A cybersecurity analyst noticed unexpected communication between an internal host and an external IP address, which is not part of the organization's typical traffic patterns. The communication occurs at consistent intervals and the volume of data being sent is substantial. Which tool should the analyst employ to gather evidence that could indicate a compromise and facilitate a deeper investigation?
Deploy an endpoint detection and response (EDR) solution to monitor the behavior of the internal host.
Utilize tcpdump to capture and analyze the suspicious network traffic.
Review the firewall rules to discern any misconfigurations allowing the said traffic.
Run a vulnerability scanner on the involved host and the network to detect any existing security gaps.
|Incident Response and Management
|Reporting and Communication