80% of cyber attacks are via malware, phishing and advanced persistent threats (APTs). 60% of organisations are focusing their endpoint security strategy on protecting data rather than devices, which means malware still finds a way into your networks.
LogRhythm says there are eight main indicators of compromise that you can identify in your network. You can use each of these indicators to detect compromised systems.
But first, you need the right tools. Network analysis tool? Check. Network tap or network switch? Check.
The focus is largely on outbound traffic, which means analysis can take place in your demilitarized zone (DMZ) or inside your firewall.
LogRhythm reveals the details in a white paper called ‘Detecting Compromised Systems: Analyzing the Top Eight Indicators of Threat Traffic’