In the growing era of data breaches, detecting the evil before the damage has been done can sometimes prove a savior.
The Indicators of compromise are a never-ending list of various factors, often dynamic in nature, but there are many that are few indicators one or more of which if monitored rigorously may aid in the discovery of any forthcoming attack.
Some of the common indicators of compromise include:
·Unusual network traffic volume
·Failed login attempts
·Unintended System file/Registry changes
·Communication among unauthorized hosts
·Geolocation irregularities
·Unauthorized database activity
·Abnormal DNS traffic
·Abnormal HTML Response Sizes
·Unauthorized applications using HTTP/S
·Huge Number of Requests to a particular file or resource
These are just a handful of indicators; many others also exist in real scenarios.
To protect your critical It infrastructure from the loss caused by a data breach, it’s advisable to implement a comprehensive security solution before it’s too late and the damage has been done!!
The strategic steps to all round protection from such cyber-attacks should include the following steps:
1. Determine the Need
Establish solution to the problem of why at all a security solution is required in the first place. This includes performing asset inventory on systems and data as well as third parties and trusted suppliers.
2. Build the Business Requirements
Draw the business related impacts of the devised solution. Prepare necessary security budgets in accordance to the protection level required to mitigate the risk of security incidents against confidential assets.
3. Establishing that Perfect Team
A team should be in place in order to advance to the next level. In addition to having outstanding technical skills, the team members must also have effective communication. The team must comprise of key members to handle tasks such as, Incident response, programming, data analysis, business responsibilities, systems administration and leadership.
4. Updated Feeds on Latest Attack Patterns
Up-to-date feeds from reliable industry/government sources to keep abreast with the latest attacker tactics and trends. Various CERT’s and specific security vendors resources are available.
Information Exchange and Postmortem
5. Deep insight into the lessons learned is invaluable
Reflecting on lessons learned should involve management as well as the security team. The ability to communicate what was at risk, and how it happened, and sharing this information with external entities makes the entire process stronger.
I really enjoy simply reading all of your blogs on cyber security attack scenarios. Definitely a great post. Hats off to you!