Takulandirani ku nkhani yachitatu pamndandanda wa makina atsopano oteteza chitetezo pakompyuta pamtambo - Check Point SandBlast Agent Management Platform. Ndiloleni ndikukumbutseni kuti mu tidadziwana ndi Infinity Portal ndikupanga ntchito yoyang'anira wothandizira pamtambo, Endpoint Management Service. Mu Tinaphunzira mawonekedwe a web management console ndikuyika wothandizira wokhala ndi mfundo zokhazikika pamakina ogwiritsira ntchito. Lero tiwona zomwe zili mu ndondomeko ya chitetezo cha Threat Prevention ndikuyesa mphamvu yake polimbana ndi zigawenga zodziwika.
Ndondomeko Yopewera Zowopsa: Kufotokozera
Chiwerengero chomwe chili pamwambachi chikuwonetsa lamulo lokhazikika la ndondomeko ya Kupewa Zowopsa, zomwe nthawi zonse zimagwira ntchito ku bungwe lonse (othandizira onse oikidwa) ndipo zimaphatikizapo magulu atatu omveka a zigawo zotetezera: Web & Files Protection, Behavioral Protection ndi Analysis & Remediation. Tiyeni tione bwinobwino gulu lililonse.
Chitetezo cha Webusaiti & Mafayilo
ulalo Sefa
Kusefa kwa ulalo kumakupatsani mwayi wowongolera mwayi wogwiritsa ntchito intaneti, pogwiritsa ntchito magulu 5 omwe afotokozedwatu. Chilichonse mwamagulu 5 chili ndi zigawo zingapo zapadera, zomwe zimakupatsani mwayi wokonza, mwachitsanzo, kuletsa kulowa mugawo la Masewera ndi kulola mwayi wolowa mugawo la Instant Messaging, lomwe likuphatikizidwa mugulu lomwelo la Productivity Loss. Ma URL okhudzana ndi magawo ena amatsimikiziridwa ndi Check Point. Mutha kuyang'ana gulu lomwe ulalo winawake umakhala kapena kupempha kuti gulu lichotsedwe pazinthu zapadera .
Zochitazo zitha kukhazikitsidwa ku Prevent, Detect kapena Off. Komanso, posankha zochita za Detect, zosintha zimangowonjezera zomwe zimalola ogwiritsa ntchito kudumpha chenjezo la Sefa ya URL ndikupita kuzinthu zomwe amakonda. Ngati Prevent itagwiritsidwa ntchito, zochunirazi zitha kuchotsedwa ndipo wogwiritsa sangathe kulowa patsamba loletsedwa. Njira ina yabwino yoyendetsera zinthu zoletsedwa ndikukhazikitsa List Block, momwe mungatchule madambwe, ma adilesi a IP, kapena kukweza fayilo ya .csv yokhala ndi mndandanda wamadomeni oti mutseke.
M'ndondomeko yokhazikika ya Kusefa kwa URL, zochitazo zimayikidwa ku Detect ndipo gulu limodzi limasankhidwa - Chitetezo, chomwe chidzazindikiridwe. Gululi limaphatikizapo osadziwika osiyanasiyana, masamba omwe ali ndi chiopsezo chachikulu/Chapamwamba/Pakatikati, malo achinyengo, sipamu ndi zina zambiri. Komabe, ogwiritsa ntchito azitha kupezabe gwero chifukwa cha "Lolani wosuta kuti asiye chenjezo la Kusefa kwa URL ndikupeza tsamba la webusayiti".
Tsitsani (paintaneti) Chitetezo
Emulation & Extraction imakupatsani mwayi wotengera mafayilo omwe adatsitsidwa mubokosi lamtambo la Check Point ndikuyeretsa zikalata powuluka, kuchotsa zomwe zingakhale zoyipa, kapena kusintha chikalatacho kukhala PDF. Pali njira zitatu zogwirira ntchito:
- Pewani - amakulolani kuti mupeze chikalata choyeretsedwa chisanachitike chigamulo chomaliza, kapena dikirani kuti kutsanzira kumalize ndikutsitsa fayilo yoyambirira nthawi yomweyo;
- Dziwani - amachita kutengera kumbuyo, popanda kuletsa wosuta kulandira fayilo yoyambirira, mosasamala kanthu za chigamulo;
- Off - mafayilo aliwonse amaloledwa kutsitsa popanda kutsanzira ndikuyeretsa zinthu zomwe zingakhale zoyipa.
Ndizothekanso kusankha zochita pamafayilo omwe sakuthandizidwa ndi kutsanzira kwa Check Point ndi zida zoyeretsera - mutha kulola kapena kukana kutsitsa mafayilo onse osathandizidwa.
Ndondomeko yokhazikika ya Chitetezo Chotsitsa yakhazikitsidwa ku Prevent, yomwe imakupatsani mwayi wopeza chikalata choyambirira chomwe chachotsedwa pazinthu zomwe zingakhale zoyipa, komanso kulola kutsitsa mafayilo omwe sagwirizana ndi kutsanzira ndi kuyeretsa zida.
Chitetezo cha Chidziwitso
Chigawo cha Credential Protection chimateteza zidziwitso za ogwiritsa ntchito ndipo chimaphatikizapo zigawo ziwiri: Zero Phishing ndi Kuteteza Mawu Achinsinsi. Zero Phishing imateteza ogwiritsa ntchito kuzinthu zachinyengo, ndi achinsinsi Protection imadziwitsa wogwiritsa ntchito za kusaloleka kwa kugwiritsa ntchito zidziwitso zamakampani kunja kwa dera lotetezedwa. Zero Phishing ikhoza kukhazikitsidwa kuti Kupewa, Kuzindikira kapena Kuyimitsa. Pamene ntchito ya Prevent yakhazikitsidwa, ndizotheka kulola ogwiritsa ntchito kunyalanyaza chenjezo lachidziwitso cha phishing ndikupeza mwayi wopeza chithandizo, kapena kuletsa njirayi ndikuletsa mwayi kwamuyaya. Ndi ntchito ya Detect, ogwiritsa ntchito nthawi zonse amakhala ndi mwayi wonyalanyaza chenjezo ndikupeza gwero. Kuteteza Mawu Achinsinsi kumakupatsani mwayi wosankha madera otetezedwa omwe mapasiwedi adzawunikiridwa kuti akutsatira, ndi chimodzi mwazinthu zitatu: Dziwani & Chidziwitso (kudziwitsa wogwiritsa ntchito), Dziwani kapena Kuyimitsa.
Ndondomeko yokhazikika ya Chitetezo cha Credential ndikuletsa zida zilizonse zachinyengo kuti ziletse ogwiritsa ntchito kulowa patsamba lomwe lingakhale loyipa. Chitetezo kukugwiritsa ntchito mawu achinsinsi amakampani chimayatsidwanso, koma popanda madomeni otchulidwa izi sizigwira ntchito.
Chitetezo cha Fayilo
Files Protection ili ndi udindo woteteza mafayilo osungidwa pamakina a ogwiritsa ntchito ndipo imaphatikizapo zigawo ziwiri: Anti-Malware ndi Files Threat Emulation. Anti-pulogalamu yaumbanda ndi chida chomwe chimayang'ana pafupipafupi mafayilo onse ogwiritsa ntchito ndi makina pogwiritsa ntchito kusanthula siginecha. Pazokonda za gawoli, mutha kusintha zosintha kuti muzitha kusanthula nthawi zonse kapena kusanthula mwachisawawa, nthawi yosinthira siginecha, komanso kuthekera kwa ogwiritsa ntchito kuletsa kupanga sikani komwe mwakonzekera. Mafayilo Amawopseza Kutsanzira amakulolani kutsanzira mafayilo osungidwa pamakina a ogwiritsa ntchito mu sandbox yamtambo ya Check Point, komabe, chitetezo ichi chimagwira ntchito mu Detect mode.
Ndondomeko yokhazikika ya Chitetezo cha Mafayilo imaphatikizapo kutetezedwa ndi Anti-Malware komanso kuzindikira mafayilo oyipa ndi Files Threat Emulation. Kusanthula pafupipafupi kumachitika mwezi uliwonse, ndipo siginecha pamakina ogwiritsa ntchito zimasinthidwa maola 4 aliwonse. Nthawi yomweyo, ogwiritsa ntchito amakonzedwa kuti athe kuletsa jambulani yomwe idakonzedweratu, koma pasanathe masiku 30 kuchokera tsiku lomaliza jambulani bwino.
Chitetezo cha Makhalidwe
Anti-Bot, Behavioral Guard & Anti-Ransomware, Anti-Exploit
Gulu la Chitetezo cha Makhalidwe a zigawo za chitetezo limaphatikizapo zigawo zitatu: Anti-Bot, Behavioral Guard & Anti-Ransomware ndi Anti-Exploit. Anti-Bot imakupatsani mwayi wowunika ndikuletsa kulumikizana kwa C&C pogwiritsa ntchito database ya Check Point ThreatCloud yomwe imasinthidwa pafupipafupi. Behavioral Guard & Anti-Ransomware imayang'anira zochitika zonse (mafayilo, njira, machitidwe a netiweki) pamakina ogwiritsira ntchito ndikukulolani kuti mupewe kuwomboledwa kwa ransomware poyambira. Kuphatikiza apo, chitetezo ichi chimakupatsani mwayi wobwezeretsa mafayilo omwe adasungidwa kale ndi pulogalamu yaumbanda. Mafayilo amabwezeretsedwa ku zolemba zawo zoyambirira, kapena mutha kufotokoza njira yeniyeni yomwe mafayilo onse obwezeretsedwa adzasungidwa. Anti-Exploit zimakupatsani mwayi kuti muwone kuukira kwamasiku a ziro. Zigawo zonse za Chitetezo cha Makhalidwe zimathandizira njira zitatu zogwirira ntchito: Kupewa, Kuzindikira ndi Kuyimitsa.
Ndondomeko yokhazikika ya Chitetezo cha Makhalidwe imapereka Kuletsa kwa Anti-Bot ndi Behavioral Guard & Anti-Ransomware zigawo, ndikubwezeretsanso mafayilo osungidwa m'mabuku awo oyambirira. Chigawo cha Anti-Exploit chazimitsidwa ndipo sichigwiritsidwa ntchito.
Analysis & Remediation
Automated Attack Analysis (Forensics), Remediation & Response
Zigawo ziwiri zachitetezo zilipo kuti zifufuze ndi kufufuza zochitika zachitetezo: Automated Attack Analysis (Forensics) ndi Remediation & Response. Automated Attack Analysis (Forensics) amakulolani kuti mupange malipoti pazotsatira za kubweza kuukira ndi kufotokozera mwatsatanetsatane - mpaka kusanthula njira yopangira pulogalamu yaumbanda pamakina a wogwiritsa ntchito. Ndikothekanso kugwiritsa ntchito gawo la Threat Hunting, lomwe limapangitsa kuti athe kusaka mosamalitsa zosokoneza komanso zoyipa zomwe zingachitike pogwiritsa ntchito zosefera zomwe zafotokozedwa kale kapena zopangidwa. Kukonzekera & Kuyankha kumakupatsani mwayi wokonza zosintha kuti mubwezeretse ndikuyikanso mafayilo mukatha kuwukira: kuyanjana kwa ogwiritsa ntchito ndi mafayilo okhala kwaokha kumayendetsedwa, komanso ndizotheka kusunga mafayilo omwe ali kwaokha mu bukhu lotchulidwa ndi woyang'anira.
Ndondomeko yokhazikika ya Analysis & Remediation imaphatikizapo chitetezo, chomwe chimaphatikizapo zochita zokha kuti zibwezeretsedwe (njira zomaliza, kubwezeretsa mafayilo, ndi zina zotero), ndipo mwayi wotumiza mafayilo kuti ukhale kwaokha ukugwira ntchito, ndipo ogwiritsa ntchito amatha kuchotsa mafayilo pokhapokha.
Ndondomeko Yopewera Zowopsa: Kuyesa
Chongani Point CheckMe Endpoint
Njira yachangu komanso yosavuta yowonera chitetezo cha makina a wogwiritsa ntchito motsutsana ndi mitundu yodziwika bwino yakuukira ndikuyesa mayeso pogwiritsa ntchito gwero. , yomwe imachita ziwonetsero zingapo zamagulu osiyanasiyana ndikukulolani kuti mupeze lipoti pazotsatira zoyeserera. Pankhaniyi, njira yoyesera ya Endpoint idagwiritsidwa ntchito, pomwe fayilo yotheka imatsitsidwa ndikukhazikitsidwa pakompyuta, ndiyeno kutsimikizira kumayamba.
Poyang'ana chitetezo cha kompyuta yomwe ikugwira ntchito, SandBlast Agent ikuwonetsa za zomwe zadziwika ndikuwonetsa kuukira kwa kompyuta ya wogwiritsa ntchito, mwachitsanzo: tsamba la Anti-Bot limafotokoza za kupezeka kwa matenda, tsamba la Anti-Malware lazindikira ndikuchotsa fayilo yoyipa CP_AM.exe, ndipo tsamba la Threat Emulation layika kuti fayilo ya CP_ZD.exe ndi yoyipa.
Kutengera zotsatira za kuyesa pogwiritsa ntchito CheckMe Endpoint, tili ndi zotsatirazi: mwa magulu 6 owukira, mfundo yokhazikika ya Threat Prevention idalephera kuthana ndi gulu limodzi lokha - Browser Exploit. Izi ndichifukwa choti mfundo zopewera zoopsa siziphatikiza tsamba la Anti-Exploit. Ndizofunikira kudziwa kuti popanda SandBlast Agent yoyikidwa, kompyuta ya wogwiritsa ntchito idadutsa jambulani pansi pa gulu la Ransomware.
KnowBe4 RanSim
Kuti muyese ntchito ya tsamba la Anti-Ransomware, mutha kugwiritsa ntchito njira yaulere , yomwe imayesa mayesero angapo pamakina a wogwiritsa ntchito: 18 zochitika za matenda a ransomware ndi 1 cryptominer matenda opatsirana. Ndikoyenera kudziwa kuti kukhalapo kwa masamba ambiri mundondomeko yokhazikika (Kuyesa Zowopsa, Anti-Malware, Khalidwe Loyang'anira) ndi Kupewa sikulola kuti mayesowa ayende bwino. Komabe, ngakhale mulingo wocheperako wachitetezo (Zowopsa Zoyeserera mu Off mode), kuyesa kwa tsamba la Anti-Ransomware kumawonetsa zotsatira zapamwamba: 18 mwa mayeso a 19 adadutsa bwino (1 idalephera kuyamba).
Mafayilo ndi zikalata zoyipa
Ndichiwonetsero chowunika momwe masamba osiyanasiyana amagwirira ntchito mu mfundo yachitetezo cha Threat Prevention pogwiritsa ntchito mafayilo oyipa amitundu yotchuka yomwe idatsitsidwa pamakina a ogwiritsa ntchito. Mayesowa adakhudza mafayilo 66 amtundu wa PDF, DOC, DOCX, EXE, XLS, XLSX, CAB, RTF. Zotsatira zoyesa zinawonetsa kuti SandBlast Agent adatha kuletsa mafayilo oyipa a 64 kuchokera ku 66. Mafayilo omwe ali ndi kachilomboka adachotsedwa pambuyo potsitsa, kapena kuchotsedwa pazinthu zoyipa pogwiritsa ntchito Threat Extraction ndikulandilidwa ndi wogwiritsa ntchito.
Malangizo pakuwongolera ndondomeko ya Kupewa Zowopsa
1. Kusefa kwa URL
Chinthu choyamba chomwe chiyenera kukonzedwa mu ndondomeko yokhazikika kuti muwonjezere chitetezo cha makina a kasitomala ndikusintha tsamba la Sefa la URL kuti Muteteze ndikufotokozerani magulu oyenerera oletsa. Kwa ife, magulu onse adasankhidwa kupatula Kugwiritsa Ntchito MwachizoloΕ΅ezi, chifukwa amaphatikizapo zinthu zambiri zomwe zimayenera kuletsa kugwiritsa ntchito kwa ogwiritsa ntchito kuntchito. Komanso, pamasamba oterowo, ndikofunikira kuti muchotse kuthekera kwa ogwiritsa ntchito kudumpha zenera lochenjeza mwa kusayang'ana "Lolani kuti wosuta achotse chenjezo la Kusefa kwa URL ndikupeza tsamba lawebusayiti".
2.Download Chitetezo
Njira yachiwiri yoyenera kusamala ndikutha kwa ogwiritsa ntchito kutsitsa mafayilo omwe samathandizidwa ndi kutsanzira kwa Check Point. Popeza m'chigawo chino tikuyang'ana zosintha za ndondomeko ya Prevention Prevention kuchokera pachitetezo, njira yabwino ndiyo kuletsa kutsitsa kwa mafayilo osathandizidwa.
3. Kuteteza Mafayilo
Muyeneranso kulabadira zoikamo kuteteza owona - makamaka zoikamo kuti sikani nthawi ndi nthawi ndi luso wosuta kuchedwetsa sikani mokakamiza. Pachifukwa ichi, nthawi ya wogwiritsa ntchito iyenera kuganiziridwa, ndipo njira yabwino kuchokera kumalo otetezera ndi machitidwe ndikukonza zojambula zokakamiza kuti ziziyenda tsiku lililonse, ndi nthawi yosankhidwa mwachisawawa (kuyambira 00:00 mpaka 8:00). XNUMX), ndipo wogwiritsa akhoza kuchedwetsa jambulani kwa sabata imodzi.
4. Anti-Exploit
Choyipa chachikulu cha mfundo yoletsa kuwopseza ndikuti tsamba la Anti-Exploit lazimitsidwa. Ndibwino kuti mulole tsamba ili ndi Prevent action kuteteza malo ogwirira ntchito kuti asawukidwe pogwiritsa ntchito zida. Ndi kukonza uku, kuyesanso kwa CheckMe kumatha bwino popanda kuzindikira zovuta pamakina opangira a wogwiritsa ntchito.
Pomaliza
Tiyeni tifotokoze mwachidule: m'nkhaniyi tidadziwa zigawo za ndondomeko ya "Treat Prevention", kuyesa ndondomekoyi pogwiritsa ntchito njira ndi zipangizo zosiyanasiyana, komanso kufotokoza malingaliro opititsa patsogolo makonda a ndondomeko yowonjezera kuti awonjezere chitetezo cha makina ogwiritsira ntchito. . M'nkhani yotsatirayi, tidzapita patsogolo pophunzira ndondomeko ya Chitetezo cha Data ndikuyang'ana pa Zokonda Padziko Lonse.
. Kuti musaphonye zofalitsa zotsatirazi pamutu wa SandBlast Agent Management Platform, tsatirani zosintha pamasamba athu ochezera (, , , , ).
Source: www.habr.com