Wamkelekile kwinqaku lesithathu kuluhlu malunga nekhonsoli entsha yolawulo lokhuseleko lomntu olusekwe kwifu-Khangela i-Point Point SandBlast Agent Management Platform. Makhe ndikukhumbuze ukuba ngaphakathi siye saqhelana ne-Infinity Portal kwaye sakha inkonzo yokulawula i-agent esekelwe kwifu, i-Endpoint Management Service. Kwi Sifunde ujongano lwekhonsoli yolawulo lwewebhu kwaye safaka iarhente enomgaqo-nkqubo osemgangathweni kumatshini womsebenzisi. Namhlanje siza kujonga imixholo yomgaqo-nkqubo wokhuseleko woKhuseleko lweTreat Prevention kwaye sivavanye ukusebenza kwawo ekubaleni uhlaselo oludumileyo.
UMgaqo-nkqubo oMgangatho woThintelo lweNgozi: Ingcaciso
Umzobo ongentla ubonisa umgaqo womgaqo-nkqubo wokuThintela iTreat, osebenza ngokungagqibekanga kuwo wonke umbutho (zonke ii-agents ezifakiweyo) kwaye zibandakanya amaqela amathathu anengqiqo yamacandelo okukhusela: i-Web & Files Protection, ukuKhuselwa kokuziphatha kunye nokuHlalutya kunye nokuLungisa. Makhe sijonge ngakumbi kwiqela ngalinye.
IWebhu kunye noKhuseleko lweeFayile
Uhluzo lwe-URL
Uhluzo lwe-URL lukuvumela ukuba ulawule ukufikelela komsebenzisi kwimithombo yewebhu, usebenzisa iindidi ezi-5 ezichazwe kwangaphambili zeesayithi. Nganye kwiindidi ezi-5 ziqulathe amacandelwana athile athile, akuvumela ukuba uqwalasele, umzekelo, ukuvala ufikelelo kuluhlu olungaphantsi lweMidlalo kunye nokuvumela ukufikelela kwiCandelwana yoMyalezo okhawulezileyo, ezibandakanywe kudidi olufanayo lweLahleko yeMveliso. Ii-URL ezinxulumene namacandelwana athile agqitywe yi-Check Point. Ungajonga udidi apho i-URL ethile ingowalo okanye ucele ukugqithiselwa kodidi kwisixhobo esikhethekileyo .
Isenzo sinokusetwa kuThintelo, Fumana okanye Valiwe. Kwakhona, xa ukhetha isenzo se-Fumana, useto luyongezwa ngokuzenzekelayo oluvumela abasebenzisi ukuba batsibe isilumkiso se-URL yoHluzo kwaye baye kumthombo womdla. Ukuba uThintelo lusetyenziswa, olu seto lunokususwa kwaye umsebenzisi akazukwazi ukufikelela kwisiza esithintelweyo. Enye indlela efanelekileyo yokulawula izibonelelo ezithintelweyo kukuseta uLuhlu lweBlock, apho unokuchaza imimandla, iidilesi ze-IP, okanye ulayishe ifayile ye-csv enoluhlu lwemimandla ongayivalela.
Kumgaqo-nkqubo osemgangathweni woHlulo lwe-URL, isenzo simiselwe ukuKhangela kwaye udidi olulodwa lukhethiwe - Ukhuseleko, apho iziganeko ziya kufunyanwa. Olu luhlu lubandakanya abantu abangaziwayo abahlukeneyo, iisayithi ezinomngcipheko obalulekileyo / oPhakamileyo / oPhakathi, iisayithi zokukhohlisa, ugaxekile kunye nokunye okuninzi. Nangona kunjalo, abasebenzisi baya kuba nakho ukufikelela kumbulelo wesixhobo kwi-"Vumela umsebenzisi ukuba agxothe isilumkiso soHluzo lwe-URL kwaye afikelele kwiwebhusayithi".
Khuphela (iwebhu) uKhuselo
Ukulinganisa kunye nokutsalwa kukuvumela ukuba ulinganise iifayile ezikhutshelweyo kwibhokisi yesanti yelifu ye-Check Point kwaye ucoce amaxwebhu kubhabho, ususa umxholo onokuba nobubi, okanye uguqule uxwebhu lube yiPDF. Kukho iindlela ezintathu zokusebenza:
- Thintela - ikuvumela ukuba ufumane ikopi yoxwebhu olucociweyo ngaphambi kwesigwebo sokugqibela sokulinganisa, okanye ulinde ukulinganisa ukugqiba nokukhuphela ifayile yokuqala ngokukhawuleza;
- Khangela - uqhuba ukulinganisa ngasemva, ngaphandle kokuthintela umsebenzisi ukuba afumane ifayile yokuqala, kungakhathaliseki ukuba isigwebo;
- Kucimo β Naziphi na iifayile zivumelekile ukuba zikhutshelwe ngaphandle kokulinganisa kunye nokucocwa izinto ezinokuthi zibe nenkohlakalo.
Kwakhona kunokwenzeka ukuba ukhethe isenzo kwiifayile ezingaxhaswanga yi-Check Point emulation kunye nezixhobo zokucoca - unokuvumela okanye ukukhanyela ukukhutshelwa kwazo zonke iifayile ezingaxhaswanga.
Umgaqo-nkqubo osemgangathweni woKhuseleko lokuKhuphela usetelwe ukuThintela, okuvumela ukuba ufumane ikopi yoxwebhu lokuqala oluye lwacinywa kumxholo onokuthi unobungozi, kunye nokuvumela ukukhutshelwa kweefayile ezingaxhaswanga kukuxelisa kunye nezixhobo zokucoca.
Ukhuseleko lweNqinisekiso
Icandelo loKhuseleko lweNgcaciso likhusela iziqinisekiso zomsebenzisi kwaye libandakanya amacandelo e-2: I-Zero Phishing kunye nokuKhuselwa kwephasiwedi. Zero Phishing ikhusela abasebenzisi ekufikeleleni kwimithombo yobuqili, kunye Protection password ikwazisa umsebenzisi malunga nokungavumelekanga ukusebenzisa iziqinisekiso zenkampani ngaphandle kwendawo ekhuselweyo. Izero Phishing inokusetwa kuThintelo, ukubona okanye Cima. Xa isenzo soThintelo sisetiwe, kunokwenzeka ukuvumela abasebenzisi ukuba bangasihoyi isilumkiso malunga nesixhobo esinokubakho sephishing kwaye bafumane ukufikelela kwisixhobo, okanye ukukhubaza olu khetho kwaye bavale ukufikelela ngonaphakade. Ngesenzo sokuKhangela, abasebenzisi bahlala benenketho yokungasihoyi isilumkiso kunye nokufikelela kwisixhobo. Ukhuseleko Lwegama Lokugqithisa likuvumela ukuba ukhethe iindawo ezikhuselweyo apho amagama ayimfihlo aya kukhangelwa ukuthotyelwa, kunye nenye yezenzo ezintathu: Khangela & Isilumkiso (ukwazisa umsebenzisi), Khangela okanye Valiwe.
Umgaqo-nkqubo osemgangathweni woKhuseleko loBugcisa kukunqanda naziphi na izixhobo zokurhwaphiliza ekuthinteleni abasebenzisi ekufikeleleni kwisiza esinokuba nobubi. Ukukhuselwa ngokuchasene nokusetyenziswa kwamagama ayimfihlo oshishino nako kwenziwe, kodwa ngaphandle kwemimandla echaziweyo eli nqaku aliyi kusebenza.
Ukhuseleko lweeFayile
UKhuseleko lweeFayile lunoxanduva lokukhusela iifayile ezigcinwe kumatshini womsebenzisi kwaye zibandakanya amacandelo amabini: I-Anti-Malware kunye neeFayile Zoyikiso lokuLingisa. Anti-Malware sisixhobo esihlala sihlola zonke iifayile zomsebenzisi kunye nenkqubo ngokusebenzisa uhlalutyo lwesiginitsha. Kuseto lweli candelo, unokuqwalasela useto lokuskena rhoqo okanye amaxesha okuskena ngokungakhethiyo, ixesha lohlaziyo lomsayino, kunye nokukwazi kubasebenzisi ukurhoxisa ukuskena okucwangcisiweyo. Iifayile Zoyikiso Ukulinganisa ikuvumela ukuba ulinganise iifayile ezigcinwe kumatshini womsebenzisi kwibhokisi yesanti ye-Check Point yelifu, nangona kunjalo, olu phawu lokhuseleko lusebenza kuphela kwimowudi yokuKhangela.
Umgaqo-nkqubo osemgangathweni woKhuseleko lweeFayile ubandakanya ukukhuselwa nge-Anti-Malware kunye nokufunyanwa kweefayile ezinobungozi kunye neeFayile ezisongelayo. Ukuskena rhoqo kwenziwa inyanga nenyanga, kwaye iisignesha kumatshini womsebenzisi zihlaziywa rhoqo kwiiyure ze-4. Kwangaxeshanye, abasebenzisi baqwalaselwe ukuba bakwazi ukurhoxisa iskena esicwangcisiweyo, kodwa kungadlulanga iintsuku ezingama-30 ukususela kumhla wokuskena okuyimpumelelo kokugqibela.
Ukhuseleko lokuziphatha
I-Anti-Bot, iGada lokuziphatha kunye ne-Anti-Ransomware, i-Anti-Exploit
Iqela loKhuseleko lokuziphatha lamacandelo okukhusela lubandakanya amacandelo amathathu: i-Anti-Bot, i-Behavioral Guard & Anti-Ransomware kunye ne-Anti-Exploit. I-Anti-Bot ikuvumela ukuba ubeke iliso kwaye uthintele unxibelelwano lweC&C usebenzisa isiseko sedatha ehlaziyiweyo yeCheck Point ThreatCloud. Umlindi wokuziphatha kunye ne-Anti-Ransomware ibeka iliso rhoqo umsebenzi (iifayile, iinkqubo, ukusebenzisana kwenethiwekhi) kumatshini womsebenzisi kwaye ikuvumela ukuba uthintele ukuhlaselwa kwe-ransomware kumanqanaba okuqala. Ukongeza, le nto yokukhusela ikuvumela ukuba ubuyisele iifayile esele zifihliwe yi-malware. Iifayile zibuyiselwa kubalawuli bazo bokuqala, okanye ungakhankanya indlela ethile apho zonke iifayile ezifunyenweyo ziya kugcinwa khona. Anti-Exploit ikuvumela ukuba ubone uhlaselo lweentsuku zero. Onke amacandelo oKhuseleko lokuziphatha axhasa iindlela ezintathu zokusebenza: Ukunqanda, ukuKhangela kunye nokuVala.
Umgaqo-nkqubo osemgangathweni woKhuseleko lokuziphatha ubonelela ngoThintelo lwe-Anti-Bot kunye ne-Behavioral Guard & Anti-Ransomware components, kunye nokubuyiselwa kweefayile ezifihliweyo kwiindlela zabo zokuqala. I-Anti-Exploit icandelo livaliwe kwaye alisetyenziswa.
Uhlalutyo kunye noLungiso
Uhlahlelo oluSebenzayo lokuHlasela (i-Forensics), ukulungiswa kunye nokuPhendula
Amacandelo amabini okhuseleko ayafumaneka ukuhlalutya kunye nophando lweziganeko zokhuseleko: Uhlalutyo oluzenzekelayo lokuhlaselwa (i-Forensics) kunye noLungiso kunye nokuPhendula. Uhlahlelo oluzenzekeleyo loHlaselo (Forensics) ikuvumela ukuba uvelise iingxelo kwiziphumo zokugxotha ukuhlaselwa ngenkcazo ecacileyo - ukuya ezantsi ukuhlalutya inkqubo yokusetyenziswa kwe-malware kumatshini womsebenzisi. Kuyenzeka kwakhona ukusebenzisa iNgcingo yokuZingela into, eyenza kube lula ukukhangela izinto ezingaqhelekanga kunye nokuziphatha okunobubi usebenzisa izihluzi ezichazwe kwangaphambili okanye ezenziweyo. Ulungiso kunye neMpendulo ikuvumela ukuba uqwalasele izicwangciso zokubuyisela kunye nokuvalelwa kweefayile emva kohlaselo: unxibelelwano lomsebenzisi kunye neefayile zokuvalelwa zilawulwa, kwaye kuyenzeka ukugcina iifayile ezivalelweyo kulawulo oluchazwe ngumlawuli.
Umgaqo-nkqubo wokuHlalutya kunye noLungiso oluqhelekileyo lubandakanya ukukhuselwa, okubandakanya izenzo ezizenzekelayo zokubuyisela (iinkqubo zokuphelisa, ukubuyisela iifayile, njl.), kunye nenketho yokuthumela iifayile kwi-quarantine iyasebenza, kwaye abasebenzisi banokususa kuphela iifayile kwi-quarantine.
UMgaqo-nkqubo oMgangatho woThintelo lweNgozi: Uvavanyo
Khangela iNdawo yokuHlola i-Endpoint
Eyona ndlela ikhawulezayo nelula yokujonga ukhuseleko lomatshini womsebenzisi ngokuchasene nezona ntlobo zidumileyo zohlaselo kukuqhuba uvavanyo usebenzisa uvimba. , eyenza uhlaselo oluqhelekileyo lweendidi ezahlukeneyo kwaye ikuvumela ukuba ufumane ingxelo kwiziphumo zovavanyo. Kule meko, ukhetho lokuvavanya i-Endpoint lusetyenzisiwe, apho ifayile ephunyezwayo ikhutshelwa kwaye iqaliswe kwikhompyutheni, emva koko inkqubo yokuqinisekisa iqala.
Kwinkqubo yokujonga ukhuseleko lwekhompyuter esebenzayo, i-SandBlast Agent inika imiqondiso malunga nokuchongwa kunye nohlaselo olubonakalisiweyo kwikhompyuter yomsebenzisi, umzekelo: iAnti-Bot blade ixela ukufunyaniswa kosulelo, i-Anti-Malware blade ichongiwe kwaye yacima. ifayile enobungozi CP_AM.exe, kunye ne-Treat Emulation blade ifake ukuba ifayile ye-CP_ZD.exe inobungozi.
Ngokusekelwe kwiziphumo zovavanyo kusetyenziswa i-CheckMe Endpoint, sinesiphumo esilandelayo: kwiindidi ezi-6 zohlaselo, umgaqo-nkqubo osemgangathweni woThintelo lweTreat awuphumelelanga ukujongana nodidi olunye kuphela - I-Browser Exploit. Oku kungenxa yokuba umgaqo-nkqubo osemgangathweni woThintelo lweTreatment awubandakanyi i-Anti-Exploit blade. Kuyafaneleka ukuba uqaphele ukuba ngaphandle kwe-SandBlast Agent efakwe, ikhompyutha yomsebenzisi idlulise ukuskena kuphela phantsi kwecandelo le-Ransomware.
KnowBe4 RanSim
Ukuvavanya ukusebenza kwe-Anti-Ransomware blade, ungasebenzisa isisombululo samahhala , eqhuba uluhlu lweemvavanyo kumatshini womsebenzisi: iimeko ze-18 zosulelo lwe-ransomware kunye ne-1 ye-cryptominer yosulelo lwe-cryptominer. Kuyafaneleka ukuba uqaphele ukuba ubukho bama-blades amaninzi kumgaqo-nkqubo osemgangathweni (i-Threat Emulation, i-Anti-Malware, i-Behavioral Guard) kunye nesenzo soThintelo asivumeli ukuba olu vavanyo luqhube ngokuchanekileyo. Nangona kunjalo, nangona inqanaba lokhuseleko elincitshisiweyo (i-Threat Emulation kwi-Off mode), uvavanyo lwe-Anti-Ransomware blade lubonisa iziphumo eziphezulu: i-18 kwiimvavanyo ze-19 ziphumelele ngempumelelo (i-1 ayiphumelelanga ukuqala).
Iifayile ezinobungozi kunye namaxwebhu
Kubonisa ukujonga ukusebenza kwee-blades ezahlukeneyo zomgaqo-nkqubo woThintelo loMsongelo osemgangathweni usebenzisa iifayile ezinobungozi zeefomati ezithandwayo ezikhutshelwe kumatshini womsebenzisi. Olu vavanyo lubandakanya iifayile ze-66 kwi-PDF, i-DOC, i-DOCX, i-EXE, i-XLS, i-XLSX, i-CAB, iifomathi ze-RTF. Iziphumo zovavanyo zibonise ukuba i-SandBlast Agent yakwazi ukuvimba iifayile ezinobungozi ze-64 ngaphandle kwe-66. Iifayile ezichaphazelekayo zicinywe emva kokukhuphela, okanye zicinywe umxholo onobungozi usebenzisa i-Threat Extraction kwaye ifunyenwe ngumsebenzisi.
Iingcebiso zokuphucula umgaqo-nkqubo woThintelo lweTreat
1. Uhluzo lwe-URL
Into yokuqala efuna ukulungiswa kumgaqo-nkqubo osemgangathweni wokunyusa umgangatho wokhuseleko lomatshini womthengi kukutshintsha i-URL yokucoca i-blade ukuze uthintele kwaye ucacise iindidi ezifanelekileyo zokuthintela. Kwimeko yethu, zonke iindidi zikhethiwe ngaphandle kokusetyenziswa Jikelele, kuba zibandakanya uninzi lwezixhobo eziyimfuneko ukukhawulela ukufikelela kubasebenzisi kwindawo yokusebenza. Kwakhona, kwiindawo ezinjalo, kuyacetyiswa ukususa amandla kubasebenzisi ukuba batsibe iwindow yesilumkiso ngokungajongi "Vumela umsebenzisi ukuba agxothe isilumkiso soHluzo lwe-URL kunye nokufikelela kwiwebhusayithi" ipharamitha.
2.Khuphela uKhuseleko
Ikhetho lesibini elifanele ukunikela ingqalelo kukukwazi kwabasebenzisi ukukhuphela iifayile ezingaxhaswanga yi-Check Point emulation. Ekubeni kweli candelo sijonge ukuphuculwa komgaqo-nkqubo woThintelo lweTreatment olusemgangathweni ukusuka kumbono wokhuseleko, eyona ndlela ingcono iya kuba kukuvala ukukhuphela iifayile ezingaxhaswanga.
3. Ukhuseleko lweeFayile
Kwakhona kufuneka ubeke ingqalelo kwiisetingi zokukhusela iifayile - ngokukodwa, izicwangciso zokuskena ngamaxesha athile kunye nokukwazi komsebenzisi ukuhlehlisa ukuskena okunyanzeliswayo. Kule meko, ixesha lomsebenzisi kufuneka lithathelwe ingqalelo, kwaye ukhetho olufanelekileyo oluvela kwindawo yokhuseleko kunye neyokusebenza kukuqwalasela ukuskena okunyanzelekileyo ukuba kuqhutywe yonke imihla, kunye nexesha elikhethiweyo ngokungaqhelekanga (ukusuka kwi-00: 00 ukuya kwi-8: 00), kwaye umsebenzisi unokulibazisa iskeni kangangeveki enye.
4. Anti-Exploit
I-drawback ephawulekayo yomgaqo-nkqubo woThintelo loMsongelo kukuba i-Anti-Exploit blade ivaliwe. Kunconywa ukwenza le blade kunye nesenzo soThintelo lokukhusela indawo yokusebenzela ekuhlaselweni kusetyenziswa ukuxhaphaza. Ngolu lungiso, uvavanyo ngokutsha lwe-CheckMe lugqibezela ngempumelelo ngaphandle kokubona ubuthathaka kumatshini wokuvelisa wabasebenzisi.
isiphelo
Makhe sishwankathele: kweli nqaku siye saqhelana namacandelo omgaqo-nkqubo woThintelo lweTreat, wavavanya lo mgaqo-nkqubo usebenzisa iindlela ezahlukeneyo kunye nezixhobo, kwaye wachaza iingcebiso zokuphucula useto lomgaqo-nkqubo osemgangathweni wokunyusa umgangatho wokhuseleko lomatshini womsebenzisi. . Kwinqaku elilandelayo kuluhlu, siya kuqhubela phambili ekufundeni umgaqo-nkqubo woKhuseleko lweNkcukacha kwaye sijonge iiSetingi zoMgaqo-nkqubo weHlabathi.
. Ukuze ungaphoswa ziimpapasho ezilandelayo kwisihloko se-SandBlast Agent Management Platform, landela uhlaziyo kwiinethiwekhi zethu zentlalo (, , , , ).
umthombo: www.habr.com