Stories from the SOC – detecting network anomalies with OTX

This blog was co-written by Leo Garcia, Sr. Specialist – Cybersecurity..
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive Summary
This Investigation was initiated on the basis of several Network Anomaly alarms triggered by ongoing suspicious activity on an employee device owned by a financial institution. During the discovery phase of the Investigation, we identified abnormal egress traffic to a known Indicator of Compromise (IOC) based on intelligence from the Open Threat Exchange™ (OTX®). After a carefully curated analysis of the activity at hand was presented to the customer, we worked closely with their IT personnel to remediate the concerning behavior and implement safeguards to help prevent similar occurrences.
Investigation
Initial Alarm Review
Indicators of Compromise (IOCs)
The initial…

Posted by: Jeff LaCroix

Read full post

      

The post Stories from the SOC – detecting network anomalies with OTX appeared first on Cybersecurity Insiders.

June 08, 2020 at 09:10PM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security