04-18-2022 02:30 AM - edited 04-18-2022 02:35 AM
We are solving a case of an IIS6.1 vulnerability on an old Windows 2008 R2 SP1 system. Microsoft no longer has support for Windows update. The customer cannot migrate to the newer system yet.
Would Cortex XDR be able to secure IIS v6.1 web server vulnerabilities?
04-19-2022 05:57 PM
@Fido Practically I think you should take defense in depth approach here and not just rely on Cortex XDR.
> Ring fence server i.e. make sure you lock it down into its own network.
> Monitor logons and expose what is required to the internet if a public facing internet.
> Enable IPS system for network traffic. (Test first by enabling IDS before IPS)
Apart from above, you should be able to get prevention on post exploitation activity with Cortex for un-known threats and as well for known threat.
Example: A command interpreter process such as cmd.exe or powershell.exe spawn from w3wp.exe
You can also create your own detection which can help you detect threats related to your environment.
What version of Cortex XDR are you looking to install?
04-19-2022 11:12 PM
I agree with what @KanwarSingh01 suggests.
You could develop some use cases and implement them through your own correlation rules, BIOCs, .... You could even ingest logs from your IIS6.1 with Cortex XDR Collectors or Filebeat, parse them on XDR and from there you can be creative on what are your defensive goals (from which threats do you want to protect your web server)
04-20-2022 12:22 AM
04-21-2022 03:37 PM
You should be good here.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!