COI Report –
Part VIIPage
214 of
425 37.2
Gaps in response technologies must be filled by acquiring endpoint and network forensics capabilities ...................................................................... 252
37.2.1 Endpoint forensics .......................................................................................... 252 37.2.2 Network forensics ........................................................................................... 254 Effectiveness of current endpoint security measures must be reviewed to fill gaps exploited by the attacker ...................................................................... 255
37.3.1 Detection ......................................................................................................... 258 37.3.2 Response ......................................................................................................... 259 Network security must be enhanced to disrupt the Command and Control and Actions on Objective phases of the Cyber Kill Chain ........................ 260
37.4.1 A solution must be put in place to better detect and block malicious outgoing traffic .............................................................................................................. 262 37.4.2 Modifications to network architecture and/or monitoring of east-west traffic within the network must be undertaken to limit the ability of attackers to move laterally within a network ............................................................................... 264 Application security for email must be heightened as it is the most common attack vector for cyber attacks ..................................................................... 267
Share with your friends: 
