Detecting Compromised Systems

Analysing the top eight indicators of threat traffic

Representing more than 80 percent of attacks today, external threats are one of the most high-profile risks that your organisation will face.

But key indicators of a compromise can be found by analysing your network traffic from outbound connections—specifically traffic coming from an endpoint on your network and connecting through your firewall to something on the internet. Focusing on this threat traffic can give your organisation visibility into the early indicators of a threat.

The goal is to detect a compromised endpoint. The analysis of your anomalous network traffic is critical to detecting ongoing compromised systems. But what are the best ways to identify a compromise from your network traffic alone?

In this white paper, you’ll learn:

  • The top eight indicators of a compromise
  • How you can use each of these eight indicators to detect a compromised system
  • Tools that can help you detect and investigate unwanted and unauthorised applications