Electronic Books

Identi?¬?
es C&C ser
vers; aler
ts about near-time attacks,
new vulnerabilities, technical and operational
discussions from peers.
Gathering local
intelligence
Workstation and server audit logs, ?¬? rewall logs,
forensic examinations, Ourmon, Snort, CWSandbox,
Fiddler, Google searches, darknets.
Identi?¬?
es compromised hosts that are quiet or use
undetectable communications techniques. Identi?¬? es
intermediate participants in phishing attacks;
discovers C&C ser
vers and drop sites; discovers
exploited Web sites used for spam, phishing, botnet
activity. Discovers attack vectors and local botnet
members. Detects and prevents botnets that others
have seen. Interrupts communication with known
C&C servers.
Sharing intel with
aggregating groups
Phishing Incident Response and Termination,
Internet Security Operations Task Force,
Anti-Phishing Working Group, Research
and Education Networking??“ISAC
Community aggregation of reports, creating enough
of a body of evidence that makes law enforcement
participation worthwhile. Letting other companies
and organizations leverage what you know. Greater
effectiveness in taking down bad sites.
52
Information Security Management Handbook
Th e information in Table 4.1 can lead you to explore new sources of information, which may
improve your ability to detect and respond to malware.
Identifying the Kinds of Information an Enterprise
or University Should Try to Gather
Organizations need tools that can help detect or reveal botnets and other malicious code even
when A/V tools report nothing.


Pages:
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113