Welina mai i kahi ʻatikala hou, i kēia manawa ma ke kumuhana o ka hoʻokolokolo hanana, ʻo ia hoʻi ka nānā ʻana i ka malware me ka hoʻohana ʻana i nā forensics Check Point. Ua paʻi mua mākou ma ka hana ʻana ma Smart Event, akā i kēia manawa e nānā mākou i nā hōʻike forensics e pili ana i nā hanana kūikawā i nā huahana Check Point like ʻole:
No ke aha he mea nui ka hoʻopaʻa ʻana i nā hanana forensic? Me he mea lā ua loaʻa iā ʻoe ka maʻi, ua maikaʻi, no ke aha e hana ai? E like me ka hōʻike ʻana o ka hoʻomaʻamaʻa, ʻoi aku ka maikaʻi ʻaʻole e ālai wale i kahi hoʻouka ʻana, akā e hoʻomaopopo pono i ke ʻano o ka hana ʻana: he aha ka mea i komo ai, he aha ka nāwaliwali i hoʻohana ʻia, he aha nā kaʻina e pili ana, inā pili ka papa inoa a me ka ʻōnaehana faila, he aha ka ʻohana. o nā maʻi virus, he aha ka pōʻino, etc. Hiki ke kiʻi ʻia kēia a me nā ʻikepili pono ʻē aʻe mai nā hōʻike forensics piha o Check Point (ma nā kikokikona a me nā kiʻi). He paʻakikī loa ka loaʻa ʻana o ia hōʻike ma ka lima. Hiki i kēia ʻikepili ke kōkua i ka hana kūpono a pale i nā hoʻouka like ʻana mai ka holomua ʻana i ka wā e hiki mai ana. I kēia lā e nānā mākou i ka hōʻike forensics Check Point SandBlast Network.
Pūnaewele SandBlast
ʻO ka hoʻohana ʻana i nā sandboxes e hoʻoikaika i ka pale o ka perimeter pūnaewele he mea maʻamau a he mea pono ia e like me IPS. Ma Check Point, ʻo ka Threat Emulation blade, he ʻāpana ia o nā ʻenehana SandBlast (aia pū kekahi Threat Extraction), ke kuleana o ka hana sandbox. Ua paʻi mua mākou no ka mana Gaia 77.30 (Ke paipai nui nei au e nānā inā ʻaʻole ʻoe maopopo i kā mākou e kamaʻilio nei i kēia manawa). Mai ka manaʻo hoʻolālā, ʻaʻohe mea i loli maoli mai ia manawa. Inā loaʻa iā ʻoe kahi Check Point Gateway ma ka ʻāpana o kāu pūnaewele, a laila hiki iā ʻoe ke hoʻohana i ʻelua mau koho no ka hoʻohui ʻana me ka pahu one:
- SandBlast Mea Hana Kūloko - ua hoʻokomo ʻia kahi mea hana SandBlast hou ma kāu pūnaewele, kahi e hoʻouna ʻia ai nā faila no ka nānā ʻana.
- Kapua SandBlast - Hoʻouna ʻia nā faila no ka nānā ʻana i ke ao Check Point.
Hiki ke noʻonoʻo ʻia ka pahu one i ka laina hope o ka pale ma ka ʻāpana pūnaewele. Hoʻopili wale ia ma hope o ka nānā ʻana ma ke ʻano maʻamau - antivirus, IPS. A inā ʻaʻole hāʻawi ʻia kēlā mau mea hana pūlima kuʻuna i nā ʻikepili, a laila hiki i ka sandbox ke "haʻi" kikoʻī i ke kumu i kāohi ʻia ai ka faila a he aha ka hana ʻino. Hiki ke loaʻa kēia hōʻike forensics mai kahi pahu one kūloko a me ke ao.
Hōʻike Forensics Check Point
E ʻōlelo mākou, ma ke ʻano he loea palekana ʻike, hele mai e hana a wehe i kahi dashboard ma SmartConsole. ʻIke koke ʻoe i nā hanana no nā hola 24 i hala a ua huki ʻia kou manaʻo i nā hanana Threat Emulation - nā hōʻeha weliweli loa i pale ʻole ʻia e ka loiloi pūlima.
Hiki iā ʻoe ke "hoʻohaʻahaʻa" i loko o kēia mau hanana a ʻike i nā lāʻau āpau no ka Threat Emulation blade.
Ma hope o kēia, hiki iā ʻoe ke kānana hou i nā lāʻau ma ka pae koʻikoʻi hoʻoweliweli (Severity), a me ka Confidence Level (kūpono o ka pane):
Ke hoʻonui nei i ka hanana a mākou e makemake ai, hiki iā mākou ke ʻike i ka ʻike maʻamau (src, dst, severity, sender, etc.):
A ma laila ʻoe e ʻike ai i ka ʻāpana Najanawai me ka loaʻa hōʻuluʻulu manaʻo hōʻike. Ke kaomi ʻana iā ia e wehe i kahi kikoʻī kikoʻī o ka malware ma ke ʻano o kahi ʻaoʻao HTML interactive:
(He ʻāpana kēia o ka ʻaoʻao. )
Mai ka hōʻike hoʻokahi, hiki iā mākou ke hoʻoiho i ka malware kumu (i loko o kahi waihona huna huna), a i ʻole e hoʻopili koke i ka hui pane ʻo Check Point.
Ma lalo iho hiki iā ʻoe ke ʻike i kahi animation nani e hōʻike ana i nā huaʻōlelo pākēneka i ʻike mua ʻia i ka code malicious i loaʻa i kā mākou hiʻohiʻona (me ke code ponoʻī a me nā macros). Hāʻawi ʻia kēia mau ʻikepili me ka hoʻohana ʻana i ka mīkini aʻo ma ka Check Point Threat Cloud.
A laila hiki iā ʻoe ke ʻike pono i nā hana i loko o ka sandbox i ʻae iā mākou e hoʻoholo he hewa kēia faila. I kēia hihia, ʻike mākou i ka hoʻohana ʻana i nā ʻenehana bypass a me ka hoʻāʻo e hoʻoiho i ka ransomware:
Hiki ke hoʻomaopopo ʻia i kēia hihia, ua hoʻokō ʻia ka emulation i ʻelua ʻōnaehana (Win 7, Win XP) a me nā ʻano polokalamu like ʻole (Office, Adobe). Aia ma lalo kahi wikiō (hōʻike kiʻi kiʻi) me ke kaʻina o ka wehe ʻana i kēia faila ma ka pahu one:
Laʻana wikiō:
Ma ka hope loa hiki iā mākou ke ʻike kikoʻī i ka ulu ʻana o ka hoʻouka ʻana. Ma ke ʻano papa helu a ma ke kiʻi paha:
Ma laila mākou e hiki ai ke hoʻoiho i kēia ʻike ma ka format RAW a me kahi faila pcap no ka ʻikepili kikoʻī o ke kaʻa i hana ʻia ma Wireshark:
hopena
Ke hoʻohana nei i kēia ʻike, hiki iā ʻoe ke hoʻoikaika nui i ka pale o kāu pūnaewele. Hoʻopaʻa i nā pūʻali hoʻolaha virus, hoʻopaʻa i nā nāwaliwali i hoʻohana ʻia, kāpae i nā manaʻo manaʻo mai C&C a ʻoi aku. ʻAʻole pono e haʻalele ʻia kēia ʻano loiloi.
Ma nā ʻatikala aʻe, e nānā like mākou i nā hōʻike o SandBlast Agent, SnadBlast Mobile, a me CloudGiard SaaS. No laila e hoʻomau (, , , )!
Source: www.habr.com