Download the infographic: Detecting APTs via C&C Traffic
It’s common to hear of what and what not to do to make sure attackers stay out of a company network. IT professionals make sure the firewall’s up, the anti-malware is turned on, email policies are in place, new security technologies are being used—but what do they do once the attackers are already in? Let’s say a company network has already been compromised and the ones in charge are just not too sure about it, what signs should they watch out for?
To answer that dilemma, here are a few points to remember:
Attackers will always try to communicate with their servers at some point inside the network;
they will stay to aggressively pursue their targets over time;
and they need to keep the communication line open between the compromised computer and their servers.
These are some reasons that make monitoring network traffic a very vital task for IT professionals. Attackers can leave breadcrumbs of their activity inside the network that are noticeable, for instance, just by looking at packet headers.
It’s important to remember that there will always be new campaigns that will use other forms of network communications. Still, note that tracking your network for signs of known attack indicators is a big step toward fighting attacks.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).