While reviewing an alert that shows a malicious request on one web application, a cybersecurity analyst is
alerted to a subsequent token reuse moments later on a different service using the same single sign-on
method. Which of the following would BEST detect a malicious actor?
A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server
alerted to a subsequent token reuse moments later on a different service using the same single sign-on
method. Which of the following would BEST detect a malicious actor?
A. Utilizing SIEM correlation engines
B. Deploying Netflow at the network border
C. Disabling session tokens for all sites
D. Deploying a WAF for the web server