Malware Activity & Network Anomaly Detection
See Also: Threat Briefing: Ransomware
As the weapon is installed and begins to utilize mechanisms, such as remote access Trojans or backdoor channels to become resident, it will leave a trail of threat indicators. Certain malware focused anomaly detection solutions can recognize these indicators helping to facilitate a response, while mechanisms such as Application Whitelisting could prevent the malware from running in the first place. We will discuss both in this session. Should such mechanisms fail, the weapon attempts to establish command and control communications, as it does so it will produce valuable network - level threat indicators facilitating its detection and appropriate response. Technologies such as advanced SIEM solutions are critical to collate and correlate such indicators to assist in the creation of actionable intelligence.