Page 28 - Cyber Defense Magazine RSA Edition for 2021
P. 28

During an attack on the facility, the security team was immediately able to see new connections forming
            from the remote access group to the DMZ group and from the DMZ to the operator network group (see
            below). As soon as that alert was issued, the security team was notified of that change and the remote
            access connection was disconnected, stopping the attackers immediately.
































               4.  It’s really easy to set automated rules that will alert in case there is connectivity between specific
                   network groups. In this case, we set an alert if there is a connection from the DMZ to the operator
                   network and a similar rule in case there is a connection from the remote access to the DMZ group.



































                                                                                                              28
   23   24   25   26   27   28   29   30   31   32   33