In Episode #185, we talk with Roger Grimes, who is one of the best Defense Security Experts in the world. He is the Data Driven Defense Evangelist at KnowBe4.
One of the biggest security measures that often gets overlooked is knowing exactly how long the malware dwelled before it was detected and removed.
Our favorite quote of his was “so, I tell people, a little hint I tell them is enable application control software like AppLocker in ‘audit only’ mode so that it detects every time there’s a new execution. And then, every time you have a malware detection, compare it on that device or workstation to when that execution first occurred. So, the malware detects it, removes it, and it’s always got a name. And you just search back in the AppLocker log, find the first execution, and you know how long it was living on that computer.”