Perimeter monitoring
The next location where we need to look for malware or malicious behavior is at the perimeter. This can be in the form of firewall logging or intrusion detection systems (IDS). But monitoring the perimeter comes in two forms:
- Ingress monitors: These are situated where the corporate network and the internet meet. These might be included in a border router’s or an external firewall’s ingress filtering software, or they could be passive monitors on their own. They might be part of a border router or an external firewall, or they might operate independently as passive monitors. These monitors can use heuristic, anomalous, or signature-based techniques to detect malware traffic. Another technique might be the employment of a honeypot to detect malicious activity. An example might be a request to a server or website for something that doesn’t exist but has a known vulnerability or exploit.
- Egress monitors: These are relative and often...
