80% of cyber attacks are via malware, phishing and advanced persistent threats (APTs). 60% of organisations are focusing their endpoint security strategy on protecting data rather than devices, which means malware still finds a way into your networks.
LogRhythm says there are eight main indicators of compromise that you can identify in your network. You can use each of these indicators to detect compromised systems.
But first, you need the right tools. Network analysis tool? Check. Network tap or network switch? Check.
The focus is largely on outbound traffic, which means analysis can take place in your demilitarized zone (DMZ) or inside your firewall.
LogRhythm reveals the details in a white paper called ‘Detecting Compromised Systems: Analyzing the Top Eight Indicators of Threat Traffic’
- What the eight indicators of compromise are and how you can monitor them
- Exclusive insights about some of the common attack methods like outlier traffic, DNS and ICMP tunnelling
- What you must do to eliminate false positives
- Malware’s two main weaknesses and how you can exploit them