SANS:2018年网络要挟情报现状调研陈述51CTO博客 - 众发娱乐

SANS:2018年网络要挟情报现状调研陈述51CTO博客

2019-01-03 10:40:30 | 作者: 青寒 | 标签: 网络,要挟,情报 | 浏览: 401

2018年2月初,SANS发布了一年一度的网络要挟情报调研陈述。以下是自己的一些了解和内容摘抄。

  • “We will monitor threat feeds and escalate [a] certain vulnerability remediation priority based on active exploitation campaigns in the wild. These feeds include vendor threat feeds or just security news.”

  • “We utilize several intelligence feeds to augment our perimeter firewall capabilities.”

  • “Pulled info on threat actors, source IPs, domains and [fed] them into EDR [endpoint detection and response] for [blacklists] and traffic reports from them.”

  • “We have alerting set up in our SIEM that correlates event searches against our subscribed threat intelligence feeds. From there we conduct our investigations and take whatever actions [are] deemed an appropriate response. The response is typically blocking malicious activities and hunting for further indicators of compromise across the enterprise environment.”

  • “As CTI raw data, we gathered ransomware IPs, domain names, file hashes from CTI providers as a service and integrated those valuable data [points into] our SIEM, malware analysis appliance, firewall and IPS. Then, when traffic occurs from our [network] to those
    blacklisted IPs or when an email is received with a file attached with a hash of Wcry files, alarms are sent to related security teams. If the system is in blocking mode, we block that traffic.”

  • 8)CTI都跟谁集成?如前所述,仍是跟SIEM集成为最多挑选。

    26.jpg

    10)CTI仍然面对的首要应战。首要仍是人员素质和水平、预算。

    最终,引证一段SANS分析师的原话作为完毕:

    According to John Pescatore, SANS’director of emerging technologies, increasing automation and adding more staff are not the approaches organizations should take. He says, “The real successes in cyber security have been where skills are continually upgraded, staff growth is moderate and next-generation cyber security tools are used to act as ‘force multipliers’ that enable limited staff to keep up with the speed of both threats and business demands.”


    【参阅】

    SANS:2017年网络要挟情报现状调研陈述

    SANS:2016年网络要挟情报现状调研陈述

    版权声明
    本文来源于网络,版权归原作者所有,其内容与观点不代表众发娱乐立场。转载文章仅为传播更有价值的信息,如采编人员采编有误或者版权原因,请与我们联系,我们核实后立即修改或删除。

    猜您喜欢的文章