클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC...
Transcript of 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC...
![Page 1: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/1.jpg)
![Page 3: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/3.jpg)
#CLOUDSEC
Agenda
1. Multi-vector Attack
2. Multi-vector Attack Response
3. Connected Threat Defense
4. Advanced Threat Appliance
5. Active Response against Multi-vector Attack
![Page 4: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/4.jpg)
#CLOUDSEC
Multi-vector Attack
“Attack vectors are or used to get into computer
systems, usually for nefarious purposes. They take advantage of known
weak spots to gain entry. Many attack vectors take advantage
of the human element in the system, because that’s often
the weakest link”
공격벡터(Attack Vector)
routes methods
![Page 5: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/5.jpg)
#CLOUDSEC
Multi-vector Attack
Targeted Malware Mobile App. Social networking
Invalid Policy
Botnet
Network threats
Unpatched S/W
Insider attack Organized cyber crime Hactivism
![Page 6: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/6.jpg)
#CLOUDSEC
Multi-vector Attack
Pyramid of Pain – David Bianco
Tactics, Techniques, and Procedures
![Page 7: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/7.jpg)
#CLOUDSEC
Multi-vector Attack Response
파일의뢰(패턴생성의뢰)
Sandboxing
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
Timeline
AV Vendors
패턴 업데이트검증/치료/격리??
위협정보관리??
위협차단/제거완료??
차단의뢰룰생성/룰적용
FW/ IPS
• 실시간위협대응??• 위협정보가시성확보??• 위협라이프사이클관리?
![Page 8: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/8.jpg)
#CLOUDSEC
Connected Threat Defense
Deep DiscoveryInspector
Deep Discovery Analyzer
Deep Discovery Email Inspector
TMES
SPS
OfficeScanDeep Security
・File・IP・URL
Suspicious Object(SO)
SO
SO
SO
SO
Sandbox 분석 요청 Control Manager(TMCM)
Sandbox 분석 요청
탐지/분석 관리 대응
![Page 9: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/9.jpg)
#CLOUDSEC
Connected Threat Defense
- DDI
Suspicious Object 리스트 및 TMCM 연결 설정
![Page 10: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/10.jpg)
#CLOUDSEC
Connected Threat Defense
- DDAN
Suspicious Object 리스트
![Page 11: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/11.jpg)
#CLOUDSEC
Connected Threat Defense
- DDEI
Suspicious Object 에 대한 설정 및 관리
![Page 12: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/12.jpg)
#CLOUDSEC
Connected Threat Defense
- DDEI
Suspicious Object 에 대한 리스트 관리
![Page 13: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/13.jpg)
#CLOUDSEC
Connected Threat Defense
– Deep Security
Suspicious Object 관리 및 DDAN 샌드박스 분석 요청
![Page 14: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/14.jpg)
#CLOUDSEC
Connected Threat Defense
- TMCM
Suspicious Object 확인 (IP/URL/Domain/File)
![Page 15: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/15.jpg)
#CLOUDSEC
Connected Threat Defense
- TMCM
Suspicious Object 에 대한 샌드박스 분석 결과 확인
![Page 16: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/16.jpg)
#CLOUDSEC
Advanced Threat Appliance
Management System Deep DiscoveryInspector / ATA
TippingPoint NGFW
TippingPoint IPS
DDI의위협정보연동을이용한실시간위협차단
Control Manager(TMCM)
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
![Page 17: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/17.jpg)
#CLOUDSEC
Advanced Threat Appliance
![Page 18: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/18.jpg)
#CLOUDSEC
Advanced Threat Appliance
![Page 19: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/19.jpg)
#CLOUDSEC
Active Response against
Multi-vector Attack
실시간 치료/삭제/격리
Detection/Analysis
• Suspicious files• Suspicious network behavior• Suspicious IP, URLs, Domains
실시간 룰생성/룰적용실시간 차단
FW/ IPS 실시간위협통합대응!!!위협정보에대한가시성확보!!!위협정보라이프사이클관리!!!
위협정보라이프사이클통합관리
Endpoints
![Page 20: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/20.jpg)
#CLOUDSEC
Active Response against
Multi-vector Attack
Total Visibility for Threat Life CycleTotal Visibility
![Page 21: 클라우드환경에서능동적다중벡터공격대응 - CLOUDSEC · 2018-03-19 · #CLOUDSEC Multi-vector Attack “Attack vectors are or used to get into computer systems, usually](https://reader030.fdocument.pub/reader030/viewer/2022040921/5e9903718496907a812cd5ba/html5/thumbnails/21.jpg)
Chris Jang
Trend Micro Korea