Security Policies
Security policies are a set of allow and deny rules that dictate how traffic or files can exist within a network boundary. These rules can also apply to different aspects of the network and hosts, depending on their location.
- Network Traffic Policies
- Application Policies
- User Access Control Policies
- File Management Policies
- DDoS Protection Policies
- Others
There are multiple ways to match an event or object with a security policy entry:
| Security Policy | Description |
|---|---|
Signature-based Detection | Compares network packets with known attack patterns (signatures). If there’s a match, an alert is triggered. |
Heuristic / Statistical Anomaly Detection | Monitors network behavior against a baseline to detect unusual activity. Deviations from normal patterns trigger alerts. |
Stateful Protocol Analysis Detection | Checks if network traffic follows expected protocol behavior. Unusual deviations raise alarms. |
Live-monitoring and Alerting (SOC-based) | Security analysts or automated systems monitor network activity in real time and respond to threats as needed. |
Packers
A Packer compresses an executable file by bundling it with decompression code into a single file. When run, it restores the original executable, making it harder for security tools to detect. The packed file works just like the original but adds an extra layer of protection against scanning.
A list of popular packer software:
| UPX packer | The Enigma Protector | MPRESS |
| Alternate EXE Packer | ExeStealth | Morphine |
| MEW | Themida |