Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
While the complexity and impact are low, this type of scan can be an indicator of an impending attack. Catching an attacker at the reconnaissance phase is critical to corporate security: there is a better chance to block an attacker before they gain significant knowledge about the domain and cause real damage to the company.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
In the reconnaissance phase of an attack, the attacker gathers as much information as possible about the network. Most scanning tools, such as Nmap Security Scanner, perform DNS lookups on a list of common or random hostnames. When IP addresses are returned for valid hostnames, the attacker can collect information about the network structure and potential targets for further attacks.
If the device running the scan is unfamiliar or the activity is unexpected, quarantine the device to prevent further network access
Implement microsegmentation by adding secure zones based on the zero-trust security model: partition network traffic with endpoint firewalls, virtual or software-defined networks, or physical networks
Restrict or rate limit the number of requests the server will resolve for a given client
