Quarantine-Cycle-Trigger-StepFunction-Lambda)<\/span><\/li>\n<li>In your Lambda dashboard:\n<ol type=\"a\">\n<li>Click <span class=\"rte-red-text\">Step Functions<\/span><\/li>\n<li>Click <span class=\"rte-red-text\">State Machines<\/span><\/li>\n<li>Click <span class=\"rte-red-text\">TM-AutoIsolate_Workload_State-Machine<\/span><\/li>\n<li>Under <span class=\"rte-red-text\">Executions<\/span>, you will see the step function is now running.<\/li>\n<li>Click on that function and scroll down to <span class=\"rte-red-text\">Graph inspector<\/span>, which shows the workflow of the anti-malware event. The screenshot below shows we have successfully passed through the first three stages and are in the delayed quarantine phase.<\/li>\n<\/ol>\n<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/graph-inspector.png\" alt=\"Graph Inspector\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"3\">\n<li>After AWS Step Functions is triggered, the second custom Lambda <span class=\"rte-red-text\">(TM-Workload-Impose-Quarantine-Lambda)<\/span> is prompted to communicate with the AWS Secrets Manager, fetch the API key to authenticate itself, and send instructions to the Trend Micro Cloud One Server to quarantine the malware. In this demo, we have chosen to quarantine with a delayed release, so production isn\u2019t abruptly interrupted by any false positives.<\/li>\n<li>Now that the malware is being quarantined, Amazon SNS will send a notification to Microsoft Teams to release an alert. Amazon SNS color codes each alert to make it easy for busy teams to identify the current stage of the event. Yellow = quarantine, orange = indefinite quarantine, and green = release.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/aws-lambda-webhook.png\" alt=\"AWS Lambda Webhook\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"5\">\n<li>After the malware has been quarantined, check that the <span class=\"rte-red-text\">Firewall<\/span> is now active by going to the Workload Security console and selecting the compute instance for this demo. You should see that it has been activated with two new rules: block all incoming traffic and block all outgoing traffic. These are level three priority rules, meaning only one type of communication is being sent. It is not advised to use level four priority rules because it will interrupt communication between the Workload Agent and the Trend Micro Cloud One Server.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/firewall.png\" alt=\"Firewall\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\">\n<div>\n<ol start=\"6\">\n<li>You can also test that the <span class=\"rte-red-text\">Firewall<\/span> is working by trying to send a ping to check network connectivity. You should see that all the traffic has stopped, which contains the threat so it cannot travel to other areas of your environment. You also will be unable to type and perform communications in the SSH session box. Perfect, everything is running as it should be.<\/li>\n<li>After 180 seconds have passed, you\u2019ll see the <span class=\"rte-red-text\">Graph inspector<\/span> is now in the <span class=\"rte-red-text\">Release<\/span> Cycle stage. Subsequently, you should receive the release alert in Teams.<\/li>\n<\/ol><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/release-cycle.png\" alt=\"Release Cycle\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35.384615384615\">\n<div readability=\"16.709401709402\">\n<ol start=\"8\">\n<li>Do a final check to make sure traffic is running again and that you can type and perform communications. Et voila, you are done!<\/li>\n<\/ol>\n<p><span class=\"main-subtitle-black\">Next steps<\/span><\/p>\n<p>Not all automation is equal. Just like how a vendor sells different models of robot vacuums, automation capabilities vary from one security solution to another. Workload Security can automatically detect and protect against new and existing workloads and integrates with your cloud services from AWS, Microsoft Azure, Google Cloud Platform\u2122, and more.<\/p>\n<p>To learn more about the capabilities of Workload Security for DevOps, check out <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/business\/products\/hybrid-cloud\/cloud-one\/workload-security\/cloud-one-workload-security-devops.mp4\" target=\"_self\" rel=\"noopener\"><span class=\"bs-modal\">this video<\/span><\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/21\/h\/automate-malware-quarantining-for-workloads\/workload-security-for-devops.png\" alt=\"Workload Security for DevOps\"> <\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a id=\"devopsrc-4ecb39\" href=\"http:\/\/cloudone.trendmicro.com\/SignUp.screen\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/devops\/trial-banners\/cloud-one-trial-banner.jpg\" alt=\"cloud-one-trial\"> <\/a> <\/figure>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/h\/automate-malware-quarantining-for-workloads.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Leverage automated and programmable APIs to quickly secure and quarantine workloads without interrupting downstream workflows. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":42138,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9503,9505,9502,9530,9501,9542,9507,9500],"class_list":["post-42137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-devops-article","tag-trend-micro-devops-aws","tag-trend-micro-devops-azure","tag-trend-micro-devops-best-practices","tag-trend-micro-devops-cloud-native","tag-trend-micro-devops-google-cloud-platform","tag-trend-micro-devops-multi-cloud","tag-trend-micro-devops-workload-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-03T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1317\" \/>\n\t<meta property=\"og:image:height\" content=\"875\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Automate Malware Quarantining for Workloads Solution Engineer\",\"datePublished\":\"2021-08-03T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\"},\"wordCount\":1164,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png\",\"keywords\":[\"Trend Micro DevOps : Article\",\"Trend Micro DevOps : AWS\",\"Trend Micro DevOps : Azure\",\"Trend Micro DevOps : Best Practices\",\"Trend Micro DevOps : Cloud Native\",\"Trend Micro DevOps : Google Cloud Platform\",\"Trend Micro DevOps : Multi Cloud\",\"Trend Micro DevOps : Workload Security\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\",\"name\":\"Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png\",\"datePublished\":\"2021-08-03T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png\",\"width\":1317,\"height\":875},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro DevOps : Article\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Automate Malware Quarantining for Workloads Solution Engineer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/","og_locale":"en_US","og_type":"article","og_title":"Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-08-03T00:00:00+00:00","og_image":[{"width":1317,"height":875,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Automate Malware Quarantining for Workloads Solution Engineer","datePublished":"2021-08-03T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/"},"wordCount":1164,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png","keywords":["Trend Micro DevOps : Article","Trend Micro DevOps : AWS","Trend Micro DevOps : Azure","Trend Micro DevOps : Best Practices","Trend Micro DevOps : Cloud Native","Trend Micro DevOps : Google Cloud Platform","Trend Micro DevOps : Multi Cloud","Trend Micro DevOps : Workload Security"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/","url":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/","name":"Automate Malware Quarantining for Workloads Solution Engineer 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png","datePublished":"2021-08-03T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/08\/automate-malware-quarantining-for-workloads-solution-engineer.png","width":1317,"height":875},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/automate-malware-quarantining-for-workloads-solution-engineer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro DevOps : Article","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-devops-article\/"},{"@type":"ListItem","position":3,"name":"Automate Malware Quarantining for Workloads Solution Engineer"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=42137"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/42137\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/42138"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=42137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=42137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=42137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}