The threat intelligence department recently learned of an advanced persistent threat that is leveraging a new strain of malware, exploiting a system router.
The company currently uses the same device mentioned in the threat report.
Which of the following configuration changes would BEST improve the organization's security posture?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The best option for improving the organization's security posture would be to implement an IPS (Intrusion Prevention System) rule that contains content for the malware variant and patch the routers to protect against the vulnerability.
Option A would provide protection against the malware variant by implementing an IPS rule that contains content for the malware variant and patching the routers to protect against the vulnerability. This would prevent the malware from entering the network, and the patch would eliminate the vulnerability that the malware is exploiting.
Option B, on the other hand, would only block traffic from the IP addresses associated with the advanced persistent threat. This is not sufficient, as the threat actor could change their IP address or use a different IP address to launch attacks. Additionally, patching the router is essential to eliminating the vulnerability that the malware is exploiting, which is not addressed in this option.
Option C would only block traffic from the IP addresses associated with the advanced persistent threat, similar to Option B. Therefore, this option suffers from the same drawbacks as Option B.
Option D would provide an IDS (Intrusion Detection System) rule that contains content for the malware variant, but it only provides detection and does not prevent the malware from entering the network. Furthermore, the organization needs to patch the router to eliminate the vulnerability, which is not addressed in this option.
In conclusion, the best option for improving the organization's security posture is to implement an IPS rule that contains content for the malware variant and patch the routers to protect against the vulnerability. This approach provides both prevention and protection against the advanced persistent threat.