“From a security standpoint, it is indeed the right call,” Tyagi said. “When there’s a risk that attackers have embedded themselves deep in a system, patching alone won’t solve the issue. Rebuilding is the only way to be confident the threat is fully removed.”
But Varkey said that this may not be a viable option for many organizations, as it introduces business risks, including downtime, misconfiguration, and the potential reintroduction of persistence through contaminated backups.
Enterprises will need to balance remediation speed with business continuity while relying on compensating controls to limit exposure. “Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager are critical components of the email infrastructure,” Prabhu said. “Organizations would need to plan this activity in a way that minimizes downtime, but at the same time reduces the time window of compromise. In the interim, they could use other security measures like blocking ports on the firewall to limit exposure.”
