Incident Response

You are here:
< All Topics

Personas: Network Security Team

Monitoring for indicators of compromise allows organizations to better detect and respond to security compromises. When the security team discovers a potential compromise, NP-Live can assist with incident response by quickly identifying critical paths to the compromised system.

For example, critical host BCC_DB_A, a database server on the network, is experiencing increased reads.

By clicking on the host, the inbound and outbound paths are displayed for the host.

The inbound port, 1443, is the likely target for the increased database activity.

Clicking on the path displays the 9 paths using this port.

By running the stepping stone analysis,

Stepping stones are hosts in a network which could be compromised and used by malicious attackers to perform lateral movements. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual target host.

Using the stepping stone analysis, the security team can quickly identify the paths of concern and the number of steps away from the compromised system other important assets are.

 

 

Table of Contents