Controls

detect ransomware ransomware prevention (enable roll back capabilites if not in place) detect ransomware activity, isolate and rollback rocketcyber reverse engineer mitre att\&ck from advanced threat detection module process detect known bad processes mailcious files detect known malicious files vulnerabilitiles detect vulnerabilitiles (cve) other iocs look at ioc detection access prevent dns lookups for bad domains prevent connections to ips / blocked domains crypto get from rockcyber to start support other categories of bad ips (iocs) prevent connections by country detect and prevent 3rd party vpns (whitelist) isolated device from network (using firewall rules, allow connection to commandit to rememdiate issue) windows defender management screenshot recording record sceenshots of user activity storage drive encryption (bitlocker / macos) incl key storage prevent removable drives (with whitelist)