06

ניטור וניתוח נתוני פריצה

Analyze data as part of security monitoring activities

• Heuristics
• Trend analysis
• Endpoint
• Network
• Log review
• Impact analysis
• E-mail analysis

Hardening controls to improve security

• Permissions
• Allow list (previously known as whitelisting)
• Blocklist (previously known as blacklisting)
• Firewall
• Intrusion prevention system (IPS) rules
• Data loss prevention (DLP)
• Endpoint detection and response (EDR)
• Network access control (NAC)
• Sinkholing
• Malware signatures - Development/rule writing
• Sandboxing
• Port security

Proactive threat hunting

• Establishing a hypothesis
• Profiling threat actors and activities
• Threat hunting tactics - Executable process analysis
• Reducing the attack surface area
• Bundling critical assets
• Attack vectors
• Integrated intelligence
• Improving detection capabilities

חזרה לדף קורס SOC-IR - לחצו כאן