From the course: CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 1 Security Operations
Join today to access over 23,100 courses taught by industry experts.
Application symptoms
From the course: CompTIA Cybersecurity Analyst+ (CySA+) (CS0-003) Cert Prep: 1 Security Operations
Application symptoms
- [Instructor] Cybersecurity analysts should also carefully monitor applications and application logs for signs of anomalous activity. This may come in many different forms. As with operating systems, carefully monitor any applications in your environment for the expected introduction of new accounts or unauthorized changes to the privileges assigned to existing accounts. Either of these events can be a sign of an attacker manipulating application privileges to either engage in a privileged escalation attack or to create a backdoor that will allow future access to the system. We've already talked about monitoring network traffic for anomalies. You can take this to the application layer as well. If applications in your environment start sending unexpected outbound communications, that could be a sign of compromise. For example, if an application is meant for internal use only and it suddenly starts communicating to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.