Supported platform version:
The Control Channel App is designed to orchestrate and optimize the organization’s security tools to conduct detection, investigation and mitigation operations against programs that try to communicate with an external destination that is known by its malicious reputation. Control channel communication is often one of several steps in a multi-stage attack. The Control Channel App identifies different network patterns or behavior that indicates malware communicating with a remote C2 server or a malware that is being downloaded from a remote site, using the platform’s IDS Service, Network Anti-Malware, Endpoint Protection, and Network Behavior Analysis services. The Control Channel App can be used to aggressively mitigate any privilege escalation attempts, using the platform’s mitigation service, or can be purposed as a tool to indicate the first stages of a more complicated attack.