Following a security incident where an organization's proprietary data was exfiltrated through an advanced persistent threat (APT), a cybersecurity analyst is tasked with a root cause analysis to prevent future compromises. In reviewing the incident, it was determined that the adversary had been present in the network for several months. Which of the following actions should the analyst prioritize to address the systemic issues that facilitated the prolonged presence of the adversary?
You selected this option
Implementing a strict network segmentation strategy retrospectively
You selected this option
Reviewing the organization's patch management policies and procedures
You selected this option
Assessing the effectiveness of the organization's threat hunting practices
You selected this option
Evaluating the encryption methods employed for data at rest within the network
The correct answer is 'Assessing the effectiveness of the organization's threat hunting practices'. In the case of an APT, where the adversary has managed to stay undetected for an extended period, it is imperative to evaluate the threat hunting capabilities, as these are designed to proactively detect and isolate sophisticated threats that evade traditional security measures. Reviewing patch management policies might be an appropriate measure, but it is less specific to the given scenario of an APT which typically circumvents such defenses. Evaluating the encryption methods for data at rest is a security best practice but does not directly address the issue of detection and prolonged unauthorized access. Implementing a network segmentation strategy could help to contain movement within the network, but it would not necessarily identify the root cause of how the APT remained undetected.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are advanced persistent threats (APTs)?
Open an interactive chat with Bash
What does threat hunting involve?
Open an interactive chat with Bash
Why is patch management important for cybersecurity?