Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?
A.
Enable DLL Protection on all servers but there might be some false positives.
B.
Conduct a thorough Endpoint Malware scan.
C.
Create IOCs of the malicious files you have found to prevent their execution.
D.
Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.
- DLL Protection can help, but it might not cover all the behavioral aspects of sophisticated attacks like Cobalt Strike.
- Malware Scan is a reactive measure, and not preventive.
- IOCs of malicious files can help to detect and prevent but is not as comprehensive as behavioral protection.
Right answer here is "D".
BTP will prevent any pattern and/or suspicious behavior indicative of an attack.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
f6f5c97
1 month, 3 weeks agodanups
4 months, 1 week agonuna957
8 months, 3 weeks ago