- In the modern internet society, it is possible to obtain information about devices connected to the internet worldwide through network and device search engines such as Shodan.
- Attackers can use these search engines to collect information on potential targets or launch attacks such as port scanning on a large number of devices.
- Attackers utilize the results of information gathering to identify vulnerabilities in target systems and attempt initial penetration, achieving goals such as lateral movement and ransomware distribution.
- Therefore, enterprise security managers need to continuously manage and monitor IT assets exposed to the outside world for abnormal behavior.
- AhnLab EDR (Endpoint Detection and Response) is a solution that can be used for detecting initial penetration stages targeting IIS web servers.
https://asec.ahnlab.com/ko/64877/