From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Endpoint symptoms
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Endpoint symptoms
- [Narrator] Endpoint devices are also great sources of information for cybersecurity analysts. Some of the symptoms of endpoint compromise are obvious. You might see antivirus alerts or intrusion prevention system warnings popping up on endpoints when they detect a potential security issue. Those symptoms definitely warrant investigation. Other symptoms may be less obvious but just as important when conducting an incident investigation. Just as your physician monitors your vital signs, you should monitor the vital signs of your endpoints for indicators of compromise. The first vital statistic that you should monitor on an endpoint is CPU utilization. Processor consumption can tell you quite a bit about system performance. In addition to watching for anomalies in the amount of CPU being used system-wide, you should also watch for individual processes that are using abnormally high CPU cycles. This might point you at…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.