Bereitgestellt von: McAfee Germany GmbH / McAfee GmbH
An infected or compromised system can be the tip of an iceberg that your cyber infrastructure is about to hit.
If you can know more about an incident than just which system you fixed or quarantined, you may end up saving your organization time and money. The data you need is often there. Most organizations discover that the web proxy or firewall logs collected data on activity related to the infected system. Perhaps the infected system communicated with a SharePoint system on your network, where it (inadvertently) placed a dropper for other LAN-connected systems to be infected. The SharePoint server that is now playing host to the malware did not detect the dropper because the directory was excluded from scanning.
If this is a “zero day” or a new strain of an old variant of malware, then it could spread quickly through your infrastructure before you know the root cause is sitting in your network. Ironically, most logs — IPS, server, firewall, web proxy — will collect activity data related to this incident. However, most organizations are siloed into teams or departments such as the network team, the server team, and the systems team, and so, too, is the pertinent data.
Dieser Download wird Ihnen von Dritten (z.B. vom Hersteller) oder von unserer Redaktion kostenlos zur Verfügung gestellt. Bei Problemen mit dem Öffnen des Whitepapers deaktivieren Sie bitte den Popup-Blocker für diese Website. Sollten Sie weitere Hilfe benötigen, verwenden Sie bitte unser Kontaktformular.
Publiziert: 01.02.13 | McAfee Germany GmbH / McAfee GmbH