­
Incident Response Process - Signs Of Compromise - All Articles - CISO Platform

Incident Response Process - Signs Of Compromise

Here are some indicators which will help you detect a compromise :

  • Identification of same email from public domain to significant number of users or C-level employees or high value targets; encrypted attachments, password protected and zipped and protected to escape email malware filter; (put user in the reference list)
  • End point alert / HIPS / Host based malware alerts for local script execution for the same user, raise incident
  • Identify usual traffic volumes to multiple ports or IP addresses or excessive packet loss (connection over 4 hours to external IP )
  • Examine abnormal services on known ports and abnormal ports for well-known services, verify reputation scores of IP (SSH to port 80)
  • EDR and WAF alerts for scripts, hash mismatch
  • Botnet filter alerts for traffic to blacklisted domains
  • Email / SPAM filter misbehavior / maintainance activity followed by suspicious activity on the network specially related to unknown / suspicious remote destinations
  • Monitor packet flow inside and outside from the network for likely patterns of Command and Control (C + C) traffic, outbound custom encrypted communications, covert communication channels with external entities etc.
  • Threat intelligence alerts for connections / data sent to suspicious destination outside organization specially belonging to less reputed geographic location and at odd hours
  • Examine if any data breach has occurred like large HTML packet
  • Review hourly and daily reports of network usage to identify unusual occurrences and spikes in traffic

This was presented at SACON - The Security Architecture Conference - largest security architecture conference in the region. You can find the full presentation here. SACON International 2017 will be hosting a Cyber Security Workshop by Dr. Phil Polstra (Author Of 'Linux Forensic').

8669816284?profile=original

Dr. Phil Polstra (Author of 'Linux Forensic' & many more books) will be conducting Linux and Windows Forensic Workshop at SACON 2017. Check workshop agenda here

Votes: 0
E-mail me when people leave their comments –

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events