iT邦幫忙

2019 iT 邦幫忙鐵人賽

DAY 24
0

因為資安威脅的日益演變,組織必須假定電腦與網路系統已經遭到滲透,應該要設法找出隱藏的惡意軟體,而這樣的主動、積極的方法,就稱為威脅獵捕。
網路犯罪通常會潛伏長達191天,security operations center (SOC) 分析團隊通常可以防護到80%的威脅。

先決條件,必須要了解系統與網路架構,以及正常運作時應有的樣子

Priority Intelligence Requirement(優先情報需求)
To set up the questions that will drive your threat hunting efforts and the answers that will drive decision-making within the organization
You should decide which IoCs to look for based on an informed hypothesis. For example, certain changes in traffic flows could indicate data exfiltration.

使用工具集合以及處理流程:
https://ithelp.ithome.com.tw/upload/images/20181108/201125382ktS8tpHyX.png

Threat hunting platform
https://ithelp.ithome.com.tw/upload/images/20181108/20112538tTqQZqN9Pn.png

參考來源:
Threat Hunting:面對內部威脅,應採取積極探尋的方式,從被動反應改為主動防禦
https://www.ithome.com.tw/news/122072
A Beginner’s Guide to Threat Hunting
https://securityintelligence.com/a-beginners-guide-to-threat-hunting/
Threat Hunting Platforms (Collaboration with SANS Institute)
https://www.slideshare.net/sqrrl/threat-hunting-platforms-collaboration-with-sans-institute


上一篇
Malware classification
下一篇
Threat hunting (2)
系列文
自然語言技術與AI/ML初探30
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言