From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Application symptoms
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Application symptoms
- [Instructor] Cyber security analysts should also carefully monitor applications and application logs for signs of anomalous activity. This may come in many different forms. As with operating systems, carefully monitor any applications in your environment for the unexpected introduction of new accounts or unauthorized changes to the privileges assigned to existing accounts. Either of these events can be a sign of an attack or manipulating application privileges to either engage in a privilege escalation attack or to create a back door that will allow future access to the system. We've already talked about monitoring network traffic for anomalies, you can take this to the application layer as well. If applications in your environment start sending unexpected outbound communications that could be a sign of compromise. For example, if an application is meant for internal use only, and it suddenly starts communicating…