0 likes | 10 Views
Navigate through the intricacies of incident response with proven strategies. Explore best practices tailored for addressing common attack scenarios effectively. Gain insights and expertise to fortify your cybersecurity defenses, ensuring a resilient response in the face of evolving threats. Elevate your incident response capabilities with targeted guidance and practical insights.<br><br>
E N D
www.infosectrain.com INCIDENT RESPONSE BEST PRACTICES FOR COMMON ATTACK SCENARIOS @infosectrain
www.infosectrain.com BRUTE FORCING INVESTIGATION 01 system logs for multiple login failures. 02 login attempts. Analyze Active Directory, application, and operating Contact the user to confirm the legitimacy of ACTIONS 01 02Investigate and block the attacker’s IP address. 03Implement account lockout policies to prevent brute force attacks If unauthorized activity is confirmed, disable the account. @infosectrain
www.infosectrain.com BOTNETS INVESTIGATION 01 02Check OS logs for new or suspicious processes. 03Contact the server owner and support team for information. Monitor network traffic for connections to suspicious IPs. ACTIONS 01 02Fix the vulnerabilities by applying necessary patches. 03Isolate the affected server to prevent further malicious activities. Identify and remove malicious processes. @infosectrain
www.infosectrain.com RANSOMWARE INVESTIGATION 01 02Monitor network traffic for connections to suspicious IPs. Check for anti-virus alerts and malware indicators. ACTIONS 01 02Isolate the infected machine to prevent further spread. Request anti-virus checks and initiate a malware scan. @infosectrain
www.infosectrain.com DATA EXFILTRATION INVESTIGATION 01 patterns using DLP. 02Check proxy logs and OS logs for unusual activities. Monitor network traffic for abnormally high traffic ACTIONS 01 for an internal investigation. 02If it's an external threat, isolate and disconnect the compromised machine from the network. If a rogue employee is suspected, contact their manager @infosectrain
www.infosectrain.com COMPROMISED ACCOUNT INVESTIGATION 01 indicators of a compromised account. 02Contact the user for additional information. Analyze Active Directory logs, OS logs, and network traffic for ACTIONS 01 account, change the password 02Conduct forensic investigations to determine the extent of the breach. If a compromised account is confirmed, disable the @infosectrain
www.infosectrain.com DENIAL OF SERVICE INVESTIGATION 01 02Review firewall logs and OS logs for signs of the attack. Monitor network traffic for abnormally high traffic. ACTIONS 01 team to remediate the vulnerabilities. 02Enable redundancy and failover for uninterrupted service during an attack. 03For a network traffic-induced attack, contact network support or ISP and refrain from disclosing sensitive information too quickly. If the DoS is due to vulnerabilities, contact the patching @infosectrain
FOUND THIS USEFUL? Get More Insights Through Our FREE Courses | Workshops | eBooks | Checklists | Mock Tests LIKE SHARE FOLLOW