클라우드환경에서능동적다중벡터공격대응 - cloudsec · 2018-03-19 · #cloudsec...
TRANSCRIPT
#CLOUDSEC
Agenda
1. Multi-vector Attack
2. Multi-vector Attack Response
3. Connected Threat Defense
4. Advanced Threat Appliance
5. Active Response against Multi-vector Attack
#CLOUDSEC
Multi-vector Attack
“Attack vectors are or used to get into computer
systems, usually for nefarious purposes. They take advantage of known
weak spots to gain entry. Many attack vectors take advantage
of the human element in the system, because that’s often
the weakest link”
공격벡터(Attack Vector)
routes methods
#CLOUDSEC
Multi-vector Attack
Targeted Malware Mobile App. Social networking
Invalid Policy
Botnet
Network threats
Unpatched S/W
Insider attack Organized cyber crime Hactivism
#CLOUDSEC
Multi-vector Attack
Pyramid of Pain – David Bianco
Tactics, Techniques, and Procedures
#CLOUDSEC
Multi-vector Attack Response
파일의뢰(패턴생성의뢰)
Sandboxing
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
Timeline
AV Vendors
패턴 업데이트검증/치료/격리??
위협정보관리??
위협차단/제거완료??
차단의뢰룰생성/룰적용
FW/ IPS
• 실시간위협대응??• 위협정보가시성확보??• 위협라이프사이클관리?
#CLOUDSEC
Connected Threat Defense
Deep DiscoveryInspector
Deep Discovery Analyzer
Deep Discovery Email Inspector
TMES
SPS
OfficeScanDeep Security
・File・IP・URL
Suspicious Object(SO)
SO
SO
SO
SO
Sandbox 분석 요청 Control Manager(TMCM)
Sandbox 분석 요청
탐지/분석 관리 대응
#CLOUDSEC
Connected Threat Defense
- DDI
Suspicious Object 리스트 및 TMCM 연결 설정
#CLOUDSEC
Connected Threat Defense
- DDAN
Suspicious Object 리스트
#CLOUDSEC
Connected Threat Defense
- DDEI
Suspicious Object 에 대한 설정 및 관리
#CLOUDSEC
Connected Threat Defense
- DDEI
Suspicious Object 에 대한 리스트 관리
#CLOUDSEC
Connected Threat Defense
– Deep Security
Suspicious Object 관리 및 DDAN 샌드박스 분석 요청
#CLOUDSEC
Connected Threat Defense
- TMCM
Suspicious Object 확인 (IP/URL/Domain/File)
#CLOUDSEC
Connected Threat Defense
- TMCM
Suspicious Object 에 대한 샌드박스 분석 결과 확인
#CLOUDSEC
Advanced Threat Appliance
Management System Deep DiscoveryInspector / ATA
TippingPoint NGFW
TippingPoint IPS
DDI의위협정보연동을이용한실시간위협차단
Control Manager(TMCM)
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
#CLOUDSEC
Advanced Threat Appliance
#CLOUDSEC
Advanced Threat Appliance
#CLOUDSEC
Active Response against
Multi-vector Attack
실시간 치료/삭제/격리
Detection/Analysis
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
실시간 룰생성/룰적용실시간 차단
FW/ IPS 실시간위협통합대응!!!위협정보에대한가시성확보!!!위협정보라이프사이클관리!!!
위협정보라이프사이클통합관리
Endpoints
#CLOUDSEC
Active Response against
Multi-vector Attack
Total Visibility for Threat Life CycleTotal Visibility
Chris Jang
Trend Micro Korea