An organization’s network has been breached, and the security team has identified unusual encrypted traffic traversing to an external IP address. Additionally, a custom tool was found installed on one of the servers, which was not authorized or recognized by the IT department. In the context of the Diamond Model of Intrusion Analysis, which component does the unauthorized custom tool best exemplify?
|Incident Response and Management
|Reporting and Communication