Professional Documents
Culture Documents
A powerful and effective defense strategy is a multi-layered one that detects threats, connects devious actors, and
protects your company from similar attacks in the future through systematic actions that quickly stop the bleeding.
But what good is having the tools without a plan to make it stop? Here are ten steps you should take immediately
after you find a breach in your network.
3
4
Look at the traffic flow to the internet at the application level. Abnormal
lengths of URL and User Agent strings or repeated or multiple requests
to DNS entries with a low TTL are red flags for malware.
Identify protocols.
The next step is to look for non-compliant commands issued on
a common protocol, such as an HTTP client issuing RUN. Or, the
uses of a protocol above a non-standard port - like SMTP over
port 80, for example. These may be innocent, but most likely
theyre red flags for command and control.
8
9
10
Learn more about protecting your company from security breaches at go.ss8.com/top10
Follow us!