Securaa is a Comprehensive No Code Security Automation Platform that blends intelligence, risk-based asset management, vulnerability insights, automation and incident response into a single platform enabling SOC’s to reduce cybersecurity response time significantly and increase throughput manifolds.
Command and Control
Scenario
A command-and-control [C&C] server is a computer controlled by an attacker or cybercriminal which is used to send commands to systems compromised by malware and receive stolen data from a target network. Attacker uses a malicious server to command and control already compromised machines over a network. The malicious server (the command and control server) is also used to receive the desired payload from the compromised network. This is typically done through compromised channels ( like malvertising, vulnerable web browser plugins, phishing, installation of malware etc.). Companies often use a list of C&C domains, URLS and IP addresses from threat intelligence providers and import them in SIEM solutions for alerting on systems that are connected to these C&C Systems.
What Securaa Does
- With Securaa, you can automate the SOC SOPs for C2C or other category of security incidents
- Securaa ingests the command and control incident from SIEM
- Extraction of IOCs is done from the ingested case
- Reputation checks are performed on the IP address using various TI tools and securaa’s TIP
- User is identified from the information fetched from the case
- Directory services actions such as disabling or blocking the AD are performed as a remediation step
- Malicious IP addresses are blocked in Firewall as a part of remediation
A Step-by-Step Workflow for Command and Control
