Wk 4 discussion – indicators of compromise


 Respond to the following in a minimum of 175 words: 

An important part of managing security in connections and communications between a secured network and the Internet at-large is to have a benchmark for what normal traffic looks like. Many applications exist for the purpose of monitoring, probing, or scanning traffic-related events to catch irregularities that can inform a deeper investigation. 

  • What types of irregularities could signal a potential security event or incident? Describe at least 2 types of indicators.
  • Which tools would you recommend to track these indicators, and how would you respond to these occurrences on your network? How would you determine if these indicators signaled a real threat?