Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?

A company is experiencing a malware attack within its network. A security engineer notices many of the impacted assets are connecting outbound to a number of remote destinations and exfiltrating data. The security engineer also see that deployed, up-to-date antivirus signatures are ineffective.

Which of the following is the BEST approach to prevent any impact to the company from similar attacks in the future?
A . IDS signatures
B . Data loss prevention
C . Port security
D . Sinkholing

View Answer

Answer: D

Explanation:

Sinkholing is a technique for manipulating data flow in a network; you redirect traffic from its intended destination to the server of your choosing. It can be used maliciously, to steer legitimate traffic away from its intended recipient, but security professionals more commonly use sinkholing as a tool for research and reacting to attacks1 Sinkholing can help prevent any impact to the company from similar attacks in the future by redirecting the malicious traffic from the compromised assets to a sinkhole server, where it can be monitored, analyzed, or blocked. Sinkholing can also prevent the compromised assets from communicating with their command and control servers or exfiltrating data to remote destinations.

Reference: 1 Hacker Lexicon: What Is Sinkholing? | WIRED