Supported platform version:
The Internal Infection App is designed to orchestrate and optimize the organization’s security tools to conduct detection, investigation and mitigation operations against campaigns that try to spread malicious code within a network in order to conduct multiple attack types on an organization. Internal infection is often one of several steps in a multi-stage attack. The Internal Infection App identifies different indicators of the threat such as downloads of malwares of variant types, presence of IOCs on endpoints, and network behavior that resembles malware movement, using the platform’s Network Anti-Malware, Endpoint Protection, and Network Behavior Analysis services. The Internal Infection App can be used to aggressively mitigate any privilege escalation tries, using the platform’s mitigation service, or can be purposed as a tool to indicate the first stages of a more complicated attack.