Network-Related Malicious Indicators

Every action taken by a threat actor on a network requires the manipulation of electrons or photons across a physical medium. Because of this absolute physical limitation, perfectly invisible attacks do not exist. To move laterally, to extract data, or to receive instructions, an adversary must generate network traffic, leaving behind distinct mathematical and structural anomalies. The discipline of security monitoring is the act of studying this telemetry, much like an astrophysicist studies the spectral lines of distant stars, to infer the presence of phenomena we cannot observe directly. By rigorously evaluating the dimensions of time, volume, protocol structure, and spatial origin within our packets, we can consistently detect unauthorized intrusion long before a final objective is achieved.

Just as astrophysicists study spectral lines to deduce the chemical composition of distant stars, security analysts evaluate network telemetry to infer the unseen behaviors of threat actors.
Just as astrophysicists study spectral lines to deduce the chemical composition of distant stars, security analysts evaluate network telemetry to infer the unseen behaviors of threat actors.