This paper, based in part on Rob McGoverns conversation with Randy Franklin Smith, describes common security threats and how to detect them through your network using Network Monitor Freemium.
In this paper, you can read about how to use Network Monitor to answer questions, such as:
- Where is your network traffic going? Do you know all the outbound IP and URL destinations? Are they safe?
- What is your network traffic? Does it behave properly? Do you have surprising protocols using well-known ports?
- What’s going on with DNS? Are you missing security threats hiding in low-level chatty protocol?
- What’s the frequency of your traffic? Do you have beaconing or C2 traffic hiding in the noise?
- Are you sure you’ve got your security set up correctly? Can you verify that you aren’t seeing protocols or traffic that you think you’ve blocked?
- Are you sure you are covered by DLP? Do you have personally identifiable information (PII) moving around your network in clear text?