HackDig : Dig high-quality web security articles for hackers

[SANS ISC] Suspicious Endpoint Containment with OSSEC

2020-09-17 08:05

I published the following diary on isc.sans.edu: “Suspicious Endpoint Containment with OSSEC“:

When a host is compromised/infected on your network, an important step in the Incident Handling process is the “containment” to prevent further infections.  To place the device into a restricted environment is definitively better than powering off the system and, probably, lose some pieces of evidence.

Endpoint protection solutions are the “in” thing for a while. Instead of using standard AV tools, those solutions implement more control and try to block attackers directly. One of the features they implement is a containment solution to prevent a compromised host to communicate over the network, except with the endpoint management console. An endpoint solution can be expensive if you have a lot of hosts to protect and… it’s (again) a new agent to deploy on them… [Read more]

The post [SANS ISC] Suspicious Endpoint Containment with OSSEC appeared first on /dev/random.


Source: /cesso-htiw-tnemniatnoc-tniopdne-suoicipsus-csi-snas/71/90/0202/eb.llehstoor.golb

“[SANS ISC] Suspicious Endpoint Containment with OSSEC”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud