Challenges

Containment

In many cases, the initial compromise of an environment will not immediately result in the attacker achieving their ultimate goal. Instead they will often need to reconnoiter the environment and compromise multiple additional systems. Effective operational security designs and utilization of native security features can help. For example, if the targeted organization has configured its environment with this potential threat in mind, it is possible to contain the attacker’s activities and thereby buy time to detect, respond to, and mitigate the attack. In most cases, the security features required to contain attacks already exists. Existing environments, however, are often architected to mitigate opportunistic rather than Targeted Attacks. To contain an attack, consideration should therefore be given to architecting domain administration models that limit the availability of administrator credentials and applying available technologies such as IPsec based network encryption to restrict unnecessary interconnectivity on the network.

Featured Articles

Locations

United States Change All Microsoft Sites

Search

Feedback:

Was the information in this article helpful?