Just a quick note to pay careful attention to egress anomalies when the majority of your employees are not likely to be using the network. Most organizations, even those that are 24/7, experience reduced network egress to the Internet during nights and weekends. This is the perfect time to look for anomalies and to take advantage of the reduced traffic levels to perform deeper analysis such as a traffic level monitoring, average session/connection sizes, anomalies in levels of blocked egress ports, new and never before seen DNS resolutions, etc.
If you can baseline traffic, even using something abstract like net flow, you may find some amazing stuff. Check it out!
New Blog Post: Pay Attention to Egress Anomalies on Weekends https://t.co/Tq9Q0jnOei
Pay Attention to Egress Anomalies on Weekends https://t.co/A1BiMafO5A #infosec #DFIR #dataegress
Pay Attention to Egress Anomalies on Weekends #infosec https://t.co/c0SmMD21IE
Pay Attention to Egress Anomalies on Weekends #infosec #ThreatHunting #security https://t.co/c0SmMD21IE
RT @infosectony: Pay Attention to Egress Anomalies on Weekends #infosec #ThreatHunting #security https://t.co/c0SmMD21IE
RT @infosectony: Pay Attention to Egress Anomalies on Weekends #infosec #ThreatHunting #security https://t.co/c0SmMD21IE