So, you’ve been out of the office for a quick holiday break or vacation. Now you face a mountain of emails and whole ton of back-logged tasks. Trust me, put them aside for one hour.
Instead of smashing through emails and working trouble tickets, spend an hour and take a look around your environment – go hunting – target malware, bots and backdoors. At a macro level, not a micro level. Were there an abnormal number of trouble tickets, outbound connections, AV alerts, IDS and log entries while you were gone? What does egress look like during that period? Were there any abnormal net flows, DNS anomalies or network issues that would indicate scans, probes or tampering on a larger scale?
Spend an hour and look for high level issues before you dig into the micro. Read some logs. See what might be getting lost in your return to work overwhelm. It is not all that uncommon for attackers to use holidays and vacations as windows of opportunity to do their nasty business.
Don’t fall victim to the expected overwhelm. Instead, use it as a lens to look for items or areas that correlate to deeper concerns. You might just find that hour invested to be the one that makes (or breaks) your career in infosec.
Good luck and happy hunting!
PS – Thanks to Lee C. for the quick edits on 7/4/14.
Did you get your malware hunting on today? http://t.co/v0BFKXgedA