New Training: Incident Response
In this 5-video skill, CBT Nuggets trainer John Munjoma covers incident response planning and procedures. Learn how to analyze indicators of compromise and address the vulnerabilities. Watch this new CompTIA training.
Watch the full course: CompTIA Cybersecurity Analyst
This training includes:
- 5 videos
- 32 minutes of training
You’ll learn these topics in this skill:
- Post-Incident Activities
- Professional Incident Response Channels
- Potential Indicators Of Compromise Part 1
- Indicators of Compromise Part 2
- Resource Monitoring
4 Common Indicators of Compromise (IOS)
Indicators of compromise (IOS) are observable signs that your organization is potentially facing a security threat, and they can help you respond to them in a proactive manner.
One common IOS is unusual outbound network traffic. If such traffic is either heavy or different than normal, you need to monitor it, as you could be facing a threat.
Another common IOS is odd behavior in your privileged user accounts, which can be a potential sign of account takeovers and insider attacks. You should flag such activity and monitor it.
Logins and access from atypical geographical locations is yet another IOS, as it can mean that someone from afar is trying to infiltrate your network. You should flag and monitor any traffic coming from areas outside your operations.
Large data requests are something that you need to monitor as well. They can come in the form of an increased database read volume, increased HTML response sizes and a large number of requests for the same file.