The SOC has noticed an unusual volume of traffic coming from an open wi-fi guest Network...

60.1K

Verified Solution

Question

Programming

The SOC has noticed an unusual volume of traffic comingfrom an open wi-fi guest Network that appears correlated with aborder Network slow down. The network team is unable to capturetraffic, but logs from Network Services are available.
No users have authenticated recently there was a guestnetworks captive portal
DDoS mitigation systems are not alerting
DNS resolver logs show some very long domainnames
Which of the following is the best step for securityanalysis to take next?
Block all outbound traffic from the guest Network at theborder firewall
verify the passphrase on the guest network has not beenchanged
search antivirus logs for evidence of compromise companydevice
review access point logs to identify potential a zombieservices

Answer & Explanation Solved by verified expert

4.1 Ratings (621 Votes)

Block all outbound traffic from the guest Network at the border firewall is the best step Security Analysis take Firewalls NextGeneration Firewalls NFGW and Web Application Firewalls WAFFirewalls are a standard part of any cybersecurity arsenal Two new technologies are complementing or replacing the traditional firewall NGFWextends the firewall by providing intrusion prevention and intrusion detection with deep packet inspection capabilities NGFWs can block threats at the network edge using techniques like URL filtering behavioral analysis and geolocation filtering They use a reverse proxy to terminate connections and inspect content before it reaches a web server WAFa WAF is deployed in front of web applications inspects traffic and identifies traffic patterns that may represent malicious activity A WAF can detect attacks while minimizing false positives by learning acceptable URLs parameters and user inputs and uses this data to identify traffic or inputs that deviate from the norm These technologies are leveraged in the modern SOC to reduce the attack profile of websites a and web applications and gather higher quality data about legitimate and malicious traffic hitting critical web properties Endpoint Detection and Response EDR EDR is a new category of tools that helps SOC teams respond to attacks on endpoints like user workstations mobile phones servers or IoT devices These tools are built around the assumption that attacks will happen and that the SOC team usually has very limited visibility and control into whats happening on a remote endpoint EDR solutions are deployed on endpoints provide instant accurate data about malicious activity and gives SOC teams remote control over See Answer

Get Answers to Unlimited Questions

Join us to gain access to millions of questions and expert answers. Enjoy exclusive benefits tailored just for you!

Membership Benefits:

Unlimited Question Access with detailed Answers
Zin AI - 3 Million Words
10 Dall-E 3 Images
20 Plot Generations
Conversation with Dialogue Memory
No Ads, Ever!
Access to Our Best AI Platform: Flex AI - Your personal assistant for all your inquiries!

Become a Member