Man-in-the-Network: Network Devices are Endpoints too

The U.S. CERT says:

APTs and Malware that target network devices:

Data Sources:

  1. Network Device (System) Logs — via Syslog protocol
  2. AAA logs — via TACACS or RADIUS protocol
by data source, see JSON for ATT&CK Navigator here

Analytics:

Mitigation:

Overview of the 12 Tactics in the Enterprise matrix as they could apply to network devices:

Initial access

Execution

Persistence

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Techniques:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store