The Top 8 Things to Analyze in Your Network to Detect a Compromised System

Back in August, I had an amazing conversation with Randy Franklin Smith of Ultimate Windows Security during a webinar. We talked about how to identify a number of security scenarios simply by looking at network traffic.

If you missed the live session, “The Top 8 Things to Analyze in Outbound Packets,” you can view it here.

This discussion generated some great feedback, and we’re proud to provide a new white paper titled, “Detecting Compromised Systems: Analyzing the Top 8 Indicators of Threat Traffic.”

This white paper, based in part on my conversation with Randy Franklin Smith, describes common security threats and how to detect them through your network using NetMon Freemium.

In this white paper, you can read about how to use NetMon to answer questions, such as:

  • Where is your network traffic going? Do you know all the outbound IP and URL destinations? Are they safe?
  • What is your network traffic? Does it behave properly? Do you have surprising protocols using well-known ports?
  • What’s going on with DNS? Are you missing security threats hiding in low-level chatty protocol?
  • What’s the frequency of your traffic? Do you have beaconing or C2 traffic hiding in the noise?
  • Are you sure you’ve got your security set up correctly? Can you verify that you aren’t seeing protocols or traffic that you think you’ve blocked?
  • Are you sure you are covered by DLP? Do you have personally identifiable information (PII) moving around your network in clear text?

To learn the top 8 indicators of a compromised system in your network traffic, download the white paper, “Detecting Compromised Systems: Analyzing the Top 8 Indicators of Threat Traffic.”

Read White Paper