With the recent surge of remote workers, you will get a flood of new endpoints connecting to your network via VPN and a distracted remote user base wanting the latest coronavirus information. Cyber criminals are exploiting this chaos and are targeting your user workstations with phishing attacks using “COVID-19” language in order to compromise an insider account.
There are ways to mitigate risk of penetration and educate employees, but attackers are both sophisticated and relentless, so some of them will get inevitably through. The key to catching attacks as early as possible and stopping them before real damage is done is to properly monitor your workstations. But what’s the best way to do that?
This e-book reveals the three most important logs to monitor for tighter Windows workstation security — the security, Sysmon and PowerShell logs — and details exactly which events to collect for each and why.