Siyakwamukela ku-athikili yesithathu ochungechungeni olumayelana nekhonsoli yokuphatha ukuvikela komuntu siqu okusekelwe efini - Hlola I-Point Point SandBlast Agent Management Platform. Ake ngikukhumbuze ukuthi ku sajwayelana ne-Infinity Portal futhi sakha isevisi yokuphatha i-ejenti esekelwe efwini, Isevisi Yokuphathwa Kwephoyinti Lokugcina. Ku Sifunde isixhumi esibonakalayo sekhonsoli yokuphathwa kwewebhu futhi safaka i-ejenti enenqubomgomo evamile emshinini womsebenzisi. Namuhla sizobheka okuqukethwe kwenqubomgomo yezokuphepha evamile Yokuvimbela Usongo futhi sihlole ukusebenza kwayo ekulweni nokuhlasela okudumile.
Inqubomgomo Ejwayelekile Yokuvimbela Usongo: Incazelo
Isibalo esingenhla sibonisa isimiso senqubomgomo Yokuvimbela Usongo, esisebenza ngokuzenzakalelayo kuyo yonke inhlangano (bonke abasebenzeli abafakiwe) futhi sihlanganisa amaqembu amathathu anengqondo ezingxenye zokuvikela: Ukuvikelwa Kwewebhu Namafayela, Ukuvikelwa Kokuziphatha kanye Ukuhlaziya & Ukulungisa. Ake sibhekisise iqembu ngalinye.
Ukuvikelwa Kwewebhu Namafayela
Ukuhlunga kwe-URL
Ukuhlunga kwe-URL kukuvumela ukuthi ulawule ukufinyelela komsebenzisi kuzinsiza zewebhu, usebenzisa izigaba ezichazwe ngaphambilini ezi-5 zamasayithi. Isigaba ngasinye kwezingu-5 siqukethe izigaba ezithize ezimbalwa, ezikuvumela ukuthi ulungiselele, isibonelo, ukuvimba ukufinyelela esigabeni esingaphansi seMidlalo nokuvumela ukufinyelela kusigaba esingaphansi se-Instant Messaging, esifakwe esigabeni esifanayo Sokulahlekelwa Komkhiqizo. Ama-URL ahlotshaniswa nezigatshana ezithile anqunywa Iphuzu Lokuhlola. Ungahlola isigaba i-URL ethile eyingxenye yaso noma ucele ukuthi isigaba sibhalwe phezu kwensiza ekhethekile .
Isenzo singasethwa kokuthi Vimbela, Thola noma Vala. Futhi, lapho ukhetha isenzo Sokuthola, isilungiselelo sengezwa ngokuzenzakalelayo esivumela abasebenzisi ukuthi beqe isexwayiso Sokuhlunga i-URL futhi baye kusisetshenziswa sentshisakalo. Uma ukuvimbela kusetshenziswa, lesi silungiselelo singasuswa futhi umsebenzisi ngeke akwazi ukufinyelela isayithi elinqatshelwe. Enye indlela elula yokulawula izinsiza ezingavunyelwe iwukumisa Uhlu Lokuvimba, lapho ungacacisa khona izizinda, amakheli e-IP, noma ulayishe ifayela le-.csv elinohlu lwezizinda ozovinjwa.
Kunqubomgomo evamile Yokuhlunga kwe-URL, isenzo sisethwa kokuthi Thola futhi isigaba esisodwa siyakhethwa - Ukuphepha, okuzotholwa khona imicimbi. Lesi sigaba sihlanganisa abantu abahlukahlukene abangazisebenzisi, amasayithi anezinga lengozi Ebucayi/Ephezulu/Emaphakathi, amasayithi obugebengu bokweba imininingwane ebucayi, ugaxekile nokunye okuningi. Nokho, abasebenzisi basazokwazi ukufinyelela isisetshenziswa ngenxa yokuthi "Vumela umsebenzisi ukuthi acashise isexwayiso Sokuhlunga i-URL futhi afinyelele kuwebhusayithi".
Landa (iwebhu) Ukuvikelwa
Ukulingisa & Ukukhipha kukuvumela ukuthi ulingise amafayela alandiwe ku-sandbox yefu le-Check Point futhi uhlanze amadokhumenti ngokushesha, ukhiphe okuqukethwe okunonya, noma uguqule idokhumenti ku-PDF. Kunezindlela ezintathu zokusebenza:
- Vimbela - ikuvumela ukuthi uthole ikhophi yedokhumenti ehlanziwe ngaphambi kwesinqumo sokugcina sokulingisa, noma ulinde ukulingisa kuqedele futhi ulande ifayela lokuqala ngokushesha;
- Thola - yenza ukulingisa ngemuva, ngaphandle kokuvimbela umsebenzisi ukuthi athole ifayela lokuqala, kungakhathaliseki ukuthi yisiphi isinqumo;
- Off - noma yimaphi amafayela avunyelwe ukudawuniloda ngaphandle kokulingisa kanye nokuhlanzwa kwezingxenye ezingaba yingozi.
Kungenzeka futhi ukukhetha isenzo samafayela angasekelwe ukulingiswa Kwephoyinti Lokuhlola namathuluzi okuhlanza - ungavumela noma unqabele ukulandwa kwawo wonke amafayela angasekelwe.
Inqubomgomo evamile Yokuvikela Ukulanda isethwe kokuthi Vimbela, okukuvumela ukuthi uthole ikhophi yedokhumenti yokuqala esuliwe kokuqukethwe okungenzeka kube yingozi, kanye nokuvumela ukulandwa kwamafayela angasekelwe ukulingisa namathuluzi okuhlanza.
Ukuvikela Ukuqinisekisa
Ingxenye Yokuvikela Ukuqinisekisa ivikela imininingwane yomsebenzisi futhi ihlanganisa izingxenye ezi-2: Ubugebengu Bokweba imininingwane ebucayi kanye Nokuvikelwa Kwephasiwedi. Zero Phishing ivikela abasebenzisi ekufinyeleleni izinsiza zobugebengu bokweba imininingwane ebucayi, futhi Ukuvikelwa kwephasiwedi yazisa umsebenzisi mayelana nokungavunyelwa kokusebenzisa izifakazelo zebhizinisi ngaphandle kwesizinda esivikelwe. I-Zero Phishing ingasethwa kokuthi Vimbela, Thola noma Vala. Uma isenzo sokuvimbela sisethiwe, kuyenzeka ukuvumela abasebenzisi ukuthi bashaye indiva isixwayiso mayelana nensiza enamandla yobugebengu bokweba imininingwane ebucayi futhi bathole ukufinyelela kusisetshenziswa, noma ukukhubaza le nketho futhi bavimbe ukufinyelela unomphela. Ngesenzo Sokuthola, abasebenzisi bahlala benenketho yokungaziba isixwayiso futhi bafinyelele insiza. Ukuvikelwa kwephasiwedi kukuvumela ukuthi ukhethe izizinda ezivikelwe lapho amagama ayimfihlo azohlolelwa ukuthi ayayithobela yini, kanye nesenzo esisodwa kwezintathu: Thola & Uxwayise (ukwazisa umsebenzisi), Thola noma Vala.
Umgomo ojwayelekile Wokuvikela Ukuqinisekisa ukuvikela noma yiziphi izinsiza zobugebengu bokweba imininingwane ebucayi ekuvimbeleni abasebenzisi ukuthi bafinyelele isayithi okungenzeka libe nobungozi. Ukuvikela ekusetshenzisweni kwamaphasiwedi ezinkampani nakho kunikwe amandla, kodwa ngaphandle kwezizinda ezishiwo lesi sici ngeke sisebenze.
Ukuvikelwa Kwamafayela
Ukuvikelwa Kwamafayela kunesibopho sokuvikela amafayela agcinwe emshinini womsebenzisi futhi kuhlanganisa izingxenye ezimbili: I-Anti-Malware kanye Nokulingiswa Kosongo Lwamafayela. I-anti-Malware iyithuluzi elivame ukuskena wonke amafayela abasebenzisi kanye nesistimu lisebenzisa ukuhlaziywa kwesiginesha. Kuzilungiselelo zale ngxenye, ungamisa izilungiselelo zokuskena okuvamile noma izikhathi zokuskena okungahleliwe, isikhathi sokubuyekeza isiginesha, kanye nekhono labasebenzisi lokukhansela ukuskena okuhleliwe. Amafayela Asongela Ukulingisa ikuvumela ukuthi ulingise amafayela agcinwe emshinini womsebenzisi kubhokisi lesanti lefu le-Check Point, nokho, lesi sici sokuvikela sisebenza kuphela kumodi ye-Detect.
Inqubomgomo evamile Yokuvikela Amafayela ihlanganisa ukuvikeleka Nge-Anti-Malware kanye nokutholwa kwamafayela anonya Nge-Files Threat Emulation. Ukuskena okuvamile kwenziwa njalo ngenyanga, futhi amasiginesha emshinini womsebenzisi abuyekezwa njalo emahoreni ama-4. Ngesikhathi esifanayo, abasebenzisi bayalungiselelwa ukuthi bakwazi ukukhansela ukuskena okuhleliwe, kodwa kungakapheli izinsuku ezingama-30 kusukela ngedethi yokuskena okuyimpumelelo kokugcina.
Ukuvikelwa kokuziphatha
I-Anti-Bot, I-Behavioral Guard & Anti-Ransomware, Anti-Exploit
Iqembu Lokuvikelwa Kokuziphatha lezingxenye zokuvikela lihlanganisa izingxenye ezintathu: I-Anti-Bot, I-Behavioral Guard & Anti-Ransomware kanye ne-Anti-Exploit. I-Anti-Bot ikuvumela ukuthi uqaphe futhi uvimbele ukuxhumana kwe-C&C usebenzisa isizindalwazi esibuyekezwa njalo se-Check Point ThreatCloud. I-Behavioral Guard & Anti-Ransomware ihlale iqapha umsebenzi (amafayela, izinqubo, ukusebenzisana kwenethiwekhi) emshinini womsebenzisi futhi ikuvumela ukuthi uvimbele ukuhlaselwa kwe-ransomware ezigabeni zokuqala. Ngaphezu kwalokho, lesi sici sokuvikela sikuvumela ukuthi ubuyisele amafayela asevele abethelwe uhlelo olungayilungele ikhompuyutha. Amafayela abuyiselwa kunkomba yawo yoqobo, noma ungacacisa indlela ethile lapho wonke amafayela atholiwe azogcinwa khona. I-Anti-Exploit ikuvumela ukuthi uthole ukuhlaselwa kwezinsuku eziyiziro. Zonke izingxenye Zokuvikela Ukuziphatha zisekela izindlela ezintathu zokusebenza: Vimbela, Thola futhi Vala.
Inqubomgomo evamile Yokuvikela Ukuziphatha inikeza i-Prevent ye-Anti-Bot ne-Behavioral Guard kanye nezingxenye ze-Anti-Ransomware, ngokubuyiselwa kwamafayela abethelwe ohlwini lwawo lwangempela. Ingxenye ye-Anti-Exploit ivaliwe futhi ayisetshenziswa.
Ukuhlaziya nokulungisa
Ukuhlaziywa Kokuhlasela Okuzenzakalelayo (I-Forensics), Ukulungiswa Nokuphendula
Izingxenye ezimbili zokuphepha ziyatholakala ukuze zihlaziywe futhi ziphenywe izehlakalo zokuphepha: Ukuhlaziywa Kokuhlasela Okuzenzakalelayo (I-Forensics) kanye Nokulungisa Nokuphendula. Ukuhlaziya Ukuhlasela Okuzenzakalelayo (Forensics) ikuvumela ukuthi ukhiqize imibiko ngemiphumela yokuxosha ukuhlasela ngencazelo enemininingwane - kuze kufike ekuhlaziyeni inqubo yokusebenzisa uhlelo olungayilungele ikhompuyutha emshinini womsebenzisi. Kungenzeka futhi ukusebenzisa isici Sokuzingela Okusongelayo, esenza kube nokwenzeka ukusesha ngokuqhubekayo okudidayo kanye nokuziphatha okunonya kusetshenziswa izihlungi ezichazwe ngaphambilini noma ezidaliwe. Ukulungisa kanye Nempendulo ikuvumela ukuthi ulungiselele izilungiselelo zokuthola kabusha nokuhlukaniswa kwamafayela ngemva kokuhlaselwa: ukusebenzisana komsebenzisi namafayela okuvalelwa kulawulwa, futhi kungenzeka futhi ukugcina amafayela avalelwe ohlwini lwemibhalo olushiwo umlawuli.
Inqubomgomo evamile Yokuhlaziya Nokulungisa ihlanganisa ukuvikeleka, okuhlanganisa izenzo ezizenzakalelayo zokuthola kabusha (izinqubo zokuqeda, ukubuyisela amafayela, njll.), kanye nenketho yokuthumela amafayela ukuvalelwa iyasebenza, futhi abasebenzisi bangasusa amafayela kuphela ekuvaleni.
Inqubomgomo Ejwayelekile Yokuvimbela Usongo: Ukuhlola
Hlola Iphoyinti Lokugcina le-CheckMe
Indlela eshesha kakhulu nelula yokuhlola ukuvikeleka komshini womsebenzisi ngokumelene nezinhlobo ezidume kakhulu zokuhlasela ukwenza ukuhlola usebenzisa insiza. , elenza ukuhlaselwa okujwayelekile kwezigaba ezahlukahlukene futhi likuvumela ukuthi uthole umbiko ngemiphumela yokuhlolwa. Kulokhu, kusetshenziswe inketho yokuhlola i-Endpoint, lapho ifayela elisebenzisekayo lilandwa futhi liqaliswe kukhompuyutha, bese kuqala inqubo yokuqinisekisa.
Enqubweni yokubheka ukuphepha kwekhompuyutha esebenzayo, i-SandBlast Agent iphawula mayelana nokuhlaselwa okuhlonziwe nokubonisiwe kukhompuyutha yomsebenzisi, isibonelo: i-Anti-Bot blade ibika ukutholwa kokutheleleka, i-Anti-Malware blade ithole futhi yasusa ifayela eliyingozi CP_AM.exe, kanye ne-Threat Emulation blade ifake ukuthi ifayela le-CP_ZD.exe linonya.
Ngokusekelwe emiphumeleni yokuhlola kusetshenziswa i-CheckMe Endpoint, sinomphumela olandelayo: ezigabeni ezingu-6 zokuhlasela, inqubomgomo evamile Yokuvimbela Usongo yehlulekile ukubhekana nesigaba esisodwa kuphela - I-Browser Exploit. Lokhu kungenxa yokuthi inqubomgomo evamile Yokuvimbela Usongo ayifaki i-Anti-Exploit blade. Kuyaphawuleka ukuthi ngaphandle kwe-SandBlast Agent efakiwe, ikhompyutha yomsebenzisi idlulise ukuskena ngaphansi kwesigaba se-Ransomware.
I-KnowBe4 RanSim
Ukuze uhlole ukusebenza kwe-Anti-Ransomware blade, ungasebenzisa isisombululo samahhala , eqhuba uchungechunge lokuhlola emshinini womsebenzisi: 18 izimo zokutheleleka nge-ransomware kanye nesimo sokutheleleka kwe-cryptominer esingu-1. Kubalulekile ukuqaphela ukuthi ukuba khona kwama-blade amaningi kunqubomgomo evamile (Ukulingisa Usongo, I-Anti-Malware, Ukuqapha Ukuziphatha) ngesenzo Sokuvimbela akuvumeli lokhu kuhlolwa ukuthi kusebenze ngendlela efanele. Kodwa-ke, ngisho nezinga lokuvikeleka elincishisiwe (Ukulingisa Usongo kumodi Yokuvala), ukuhlolwa kwe-Anti-Ransomware blade kubonisa imiphumela ephezulu: ukuhlolwa okungu-18 kwezingu-19 kuphumelele ngempumelelo (oku-1 kuhlulekile ukuqalisa).
Amafayela namadokhumenti anonya
Kuyinkomba ukuhlola ukusebenza kwama-blade ahlukene wenqubomgomo evamile Yokuvimbela Usongo kusetshenziswa amafayela anonya amafomethi adumile alandwe emshinini womsebenzisi. Lokhu kuhlolwa kwakuhilela amafayela angama-66 kumafomethi e-PDF, DOC, DOCX, EXE, XLS, XLSX, CAB, RTF. Imiphumela yokuhlolwa ibonise ukuthi i-SandBlast Agent ikwazile ukuvimba amafayela anonya angu-64 kwangu-66. Amafayela anegciwane asusiwe ngemva kokulanda, noma asulwa okuqukethwe okunonya kusetshenziswa i-Threat Extraction futhi atholwa umsebenzisi.
Izincomo zokuthuthukisa inqubomgomo Yokuvimbela Usongo
1. Ukuhlunga kwe-URL
Into yokuqala edinga ukulungiswa kunqubomgomo evamile ukuze kukhuliswe izinga lokuphepha lomshini weklayenti ukushintsha i-URL yokuhlunga i-URL ukuze Uvimbele futhi ucacise izigaba ezifanele zokuvinjwa. Esimweni sethu, zonke izigaba zikhethiwe ngaphandle kokusetshenziswa Okujwayelekile, njengoba zifaka phakathi izinsiza eziningi okudingeka kuzo ukukhawulela ukufinyelela kubasebenzisi endaweni yokusebenza. Futhi, kumasayithi anjalo, kuyalulekwa ukuthi ususe ikhono labasebenzisi lokweqa iwindi lesixwayiso ngokususa ukumaka "Vumela umsebenzisi ukuthi acashise isexwayiso Sokuhlunga i-URL futhi afinyelele ipharamitha yewebhusayithi".
2.Download Ukuvikelwa
Inketho yesibili okufanele inakwe yikhono labasebenzisi lokulanda amafayela angasekelwe ukulingiswa kwe-Check Point. Njengoba kulesi sigaba sibheka ukuthuthukiswa kwenqubomgomo evamile Yokuvimbela Usongo ngokombono wokuphepha, inketho engcono kakhulu kungaba ukuvimba ukulandwa kwamafayela angasekelwe.
3. Ukuvikelwa Kwamafayela
Udinga futhi ukunaka izilungiselelo zokuvikela amafayela - ikakhulukazi, izilungiselelo zokuskena ngezikhathi ezithile kanye nekhono lomsebenzisi lokuhlehlisa ukuskena okuphoqelelwe. Kulokhu, uhlaka lwesikhathi lomsebenzisi kufanele lucatshangelwe, futhi inketho enhle evela endaweni yokubuka yezokuphepha nokusebenza ukuhlela ukuskena okuphoqelekile ukuthi kusebenze nsuku zonke, ngesikhathi esikhethwe ngokungahleliwe (kusuka ku-00:00 kuye ku-8: 00), futhi umsebenzisi angabambezela ukuskena isikhathi esingangesonto elilodwa.
4. Ukungaxhashazwa
Ukuhlehla okubalulekile kwenqubomgomo evamile Yokuvimbela Usongo ukuthi i-Anti-Exploit blade ivaliwe. Kunconywa ukunika amandla le blade ngesenzo Sokuvimbela ukuvikela indawo yokusebenza ekuhlaselweni kusetshenziswa ukuxhashazwa. Ngalokhu kulungiswa, ukuhlola kabusha kwe-CheckMe kuqeda ngempumelelo ngaphandle kokuthola ubungozi emshinini wokukhiqiza womsebenzisi.
isiphetho
Ake sifingqe: kulesi sihloko sijwayelane nezingxenye zenqubomgomo ejwayelekile Yokuvimbela Usongo, sahlola le nqubomgomo sisebenzisa izindlela namathuluzi ahlukahlukene, saphinde sachaza nezincomo zokuthuthukisa izilungiselelo zenqubomgomo ejwayelekile yokukhulisa izinga lokuphepha lomshini womsebenzisi. . Esihlokweni esilandelayo ochungechungeni, sizoqhubeka nokufunda inqubomgomo Yokuvikelwa Kwedatha futhi sibheke Izilungiselelo Zenqubomgomo Yomhlaba Wonke.
. Ukuze ungaphuthelwa ukushicilelwa okulandelayo esihlokweni se-SandBlast Agent Management Platform - landela izibuyekezo ezinkundleni zokuxhumana zethu (, , , , ).
Source: www.habr.com