Web traffic and email are monitored, analysed, and controlled (for example, malicious link blocking, suspicious download blocking, email authentication techniques, IP address blocking)
Context and Guidance: Network protections should include capabilities to monitor, analyse, and control web traffic and email. The web and email are common vectors that attackers use to attempt to gain credentials or other sensitive information from users. Phishing and watering hole attacks are commonly used to distribute malware or obtain user credentials that are leveraged in the early stages of the kill chain. The organisation may consider protections such as monitoring links and attachments in emails, quarantining suspicious downloads, and using DNS filtering to reduce the chance of attackers using these attack vectors to gain a foothold on the network.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ARCHITECTURE-2a, ARCHITECTURE-2c, ARCHITECTURE-2e, ARCHITECTURE-2f, ARCHITECTURE-2g, ARCHITECTURE-2k.