to find additional indicators of
compromise (IoCs) and to gather
more information to identify the
origin and extent of the attack.
ified, high-quality information
that allows them to respond to an
incident more quickly and effec-
tively.
www.AmericanSecurityToday.com July 2019 - Edition 46
There are considerable benefits
organizations can gain by gather-
ing information about an attack
as it occurs.
• Charting the attack path and
point of origin provides valuable
information, as does deter-
mining the tools the attacker is
using to gain insight into their
targets and intent.
• Correlating this
information
from the attack as well as gather-
ing information from the point
of compromise can require con-
siderable time and effort when
done manually.
Fortunately, there are now in-net-
work security controls capable
of performing this function auto-
matically, , providing defenders
with a high-fidelity alert as well
One approach to gathering and
correlating this information is
through the use of Security Infor-
mation and Event Management
(SIEM),, which can work well when
log data is available, and the sys-
tem is appropriately tuned.
Endpoint Detection and Re-
sponse (EDR) solutions can also
help in providing endpoint fo-
rensics and other telemetry in-
formation.
Their ability to isolate an infect-
ed system will also mitigate
the spread of an attack.
Another preferred control is de-
ception technology because it
identifies TTPs, IoCs, and other
forensic information that securi-
ty teams can use to automate
29