(ã¿ã€ãã«ã®ã¢ã€ãã¢ãæäŸããŠããã Sergey G. Brester ã«æè¬ããŸã)
ååã®çããããã®èšäºã®ç®çã¯ããã»ãã·ã§ã³ ãã¯ãããžãŒã«åºã¥ãæ°ããã¯ã©ã¹ã® IDS ãœãªã¥ãŒã·ã§ã³ã® XNUMX 幎éã«ããããã¹ãéçšã®çµéšãå ±æããããšã§ãã
è³æã®ãã¬ãŒã³ããŒã·ã§ã³ã®è«ççäžè²«æ§ãç¶æããã«ã¯ãåæããå§ããå¿ èŠããããšèããŠããŸãã ãããã£ãŠãåé¡ã¯æ¬¡ã®ãšããã§ãã
- æšçåæ»æã¯ãè åšã®ç·æ°ã«å ããå²åã¯å°ããã«ãããããããæãå±éºãªã¿ã€ãã®æ»æã§ãã
- å¢çãä¿è·ããä¿èšŒãããæå¹ãªæ段 (ãŸãã¯ãã®ãããªæ段ã®ã»ãã) ã¯ãŸã çºæãããŠããŸããã
- éåžžãæšçåæ»æã¯ããã€ãã®æ®µéã§çºçããŸãã å¢çç·ã®çªç Žã¯åæ段éã® XNUMX ã€ã«ãããŸããããã¡ãããDEoS (ãµãŒãã¹ç Žå£) æ»æ (æå·åæ©èœãªã©) ã§ãªãéããã被害è ãã«å€§ããªãã¡ãŒãžãäžããããšã¯ãããŸãã (ç§ã«ç³ãæããŠãæ§ããŸãã)ã ãïŒã æ¬åœã®ãçã¿ãã¯ãã®åŸãæç²ãããè³ç£ããããããšã深床ãæ»æã®å±éã«äœ¿çšããå§ãããšãã«å§ãŸããŸãããç§ãã¡ã¯ããã«æ°ã¥ããŸããã§ããã
- æ»æè ãæçµçã«æ»æã¿ãŒã²ãã (ã¢ããªã±ãŒã·ã§ã³ ãµãŒããŒãDBMSãããŒã¿ ãŠã§ã¢ããŠã¹ããªããžããªãéèŠãªã€ã³ãã©ã¹ãã©ã¯ãã£èŠçŽ ) ã«å°éãããšãç§ãã¡ãå®éã®æ倱ã被ãå§ãããããæ å ±ã»ãã¥ãªã㣠ãµãŒãã¹ã®ã¿ã¹ã¯ã® XNUMX ã€ã¯æ»æãäžæããåã«äžæããããšã§ããã®ã¯è«ççã§ãããã®æ²ããåºæ¥äºã ããããäœããäžæããã«ã¯ããŸãããã«ã€ããŠèª¿ã¹ãªããã°ãªããŸããã ãããŠæ©ããã°æ©ãã»ã©è¯ãã®ã§ãã
- ãããã£ãŠããªã¹ã¯ç®¡çãæåããã (ã€ãŸããæšçåæ»æã«ãã被害ã軜æžãã) ã«ã¯ãTTD (æ€åºæé - äŸµå ¥ã®ç¬éããæ»æãæ€åºããããŸã§ã®æé) ãæå°éã«æããããŒã«ãçšæããããšãéèŠã§ãã æ¥çãå°åã«ãã£ãŠç°ãªããŸããããã®æéã¯ç±³åœã§ã¯å¹³å 99 æ¥ãEMEA å°åã§ã¯ 106 æ¥ãAPAC å°åã§ã¯ 172 æ¥ã§ã (M-Trends 2017ãA View From the Front LinesãMandiant)ã
- åžå Žã¯äœãæäŸããŸãã?
- ããµã³ãããã¯ã¹ãã ãã XNUMX ã€ã®äºé²ç®¡çã§ãããããã¯çæ³ãšã¯çšé ããã®ã§ãã ãµã³ãããã¯ã¹ããã¯ã€ããªã¹ã ãœãªã¥ãŒã·ã§ã³ãæ€åºããŠãã€ãã¹ããããã®å¹æçãªææ³ã¯æ°å€ããããŸãã ããã§ã¯ãããŒã¯ãµã€ããã®é£äžããŸã äžæ©å ãè¡ã£ãŠããã
- UEBA (åäœããããã¡ã€ãªã³ã°ããéžè±ãç¹å®ããã·ã¹ãã ) - çè«çã«ã¯ãéåžžã«å¹æçã§ãã ããããç§ã®èãã§ã¯ãããã¯é ãå°æ¥ã®ããšã§ãã å®éã«ã¯ãããã¯äŸç¶ãšããŠéåžžã«é«äŸ¡ã§ä¿¡é Œæ§ãäœããåäœåæçšã®ããŒã¿ãçæãããã¹ãŠã®ããŒã«ããã§ã«åãã£ãŠãããéåžžã«æçããå®å®ãã IT ããã³æ å ±ã»ãã¥ãªã㣠ã€ã³ãã©ã¹ãã©ã¯ãã£ãå¿ èŠã§ãã
- SIEM ã¯èª¿æ»ã«ã¯åªããããŒã«ã§ãããçžé¢ã«ãŒã«ã¯çœ²åãšåãã§ãããããæ°ãããŠç¬åµçãªãã®ãã¿ã€ã ãªãŒã«ç¢ºèªããŠè¡šç€ºããããšã¯ã§ããŸããã
- ãã®çµæã次ã®ãããªããŒã«ãå¿
èŠã«ãªããŸãã
- ãã§ã«å¢çã䟵害ãããŠããç¶æ³ã§ãåé¡ãªãåäœãã
- 䜿çšãããããŒã«ãè匱æ§ã«é¢ä¿ãªããæåããæ»æãã»ãŒãªã¢ã«ã¿ã€ã ã§æ€åºããŸãã
- ã·ã°ããã£/ã«ãŒã«/ã¹ã¯ãªãã/ããªã·ãŒ/ãããã¡ã€ã«ãªã©ã®éçãªãã®ã«ã¯äŸåããŸããã§ããã
- åæã«å€§éã®ããŒã¿ãšãã®ãœãŒã¹ã¯å¿ èŠãããŸããã§ãããã
- ããã«ãããè¿œå ã®èª¿æ»ãå¿ èŠãšãªããäžçæé«ã®ãç¹èš±ååŸæžã¿ã§ããããéå ¬éã®æ°åŠãã®çµæãšããŠã®ãããçš®ã®ãªã¹ã¯ã¹ã³ã¢ãªã³ã°ãšããŠæ»æãå®çŸ©ããã®ã§ã¯ãªããå®è³ªçã«äºå€äºè±¡ãšããŠæ»æãå®çŸ©ã§ããããã«ãªããŸãã ãç§ãã¡ã¯æ»æãããŠããŸãããŸãã¯ããããã倧äžå€«ã§ããã
- æ±çšæ§ããããå¹ççã«æ¡åŒµå¯èœã§ããã䜿çšãããç©ççããã³è«ççãªãããã¯ãŒã¯ ããããžã«é¢ä¿ãªããããããç°çš®ç°å¢ã§ã®å®è£ ãå¯èœã§ããã
ãããã欺çãœãªã¥ãŒã·ã§ã³ãçŸåšããã®ãããªããŒã«ã®åœ¹å²ãäºã£ãŠããŸãã ã€ãŸãããããŒãããã®å€ãè¯ãæŠå¿µã«åºã¥ãããœãªã¥ãŒã·ã§ã³ã§ãããå®è£ ã¬ãã«ã¯ãŸã£ããç°ãªããŸãã ãã®è©±é¡ã¯ä»ééããªãçãäžãã£ãŠããŸãã
çµæã«ãããš
å ±åæžã«ãããš
åŸè
ã®ã»ã¯ã·ã§ã³å
šäœ
TrapX Deception Grid ã䜿çšãããšãã©ã€ã»ã³ã¹ã®è² è·ãããŒããŠã§ã¢ ãªãœãŒã¹ã®èŠä»¶ãå¢ããããšãªãã倧èŠæš¡ã«åæ£ããã IDS ã®ã³ã¹ããèšå®ããäžå çã«éçšããããšãã§ããŸãã å®éãTrapX ã¯ãæ¢åã® IT ã€ã³ãã©ã¹ãã©ã¯ãã£ã®èŠçŽ ãããäŒæ¥å šäœã®èŠæš¡ã§æ»æãæ€åºããããã® XNUMX ã€ã®å€§ããªã¡ã«ããºã ãã€ãŸãäžçš®ã®åæ£ãããã¯ãŒã¯ãã¢ã©ãŒã ããäœæã§ããããã«ããã³ã³ã¹ãã©ã¯ã¿ãŒã§ãã
ãœãªã¥ãŒã·ã§ã³ã®æ§é
ç§ãã¡ã®ç 究宀ã§ã¯ãIT ã»ãã¥ãªãã£ã®åéã«ãããããŸããŸãªæ°è£œåãåžžã«ç 究ãããã¹ãããŠããŸãã çŸåšãããã«ã¯ TrapX Deception Grid ã³ã³ããŒãã³ããå«ãçŽ 50 ã®ç°ãªãä»®æ³ãµãŒããŒããããã€ãããŠããŸãã
ãããã£ãŠãäžããäžã«æ¬¡ã®ããã«ãªããŸãã
- TSOC (TrapX Security Operation Console) ã¯ã·ã¹ãã ã®é è³ã§ãã ããã¯ããœãªã¥ãŒã·ã§ã³ã®æ§æãå±éãããã³æ¥åžžã®ãã¹ãŠã®æäœãå®è¡ãããäžå€®ç®¡çã³ã³ãœãŒã«ã§ãã ãã㯠Web ãµãŒãã¹ã§ãããããå¢çäžãã¯ã©ãŠãå ããŸã㯠MSSP ãããã€ããŒãªã©ãã©ãã«ã§ãå±éã§ããŸãã
- TrapX ã¢ãã©ã€ã¢ã³ã¹ (TSA) ã¯ããã©ã³ã¯ ããŒãã䜿çšããŠãç£èŠå¯Ÿè±¡ã®ãµããããã«æ¥ç¶ããä»®æ³ãµãŒããŒã§ãã ãŸãããã¹ãŠã®ãããã¯ãŒã¯ ã»ã³ãµãŒãå®éã«ããã«ãååšãããŠããŸãã
ç§ãã¡ã®ã©ãã«ã¯ 1 ã€ã® TSA (mwsapp2) ãå±éãããŠããŸãããå®éã«ã¯å€æ°ã® TSA ãååšããå¯èœæ§ããããŸãã ããã¯ãã»ã°ã¡ã³ãéã« LXNUMX æ¥ç¶ããªã倧èŠæš¡ãããã¯ãŒã¯ (å žåçãªäŸã¯ãææ ªäŒç€ŸãšåäŒç€ŸããŸãã¯ãéè¡ã®æ¬åºãšæ¯åºã)ããŸãã¯ãããã¯ãŒã¯ã«åé¢ãããã»ã°ã¡ã³ã (èªåããã»ã¹å¶åŸ¡ã·ã¹ãã ãªã©) ãããå Žåã«å¿ èŠã«ãªãå ŽåããããŸãã ãã®ãããªåãã©ã³ã/ã»ã°ã¡ã³ãã§ã¯ãç¬èªã® TSA ãå±éããŠåäžã® TSOC ã«æ¥ç¶ã§ããããã§ãã¹ãŠã®æ å ±ãéäžåŠçãããŸãã ãã®ã¢ãŒããã¯ãã£ã«ããããããã¯ãŒã¯ãæ ¹æ¬çã«åæ§ç¯ããããæ¢åã®ã»ã°ã¡ã³ããŒã·ã§ã³ãäžæãããããããšãªããåæ£ç£èŠã·ã¹ãã ãæ§ç¯ã§ããŸãã
ãŸããTAP/SPAN çµç±ã§éä¿¡ãã©ãã£ãã¯ã®ã³ããŒã TSA ã«éä¿¡ããããšãã§ããŸãã æ¢ç¥ã®ãããããããã³ãã³ãïŒã³ã³ãããŒã« ãµãŒããŒããŸã㯠TOR ã»ãã·ã§ã³ãšã®æ¥ç¶ãæ€åºãããå Žåã¯ãã³ã³ãœãŒã«ã«ãçµæã衚瀺ãããŸãã Network Intelligence Sensor (NIS) ããããæ åœããŸãã ç§ãã¡ã®ç°å¢ã§ã¯ããã®æ©èœã¯ãã¡ã€ã¢ãŠã©ãŒã«ã«å®è£ ãããŠãããããããã§ã¯äœ¿çšããŸããã§ããã
- ã¢ããªã±ãŒã·ã§ã³ ãã©ãã (ãã« OS) â Windows ãµãŒããŒã«åºã¥ãåŸæ¥ã®ãããŒãããã ãããã®ãµãŒããŒã®äž»ãªç®çã¯ãã»ã³ãµãŒã®æ¬¡ã®å±€ã« IT ãµãŒãã¹ãæäŸããããšããŸã㯠Windows ç°å¢ã«å±éãããŠããããžãã¹ ã¢ããªã±ãŒã·ã§ã³ã«å¯Ÿããæ»æãæ€åºããããšã§ãããããå€ãã®ãµãŒããŒã¯å¿
èŠãããŸããã ç§ãã¡ã®ç 究宀ã«ã¯ãã®ãããªãµãŒããŒã 01 å°èšçœ®ãããŠããŸã (FOSXNUMX)
- ãšãã¥ã¬ãŒãããããã©ããã¯ãœãªã¥ãŒã·ã§ã³ã®äž»èŠã³ã³ããŒãã³ãã§ãããåäžã®ä»®æ³ãã·ã³ã䜿çšããŠãæ»æè
åãã«éåžžã«å¯ãªãå°é·åããäœæããäŒæ¥ãããã¯ãŒã¯ãšãã®ãã¹ãŠã® VLAN ãã»ã³ãµââãŒã§é£œåãããããšãã§ããŸãã æ»æè
ã¯ããã®ãããªã»ã³ãµãŒãŸãã¯ãã¡ã³ãã ãã¹ãããç§ãã¡ãæ»æè
ã«èŠããããšã決ããæ¬ç©ã® Windows PC ãŸãã¯ãµãŒããŒãLinux ãµãŒããŒããŸãã¯ãã®ä»ã®ããã€ã¹ãšããŠèªèããŸãã
ããžãã¹ã®å©çãšå¥œå¥å¿ã®ããã«ãç§ãã¡ã¯ããŸããŸãªããŒãžã§ã³ã® Windows PC ãšãµãŒããŒãLinux ãµãŒããŒãWindows ãçµã¿èŸŒãŸãã ATMãSWIFT Web ã¢ã¯ã»ã¹ããããã¯ãŒã¯ ããªã³ã¿ãCisco ãªã©ã®ãåçãç©ã®ãã¢ããå°å ¥ããŸãããã¹ã€ãããAxis IP ã«ã¡ã©ãMacBookãPLC ããã€ã¹ãããã«ã¯ã¹ããŒãé»çãããã ãã¹ãã¯å šéšã§ 13 人ããŸãã äžè¬ã«ããã³ããŒã¯ããã®ãããªã»ã³ãµãŒãå®éã®ãã¹ãã®æ°ã®å°ãªããšã 10% ã®éã§å°å ¥ããããšãæšå¥šããŸãã äžéšã®ããŒã¯äœ¿çšå¯èœãªã¢ãã¬ã¹ç©ºéã§ããéåžžã«éèŠãªç¹ã¯ããã®ãããªåãã¹ãã¯ããªãœãŒã¹ãšã©ã€ã»ã³ã¹ãå¿ èŠãšããæ¬æ Œçãªä»®æ³ãã·ã³ã§ã¯ãªããšããããšã§ãã ããã¯ãããšãããšãã¥ã¬ãŒã·ã§ã³ãTSA äžã® XNUMX ã€ã®ããã»ã¹ã§ããããã©ã¡ãŒã¿ã®ã»ãããš IP ã¢ãã¬ã¹ããããŸãã ãããã£ãŠãããšã XNUMX 人㮠TSA ã®å©ããåããŠããèŠå ±ã·ã¹ãã ã®ã»ã³ãµãŒãšããŠæ©èœããæ°çŸã®ãã®ãããªãã¡ã³ãã ãã¹ãã§ãããã¯ãŒã¯ã飜åãããããšãã§ããŸãã ãã®ãã¯ãããžãŒã«ããããããã倧èŠæš¡ãªåæ£åäŒæ¥å šäœã«ãããŒãããã®ã³ã³ã»ãããã³ã¹ãå¹çããæ¡åŒµã§ããããã«ãªããŸãã
æ»æè ã®èŠ³ç¹ããèŠããšããããã®ãã¹ãã«ã¯è匱æ§ããããæ¯èŒçç°¡åã«ã¿ãŒã²ããã«ãããããã«èŠãããããé åçã§ãã æ»æè ã¯ãããã®ãã¹ãäžã®ãµãŒãã¹ãèªèããããããšå¯Ÿè©±ããæšæºã®ããŒã«ãšãããã³ã« (smb/wmi/ssh/telnet/web/dnp/bonjour/Modbus ãªã©) ã䜿çšããŠæ»æããããšãã§ããŸãã ãã ãããããã®ãã¹ãã䜿çšããŠæ»æãéçºããããç¬èªã®ã³ãŒããå®è¡ãããããããšã¯äžå¯èœã§ãã
- ããã 100 ã€ã®ãã¯ãããžãŒ (FullOS ãšãšãã¥ã¬ãŒãããããã©ãã) ãçµã¿åãããããšã§ãé
ããæ©ããæ»æè
ãã·ã°ããªã³ã° ãããã¯ãŒã¯ã®äœããã®èŠçŽ ã«ééãããšããé«ãçµ±èšç確çãéæã§ããŸãã ãããããã®ç¢ºçã XNUMX% ã«è¿ãããšã確èªããã«ã¯ã©ãããã°ããã§ãããã?
ãããã欺çããŒã¯ã³ãæŠéã«åå ããŸãã 圌ãã®ãããã§ãäŒæ¥ã®æ¢åã®ãã¹ãŠã® PC ãšãµãŒããŒãåæ£ IDS ã«å«ããããšãã§ããŸãã ããŒã¯ã³ã¯ãŠãŒã¶ãŒã®å®éã® PC ã«é 眮ãããŸãã ããŒã¯ã³ã¯ãªãœãŒã¹ãæ¶è²»ãã競åãåŒãèµ·ããå¯èœæ§ããããšãŒãžã§ã³ãã§ã¯ãªãããšãç解ããããšãéèŠã§ãã ããŒã¯ã³ã¯ååçãªæ å ±èŠçŽ ã§ãããæ»æåŽãçœ ã«é¥ãããäžçš®ã®ããã³ãããªã¹ããã§ãã ããšãã°ããããããããããã¯ãŒã¯ ãã©ã€ãããã©ãŠã¶å ã®åœã® Web 管çè ãžã®ããã¯ããŒã¯ãšä¿åããããã¹ã¯ãŒããä¿åããã ssh/rdp/winscp ã»ãã·ã§ã³ããã¹ã ãã¡ã€ã«å ã®ã³ã¡ã³ããå«ããã©ãããã¡ã¢ãªã«ä¿åããããã¹ã¯ãŒããååšããªããŠãŒã¶ãŒã®è³æ Œæ å ±ããªãã£ã¹ãªã©ã§ãããã¡ã€ã«ãéããšã·ã¹ãã ãããªã¬ãŒããããªã©ã ãããã£ãŠãå®éã«ã¯ç§ãã¡ã«ãšã£ãŠè åšã§ã¯ãªããããããã®éã®æ»æãã¯ãã«ã§é£œåããæªãã ç°å¢ã«æ»æè ã眮ããŸãã ãããŠããã®æ å ±ãã©ããŸã§ãçå®ã§ãã©ããèåœã§ããããå€æããæ¹æ³ããããŸããã ãããã£ãŠãæ»æãè¿ éã«æ€åºããã ãã§ãªããæ»æã®é²è¡ãå€§å¹ ã«é ãããããšãã§ããŸãã
ãããã¯ãŒã¯ãã©ããã®äœæãšããŒã¯ã³ã®èšå®ã®äŸã ãã¬ã³ããªãŒãªã€ã³ã¿ãŒãã§ã€ã¹ã§ãèšå®ãã¹ã¯ãªãããªã©ãæåã§ç·šéããå¿
èŠã¯ãããŸããã
ç§ãã¡ã®ç°å¢ã§ã¯ãWindows Server 01R2012 ãå®è¡ããŠãã FOS2 ãš Windows 7 ãå®è¡ããŠãããã¹ã PC ã«ãã®ãããªããŒã¯ã³ãå€æ°æ§æããŠé 眮ããŸãããRDP ã¯ãããã®ãã·ã³äžã§å®è¡ãããŠããããããã®ãã·ã³ãå®æçã« DMZ ã«ããã³ã°ããããŸããããã§ã¯ãå€æ°ã®ã»ã³ãµãŒãé 眮ãããŠããŸãã (ãšãã¥ã¬ãŒãããããã©ãã) ã衚瀺ãããŸãã ãããã£ãŠãããã°åœç¶ã®ããšãªãããäºä»¶ã絶ãéãªãçºçããŸãã
ããã§ãä»å¹Žã®ç°¡åãªçµ±èšãããã€ã瀺ããŸãã
56 â èšé²ãããã€ã³ã·ãã³ãã
2 â æ»æå
ãã¹ããæ€åºãããŸããã
ã€ã³ã¿ã©ã¯ãã£ãã§ã¯ãªãã¯å¯èœãªæ»æããã
åæã«ããã®ãœãªã¥ãŒã·ã§ã³ã¯ãç解ããã®ã«é·ãæéãããããããçš®ã®ã¡ã¬ãã°ãã€ãã³ã ãã£ãŒããçæããŸããã 代ããã«ããœãªã¥ãŒã·ã§ã³èªäœãã€ãã³ããã¿ã€ãå¥ã«åé¡ããæ å ±ã»ãã¥ãªã㣠ããŒã ãäž»ã«æãå±éºãªã€ãã³ããã€ãŸãæ»æè ãå¶åŸ¡ã»ãã·ã§ã³ãéå§ããããšãããšã (ã€ã³ã¿ã©ã¯ã·ã§ã³) ãããã€ã㪠ãã€ããŒã (ææ) ããã©ãã£ãã¯ã«çŸãããšãã«éäžã§ããããã«ããŸãã
ã€ãã³ãã«é¢ãããã¹ãŠã®æ
å ±ã¯èªã¿ããããæ
å ±ã»ãã¥ãªãã£åéã®åºæ¬çãªç¥èãæã€ãŠãŒã¶ãŒã«ãšã£ãŠãç解ãããã圢åŒã§è¡šç€ºãããŠãããšæããŸãã
èšé²ãããã€ã³ã·ãã³ãã®ã»ãšãã©ã¯ããã¹ããŸãã¯åäžã®æ¥ç¶ãã¹ãã£ã³ããããšãããã®ã§ãã
ãŸãã¯ãRDP ã®ãã¹ã¯ãŒããç·åœããæ»æããããšããŸãã
ããããç¹ã«æ»æè
ã RDP ã®ãã¹ã¯ãŒããæšæž¬ããŠããŒã«ã« ãããã¯ãŒã¯ã«ã¢ã¯ã»ã¹ããããšã«ãæåãââããå Žåãªã©ãããã«èå³æ·±ãã±ãŒã¹ããããŸããã
æ»æè
㯠psexec ã䜿çšããŠã³ãŒããå®è¡ããããšããŸãã
æ»æè
ã¯ä¿åãããã»ãã·ã§ã³ãçºèŠããLinux ãµãŒããŒã®åœ¢ã§çœ ã«é¥ããŸããã æ¥ç¶çŽåŸãäºåã«æºåããã XNUMX ã€ã®ã³ãã³ã ã»ããã䜿çšããŠããã¹ãŠã®ãã° ãã¡ã€ã«ãšå¯Ÿå¿ããã·ã¹ãã å€æ°ãç Žå£ããããšããŸããã
æ»æè
ã¯ãSWIFT Web ã¢ã¯ã»ã¹ãæš¡å£ãããããŒãããäžã§ SQL ã€ã³ãžã§ã¯ã·ã§ã³ãå®è¡ããããšããŸãã
ãã®ãããªãèªç¶ãªãæ»æã«å ããŠãç§ãã¡ã¯ç¬èªã®ãã¹ããå€æ°å®æœããŸããã æãæãããªããšã® XNUMX ã€ã¯ããããã¯ãŒã¯äžã®ãããã¯ãŒã¯ ã¯ãŒã ã®æ€åºæéããã¹ãããããšã§ãã ãããè¡ãããã«ãGuardiCore ã®ããŒã«ãšåŒã°ããããŒã«ã䜿çšããŸããã
ç§ãã¡ã¯ããŒã«ã« ã³ãã³ã ã»ã³ã¿ãŒãå±éãããã·ã³ã® 90 å°ã§ã¯ãŒã ã®æåã®ã€ã³ã¹ã¿ã³ã¹ãèµ·åãã106 åå以å
ã« TrapX ã³ã³ãœãŒã«ã§æåã®ã¢ã©ãŒããåãåããŸããã TTD 㯠XNUMX ç§ã§ãããå¹³å㯠XNUMX æ¥ã§ã...
ä»ã®ã¯ã©ã¹ã®ãœãªã¥ãŒã·ã§ã³ãšçµ±åã§ããæ©èœã®ãããã§ãè åšãè¿ éã«æ€åºããã ãã§ãªããè åšã«èªåçã«å¯Ÿå¿ã§ããããã«ãªããŸãã
ããšãã°ãNAC (ãããã¯ãŒã¯ ã¢ã¯ã»ã¹ ã³ã³ãããŒã«) ã·ã¹ãã ã CarbonBlack ãšçµ±åãããšã䟵害ããã PC ããããã¯ãŒã¯ããèªåçã«åæã§ããŸãã
ãµã³ãããã¯ã¹ãšã®çµ±åã«ãããæ»æã«é¢äžãããã¡ã€ã«ãåæã®ããã«èªåçã«éä¿¡ã§ããŸãã
ãã«ãã£ãŒã®çµ±å
ãã®ãœãªã¥ãŒã·ã§ã³ã«ã¯ãç¬èªã®ã€ãã³ãçžé¢ã·ã¹ãã ãçµã¿èŸŒãŸããŠããŸãã
ãããããã®æ©èœã«æºè¶³ã§ããªãã£ããããHP ArcSight ãšçµ±åããŸããã
å
èµã®çºåžã·ã¹ãã ã¯ãæ€åºãããè
åšã«å
šäžçã察åŠããã®ã«åœ¹ç«ã¡ãŸãã
ãã®ãœãªã¥ãŒã·ã§ã³ã¯ãæ¿åºæ©é¢ã倧äŒæ¥ã»ã°ã¡ã³ãã®ããŒãºã«åãããŠãæåãããéçºããããããããŒã«ããŒã¹ã®ã¢ã¯ã»ã¹ ã¢ãã«ãAD ãšã®çµ±åãã¬ããŒããšããªã¬ãŒ (ã€ãã³ã ã¢ã©ãŒã) ã®éçºãããã·ã¹ãã ããªãŒã±ã¹ãã¬ãŒã·ã§ã³ãèªç¶ã«å®è£
ãããŠããŸãã倧èŠæš¡ãªä¿ææ§é ãŸã㯠MSSP ãããã€ããŒã
å±¥æŽæžã®ä»£ããã«
æ¯å©çã«èšãã°ãç§ãã¡ã®èäžãèŠããã®ãããªç£èŠã·ã¹ãã ãããå Žåãå¢çç·ã®åŠ¥åã«ãã£ãŠãã¹ãŠãå§ãŸã£ãã°ããã§ãã æãéèŠãªããšã¯ãæ
å ±ã»ãã¥ãªã㣠ã€ã³ã·ãã³ãã«å¯ŸåŠããå®éã®æ©äŒãããããã®çµæã«å¯ŸåŠããããšã§ã¯ãªããšããããšã§ãã
åºæïŒ habr.com