I am convinced that the actual combat of XDR is the golden eyes, how can I make it?
Author:Yangcheng.com Time:2022.07.27
On the morning of June 13, 2022, he was convinced that the XDR security expert Xiao Li used the same alarm information of a large consumer electronics group user.
"Users are participating in actual combat offensive and defensive drills recently. Do not take it lightly." A alarm attracted his attention: a certain OA server (192.168.2.x) exists, illegally downloading the malicious behavior of the CS remote control Trojan.
The alarm sounds! It's time to show the real technology! By convinced that the IOA behavior detection engine of SaaS XDR and the visualization process chain interface of the alarm details, Xiao Li found that an OA server was implanted in the CS back door.
△ Confident in serving SaaS XDR visualization process chain interface display alarm details
If you were not convinced that SaaS XDR precisely discovered attacks, the Red Team would soon move through horizontally and win the target.
It should not be late. Xiao Li convened a team of security experts to link the in -depth research and judgment of the SIP of the Security Performance Management Platform.
Later, a certain OA original engineer confirmed that it was indeed a 0DAY vulnerability!
I was convinced that the service team immediately responded to the emergency response, completely cleared the server back door file, output traceability disposal report, and synchronized information to users in time.
At this point, a "offensive and defensive war" about 0Day came to an end, and was convinced that SaaS XDR had deep hidden skills and names.
A picture, simply restore this "offensive and defensive war"
1. How deep is the 0DAY vulnerability attack?
0Day vulnerabilities refer to high -risk vulnerabilities that have not been disclosed and have no patch. The attacker can easily obtain the server control with the 0day vulnerability.
At present, most traditional security equipment does not have protection for 0DAY vulnerabilities.
The current use of 0Day's attack trend is intensified, and the 0DAY vulnerabilities are used in large quantities during offensive and defensive drills. Among them, a large number of domestic software vulnerabilities that are not included in foreign vulnerabilities are not included.
According to the statistics of convictions of the service laboratory, in the first half of 2021, there were as many as 39 in the wild 0day, far exceeding the number of 2020/2019.
It should be pointed out that these 0Day that has been discovered is not all, and there are many 0day vulnerability attacks that have not been discovered or made public!
How deep is the 0day vulnerability attack?
If the vulnerability attack is compared with the thief theft, the safety equipment is likely to be a police officer. It is known that the vulnerability is equivalent to a criminal. The police have long been characterized by their appearance. Capture.
The 0DAY vulnerability is a top fugitive who has never been caught. The police lack a certain perception of their image. There is no way to distinguish it according to the characteristics of the basic appearance. judge.
So, do you convince Saas XDR how to capture the 0day vulnerability attack based on behavior testing?
2. Believe in serving SaaS XDR precision detection 0DAY attacks have a trick
Through the IOA behavior detection engine, I am convinced that SaaS XDR will transfer threat detection from static feature matching to attack behavior recognition, and can fundamentally cope with the constant updated attack methods.
The IOA behavior detection engine actively monitor the behavior of all outsiders after entering the terminal.
Combined with the XTH cloud expert identification, I am convinced that the SaaS XDR reduces misunderstanding. It can not only respond to conventional threats, but also identify and restore the 0day attack to ensure the accuracy of up to 99%.
How can the "fire eye" of the IOA behavior detection engine be made?
I am convinced that IOA behavior engines are based on advanced data weaving (Data Fabric) framework and multi -event complex associated rules matching algorithm. , Detailed and truly depict the attacker behavior, form a visual attack chain at the process level.
△ I believe that SaaS XDR restores the Trojan horse program call process chain
In addition to the 0DAY vulnerability, before that, I was convinced that XDR had helped the user find out a variety of advanced threats such as mining and Trojan remote control and frequently received recognition.
A picture, simply summarize this 0DAY vulnerability attack incident
Believe in the expansion detection response platform XDR
A SaaS -based security threat detection and event response platform, through the native traffic collection tools and endpoint collection tools, the key data aggregates, through the network -end aggregation analysis engine and context associated analysis, realize the depth traceability of the attack chain, combined with the hosting security testing With the response service MDR and release the energy of the personnel; at the same time, it has scalable interface openness, coordinated with Soar and other products, and has a simplification of complexity, bringing in -depth testing, accurate response, and continuous growth.
- END -
Strengthen geological services to ensure energy security -Three reports of the first exploration tea
Recently, the three reports of the Shandong Coal Field Geological Bureau First Exp...
my country will launch a new round of rural road construction and reconstruction
At the special press conference of the National Highway Network Plan held by the M...