Downloading additional malware
—If an attacker compromises
a data center server, the malware on the server may download more
malware from the internet through a phone-home or other mechanism.
A strict allow rule that allows communication only with the appropriate
update servers using only the necessary update applications prevents
attackers from contacting websites that house malware and from exfiltrating
data. In addition, install
Cortex XDR Agent on the
data center servers (and all of your endpoints) to prevent malware
that already resides on a server from executing.