Tikugashirei kuchinyorwa chechitatu munhevedzano nezve nyowani-yakavakirwa pamunhu komputa kuchengetedza manejimendi koni - Tarisa Point SandBlast Agent Management Platform. Rega ndikuyeuchidze kuti mukati takazivana neInfinity Portal uye takagadzira gore-based agent management service, Endpoint Management Service. In Isu takadzidza iyo web manejimendi console interface uye takaisa mumiriri ane yakajairwa mutemo pamushini wemushandisi. Nhasi tichatarisa zviri mukati meiyo yakajairwa Threat Prevention chengetedzo mutemo uye tiedze kushanda kwayo mukurwisa kurwiswa kwakakurumbira.
Standard Threat Prevention Policy: Tsanangudzo
Nhamba iri pamusoro inoratidza mutemo wemutemo weThreat Prevention, iyo inongoshanda kune sangano rose (vose vakaiswa vamiririri) uye inosanganisira mapoka matatu ane musoro ezvikamu zvekudzivirira: Web & Files Protection, Behavioral Protection uye Analysis & Remediation. Ngatitarisei zvakanyanya pane rimwe nerimwe remapoka.
Webhu & Mafaira Dziviriro
URL Sefa
URL Sefa inobvumidza iwe kudzora kuwana kwevashandisi kune zviwanikwa zvewebhu, uchishandisa zvakafanotsanangurwa 5 zvikamu zvesaiti. Imwe neimwe yezvikamu zvishanu ine akati wandei akati wandei madiki, ayo anobvumidza iwe kuti ugadzirise, semuenzaniso, kuvharira kupinda muchikamu cheMitambo uye kubvumidza kupinda muchikamu cheInstant Messaging, icho chinosanganisirwa muchikamu chimwe chete Chigadzirwa Kurasa. Ma URL ane hukama neakasiyana madiki akatemerwa neCheck Point. Iwe unogona kutarisa chikamu icho chaiyo URL ndeyayo kana kukumbira chikamu chepamusoro pane yakakosha sosi .
Chiito chacho chinogona kusetwa kuKudzivirira, Kuona kana Kudzima. Zvakare, kana uchisarudza iyo Detect chiito, kuseta kunowedzerwa otomatiki izvo zvinobvumira vashandisi kusvetuka iyo URL Kusefa yambiro uye kuenda kune sosi yekufarira. Kana Dziviriro ikashandiswa, kuseta uku kunogona kubviswa uye mushandisi haazokwanisi kuwana saiti yakarambidzwa. Imwe nzira iri nyore yekudzora zviwanikwa zvinorambidzwa ndeyekumisa Rondedzero yeBlock, iyo yaunogona kudoma madomasi, IP kero, kana kurodha .csv faira rine runyoro rwemadomasi ekuti uvhare.
Mune yakajairwa mutemo weURL Kusefa, chiito chinoiswa kuKuona uye chikamu chimwe chinosarudzwa - Chengetedzo, iyo zviitiko zvichaonekwa. Ichi chikamu chinosanganisira akasiyana anonymizer, masaiti ane Critical/High/Medium risk level, phishing sites, spam nezvimwe zvakawanda. Nekudaro, vashandisi vachange vachikwanisa kuwana iyo sosi yekutenda kune "Bvumira mushandisi kudzinga iyo URL yekusefa yambiro uye kuwana iyo webhusaiti" marongero.
Dhawunirodha (web) Dziviriro
Emulation & Extraction inokutendera kuti utevedzere mafaira akadhawunirodha muCheck Point Cloud sandbox uye kuchenesa magwaro panhunzi, kubvisa zvingangove zvakashata, kana kushandura gwaro kuita PDF. Kune matatu maitiro ekushanda:
- Dzivisa - inokutendera kuti utore kopi yegwaro rakacheneswa pamberi pemutongo wekupedzisira wekutevedzera, kana kumirira kuti emulation ipedze uye kurodha faira rekutanga nekukurumidza;
- Ziva - inoita emulation kumashure, pasina kudzivirira mushandisi kugamuchira iyo yekutanga faira, zvisinei nemutongo;
- Off - chero mafaera anotenderwa kutorwa pasina kutevedzera uye kucheneswa kwezvinhu zvingangove zvakashata.
Izvo zvakare zvinogoneka kusarudza chiito kune mafaera asina kutsigirwa neCheck Point emulation uye maturusi ekuchenesa - unogona kubvumidza kana kuramba kurodha kwemafaira ese asina kutsigirwa.
Iyo yakajairwa mutemo weDhivha Dziviriro yakaiswa kune Dziviriro, iyo inokutendera iwe kuti utore kopi yegwaro rekutanga rakacheneswa pane zvingangove zvakashata zvemukati, pamwe nekubvumira kurodha mafaera asingatsigirwe nekutevedzera uye ekuchenesa maturusi.
Credential Protection
Iyo Credential Dziviriro chikamu chinochengetedza zvitupa zvemushandisi uye inosanganisira 2 zvikamu: Zero Phishing uye Password Dziviriro. Zero Phishing inodzivirira vashandisi kubva pakuwana zviwanikwa zve phishing, uye Kuchengetedzwa kwepasirini inozivisa mushandisi nezvekusabvumidzwa kwekushandisa magwaro ekambani kunze kwenzvimbo yakachengetedzwa. Zero Phishing inogona kusetwa Kudzivirira, Kuona kana Kudzima. Kana iyo Yekudzivirira chiito ichinge yaiswa, zvinogoneka kubvumira vashandisi kufuratira yambiro nezve inogona kuve phishing sosi uye kuwana mukana kune iyo sosi, kana kudzima sarudzo iyi uye kuvharira kuwana zvachose. Nechiito cheDetect, vashandisi vanogara vaine sarudzo yekufuratira yambiro uye kuwana iyo sosi. Password Dziviriro inokutendera iwe kuti usarudze madhomeni akadzivirirwa ayo mapassword anozotariswa kuti atevedzerwe, uye chimwe chezviito zvitatu: Tsvaga & Yambiro (kuzivisa mushandisi), Tsvaga kana Off.
Iyo yakajairwa mutemo weCredential Dziviriro ndeyekudzivirira chero zviwanikwa zvehutsotsi kudzivirira vashandisi kuwana saiti inogona kuve yakaipa. Dziviriro kubva pakushandiswa kwemapassword emakambani zvakare inogoneswa, asi pasina madomasi akatsanangurwa chimiro ichi hachishande.
Files Protection
Kudzivirirwa kwemafaira kune basa rekuchengetedza mafaera akachengetwa pamushini wemushandisi uye anosanganisira zvinhu zviviri: Anti-Malware uye Files Threat Emulation. Anti-malware chishandiso chinogara chichiongorora mafaera ese evashandisi uye system uchishandisa siginecha yekuongorora. Mune zvigadziriso zvechikamu ichi, unogona kumisa marongero enguva dzose kutarisisa kana kusarongeka nguva yekuongorora, siginecha yekuvandudza nguva, uye kugona kwevashandisi kukanzura yakarongwa scanning. Mafaira Anotyisidzira Emulation inokutendera kuti utevedzere mafaera akachengetwa pamushini wemushandisi muCheck Point Cloud sandbox, zvisinei, iyi kuchengetedza inongoshanda muDetect mode.
Iyo yakajairwa mutemo weFaira Dziviriro inosanganisira dziviriro neAnti-Malware uye kuona mafaera akashata neFiles Threat Emulation. Nguva dzose kuongorora kunoitwa mwedzi wega wega, uye masiginecha pamushini wemushandisi anovandudzwa maawa mana ega ega. Panguva imwecheteyo, vashandisi vanogadziriswa kuti vakwanise kudzima scan yakarongwa, asi pasina mazuva anopfuura makumi matatu kubva pazuva rekupedzisira rakabudirira scan.
Kudzivirirwa Kwemaitiro
Anti-Bot, Behavioral Guard & Anti-Ransomware, Anti-Exploit
Iyo Behavioral Dziviriro boka rezvikamu zvekudzivirira rinosanganisira zvinhu zvitatu: Anti-Bot, Behavioral Guard & Anti-Ransomware uye Anti-Exploit. anti bot inokutendera kuti utarise uye uvhare C&C yekubatanidza uchishandisa iyo inogara yakagadziridzwa Check Point ThreatCloud dhatabhesi. Behavioral Guard & Anti-Ransomware inogara ichitarisisa chiitiko (mafaira, maitiro, kupindirana kwetiweki) pamushini wemushandisi uye inobvumidza iwe kudzivirira kurwiswa kweransomware pamatanho ekutanga. Uye zvakare, ichi chekudzivirira chinokutendera iwe kudzoreredza mafaera akatovharirwa neiyo malware. Mafaira anodzoserwa kune awo ekutanga madhairekitori, kana iwe unogona kutsanangura chaiyo nzira uko mafaera ese akadzoserwa achachengetwa. Anti-Exploit inobvumidza iwe kuona zero-zuva kurwiswa. Zvese Behavioral Dziviriro zvikamu zvinotsigira matatu anoshanda modhi: Kudzivirira, Kuona uye Kudzima.
Iyo yakajairwa mutemo weBehavioral Protection inopa Dziviriro yeAnti-Bot uye Behavioral Guard & Anti-Ransomware zvikamu, nekudzoreredzwa kwemafaira akavharidzirwa mumadhairekitori avo ekutanga. The Anti-Exploit chikamu chakavharwa uye hachina kushandiswa.
Analysis & Remediation
Automated Attack Analysis (Forensics), Remediation & Response
Zvikamu zviviri zvekuchengetedza zviripo pakuongorora nekuferefetwa kwezviitiko zvekuchengetedza: Automated Attack Analysis (Forensics) uye Remediation & Response. Automated Attack Analysis (Forensics) inobvumidza iwe kuburitsa mishumo pamhedzisiro yekudzinga kurwiswa netsananguro yakadzama - pasi chaipo pakuongorora maitiro ekuita iyo malware pamushini wemushandisi. Izvo zvakare zvinogoneka kushandisa iyo Threat Hunting ficha, iyo inoita kuti zvikwanise kutsvaga zvine hungwaru kutsvaga anomalies uye hutsinye hunhu uchishandisa akafanotsanangurwa kana akagadzirwa mafirita. Kugadzirisa & Mhinduro inokutendera iwe kuti ugadzirise marongero ekudzoreredza uye kuvharirwa mafaera mushure mekurwiswa: kupindirana kwemushandisi nemafaira ekuvharirwa kunodzorwa, uye zvakare zvinokwanisika kuchengetedza mafaera akavharirwa mune dhairekitori inotsanangurwa nemutungamiriri.
Iyo yakajairwa Analysis & Remediation policy inosanganisira dziviriro, iyo inosanganisira otomatiki zviito zvekudzoreredza (maitirwo ekupedzisira, kudzoreredza mafaera, nezvimwewo), uye sarudzo yekutumira mafaera kuvharirwa inoshanda, uye vashandisi vanogona chete kudzima mafaera kubva kugarwa.
Standard Threat Prevention Policy: Kuedza
Tarisa Point CheckMe Endpoint
Iyo inokurumidza uye iri nyore nzira yekutarisa kuchengetedzwa kwemuchina wemushandisi uchipesana nemhando dzinozivikanwa dzekurwiswa ndeyekuita bvunzo uchishandisa iyo sosi. , iyo inoita huwandu hwekurwiswa kwakajairwa kweakasiyana siyana uye inobvumidza iwe kuti uwane mushumo pamusoro pemhedzisiro yekuyedzwa. Muchiitiko ichi, iyo Endpoint yekuyedza sarudzo yakashandiswa, umo faira rinogoneka rinotorwa uye rakaiswa pakombuta, uye ipapo maitiro ekuongorora anotanga.
Mukuita kwekutarisa kuchengetedzeka kwekombuta inoshanda, SandBlast Agent inosaina nezve yakaonekwa uye yakaratidza kurwiswa pakombuta yemushandisi, semuenzaniso: iyo Anti-Bot blade inoshuma kuonekwa kwehutachiona, iyo Anti-Malware blade yaona uye yakadzima yakaipa faira CP_AM.exe, uye Threat Emulation blade yakaisa kuti CP_ZD.exe faira ine hutsinye.
Zvichienderana nemhedzisiro yekuyedzwa uchishandisa CheckMe Endpoint, isu tine zvinotevera mhedzisiro: kunze kwezvikamu zvitanhatu zvekurwisa, iyo yakajairwa Threat Prevention policy yatadza kubata nechikamu chimwe chete - Browser Exploit. Izvi zvinodaro nekuti iyo yakajairwa Threat Prevention policy haisanganisire Anti-Exploit blade. Zvakakosha kucherechedza kuti pasina SandBlast Agent yakaiswa, komputa yemushandisi yakapfuura scan chete pasi pechikamu cheRansomware.
KnowBe4 RanSim
Kuti uedze kushanda kweAnti-Ransomware blade, unogona kushandisa mhinduro yemahara , iyo inomhanyisa nhevedzano yebvunzo pamushini wemushandisi: 18 ransomware hutachiona hwehutachiona uye 1 cryptominer chirwere chetachiona. Zvakakosha kuziva kuti kuvapo kwemashizha akawanda mumutemo wakajairwa (Threat Emulation, Anti-Malware, Behavioral Guard) neChiito Chekudzivirira hachibvumiri bvunzo iyi kuti iite nemazvo. Nekudaro, kunyangwe neyakadzikiswa chengetedzo level (Threat Emulation muOff mode), iyo Anti-Ransomware blade bvunzo inoratidza yakakwirira mibairo: gumi nemasere kubva pagumi nepfumbamwe bvunzo dzakapasa zvinobudirira (18 yakundikana kutanga).
Mafaira nemagwaro ane hutsinye
Zvinoratidza kutarisa kushanda kweakasiyana mablades eiyo yakajairwa Threat Prevention policy uchishandisa hutsinye mafaera emafomati akakurumbira akatorwa kumushini wemushandisi. Muedzo uyu waisanganisira mafaera makumi matanhatu nematanhatu muPDF, DOC, DOCX, EXE, XLS, XLSX, CAB, RTF mafomati. Mhedzisiro yekuedza yakaratidza kuti SandBlast Agent yakakwanisa kuvhara mafaira ane 66 ane utsinye kubva pa 64. Mafaira ane utachiona akabviswa mushure mekudhawunirodha, kana kubviswa kwezvinhu zvakashata achishandisa Threat Extraction uye akagamuchirwa nemushandisi.
Zvinokurudzirwa zvekuvandudza mutemo weThreat Prevention
1. URL Sefa
Chinhu chekutanga chinoda kugadziriswa mumutemo wakajairwa kuti uwedzere mwero wekuchengetedza wemuchina wevatengi kushandura iyo URL Sefa blade kuti Dzivirire uye tsanangura iwo akakodzera mapoka ekuvharira. Kwatiri, mapoka ese akasarudzwa kunze kweKushandiswa Kwese, sezvo achisanganisira zvakawanda zvezviwanikwa izvo zvinodikanwa kurambidza kuwanikwa kwevashandisi munzvimbo yebasa. Zvakare, kumasaiti akadai, zvinokurudzirwa kubvisa kugona kwevashandisi kusvetuka hwindo renyevero nekusatarisisa iyo "Bvumira mushandisi kudzinga iyo URL yekusefa yambiro uye kuwana iyo webhusaiti" parameter.
2.Download Dziviriro
Yechipiri sarudzo yakakosha kutarisisa iko kugona kwevashandisi kurodha mafaera asina kutsigirwa neCheck Point emulation. Sezvo muchikamu chino tiri kutarisa kuvandudzwa kune yakajairwa Threat Prevention policy kubva pakuchengetedza, sarudzo yakanakisa ingave yekuvharisa kurodha kwemafaira asina kutsigirwa.
3. Files Protection
Iwe zvakare unofanirwa kutarisisa kune marongero ekudzivirira mafaera - kunyanya, marongero enguva nenguva yekutarisisa uye kugona kwemushandisi kumisa kumanikidzira kuongorora. Muchiitiko ichi, nguva yemushandisi inofanirwa kuverengerwa, uye sarudzo yakanaka kubva pachengetedzo nekuita kwekutarisa ndeyekugadzirisa yekumanikidza scan kuti iite zuva rega rega, nenguva yakasarudzwa zvisina tsarukano (kubva 00:00 kusvika 8:00) XNUMX), uye mushandisi anogona kunonoka scan kweinodarika vhiki imwe.
4. Anti-Kushandisa
Chinhu chakakosha dhizaini cheyakajairwa Threat Prevention policy ndechekuti Anti-Exploit blade yakaremara. Zvinokurudzirwa kugonesa blade iyi neiyo Dziviriro chiito chekuchengetedza nzvimbo yekushandira kubva pakurwiswa uchishandisa maexploits. Nekugadzirisa uku, iyo CheckMe retest inopedza zvakabudirira pasina kuona kusagadzikana pamushini wekugadzira wemushandisi.
mhedziso
Ngatipei muchidimbu: muchinyorwa ichi takazivana nezvikamu zveyakajairwa Threat Prevention policy, takaedza mutemo uyu tichishandisa nzira dzakasiyana siyana uye maturusi, uye zvakare takatsanangura kurudziro yekuvandudza marongero eiyo yakajairwa mutemo wekuwedzera mwero wechengetedzo yemuchina wemushandisi. . Muchinyorwa chinotevera munhevedzano, isu tichaenderera mberi nekudzidza iyo Data Dziviriro mutemo uye titarise iyo Global Policy Settings.
. Kuti urege kupotsa zvinyorwa zvinotevera pamusoro weSandBlast Agent Management Platform, tevera zvigadziriso pasocial network (, , , , ).
Source: www.habr.com