A SOC analyst at a financial services company identifies a new malware variant targeting their mobile banking application. The malware uses a previously unseen command-and-control (C2) protocol. After successfully containing the incident internally, which of the following is the most effective next step to enhance the security of the entire financial sector?
Share the indicators of compromise (IoCs) and TTPs of the new malware with the Financial Services Information Sharing and Analysis Center (FS-ISAC).
Recommend that the CISO allocates more budget toward advanced endpoint detection and response (EDR) solutions.
Conduct a full forensic analysis of an infected endpoint to build a detailed timeline of the breach.
Deploy a new network-based intrusion detection signature to block the identified C2 traffic across the organization's perimeter.
The correct action is to share the indicators of compromise (IoCs) and Tactics, Techniques, and Procedures (TTPs) with the Financial Services Information Sharing and Analysis Center (FS-ISAC). This action directly contributes to the collective defense of the entire financial sector by warning other organizations of the new threat, allowing them to proactively defend themselves. While deploying an internal NIDS signature, conducting forensic analysis, and recommending budget increases are all valid security activities, they are internally focused. Sharing intelligence with an ISAC is the most effective step for enhancing the security of the broader community, which is the specific goal mentioned in the question.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of organizations involved in cybersecurity information sharing?
Open an interactive chat with Bash
What tools or platforms facilitate information sharing in cybersecurity?
Open an interactive chat with Bash
How does information sharing enhance cybersecurity defense?