A RAT that was used to compromise an organization's banking credentials was found on a user's computer.
The RAT evaded antivirus detection.
It was installed by a user who has local administrator rights to the system as part of a remote management tool set.
Which of the following recommendations would BEST prevent this from reoccurring?
A.
Create a new acceptable use policy. B.
Segment the network into trusted and untrusted zones. C.
Enforce application whitelisting. D.
Implement DLP at the network boundary.
C.
A RAT that was used to compromise an organization's banking credentials was found on a user's computer.
The RAT evaded antivirus detection.
It was installed by a user who has local administrator rights to the system as part of a remote management tool set.
Which of the following recommendations would BEST prevent this from reoccurring?
A.
Create a new acceptable use policy.
B.
Segment the network into trusted and untrusted zones.
C.
Enforce application whitelisting.
D.
Implement DLP at the network boundary.
C.
The scenario presented in this question involves a Remote Access Trojan (RAT) that was installed on a user's computer with local administrator rights to the system as part of a remote management toolset, which evaded antivirus detection and was used to compromise an organization's banking credentials.
To prevent this from happening again, the BEST recommendation would be to implement application whitelisting. Application whitelisting is a security measure that allows only authorized applications to run on a system or network while preventing unauthorized software, such as malware, from executing. By using application whitelisting, the RAT that was previously installed would not have been able to execute because it was not authorized.
Creating a new acceptable use policy, segmenting the network into trusted and untrusted zones, and implementing DLP (Data Loss Prevention) at the network boundary are all valid security recommendations, but they do not directly address the issue of the RAT that was previously installed on the user's computer.
A new acceptable use policy may help prevent future incidents, but it does not directly address the current situation. Segmenting the network into trusted and untrusted zones can help contain a potential breach, but it does not prevent the initial installation of the RAT. Implementing DLP at the network boundary can help detect and prevent sensitive data from leaving the network, but it does not address the initial installation of the RAT.
Therefore, the BEST recommendation to prevent the RAT from reoccurring would be to enforce application whitelisting.