当前位置:首页 > 报告详情

科里·米查尔与布兰登·莱文与本·普鲁斯_现代杀链现实世界SaaS攻击与缓解策略.pdf

上传人: 张** 编号:175521 2024-09-13 29页 5.35MB

1、Modern Kill ChainsReal World SaaS Attacks and Mitigation StrategiesCory MichalVP of SecurityAugust 7,2024Brandon LevenePrincipal Product Manager,Threat DetectionBen PruceLead Threat Detection Engineer1Agenda Reflect on where we are currently Hypothesize why we are here Examine what it is like to be

2、here Determine if something better is possible Outline how we could move to better state2Historical Attack Surface Change3Pre Cloud&SaaS Attack Surface 20094DMZDMZDMZModern Attack Surface 20205Attack Surface Observations Hardened network perimeters VPN access Physical access controls Network Access

3、Control/Wifi Endpoint protection Internal IdP Internal IT Systems Internal Business Systems Logging/Monitoring/SIEM/Flow6 Rapidly dissolving perimeters Access from work or BYOD Remote access from anywhere Uncontrolled network upstream Endpoint protection External IdP External SaaS Systems External I

4、aaS/PaaS Substantially reduced visibilityLegacy Attack Surface Modern Attack SurfacePre-Cloud and SaaS Mapped to ATT&CK7ReconnaissanceInitial AccessExecutionPersistenceCommand and ControlPrivilege EscalationCollection Exfiltration ImpactResearch Target,Scan,Find UsersDeliver target payloadsExploit p

5、erimeter vulnerabilitiesEstablish persistence of footholdEstablish control of compromised hostsEscalate privilege if possibleIterate 35x for lateral movement PayDay!SaaS ATT&CK Tactics8Research Target,Find Users,Find SaaSReconnaissanceInitial AccessCredential AccessPersistenceCommand and ControlPriv

6、ilege EscalationCollection Exfiltration ImpactStuff,Spray,SIM Swap Login to IdPAccess SaaS services and Manipulate login ConfigurationsSkipSkipOAuth,API Keys,Integration,App,Often Skipped!IdP tiles,Collaboration,Doc,SourcePayDay!This is Why We Cant Have Nice Things Substantially expanded our attack

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文讨论了现代SaaS攻击链与防御策略。首先,文中概述了自2009年以来攻击面的变化,指出现代攻击面包括硬化的网络边界、VPN访问、物理访问控制、端点保护和内部身份验证等。然后,文章提出了SaaS攻击的现状,包括各种获胜的攻击类型,如鱼叉式钓鱼、勒索软件、凭据喷洒等,以及受损的组织和普通互联网用户。接下来,文中分析了SaaS攻击的特性,如利用云服务提供商和跳过传统的攻击链活动。此外,文章还提供了关于攻击者的观察,包括他们使用的技术和策略。最后,作者提出了应对SaaS攻击的策略,包括加强端点安全、采用硬件MFA设备、避免使用服务账户等,并强调了零信任策略的重要性。
如何有效防御?" "云服务时代,我们如何确保安全?" 了解并应对威胁"
客服
商务合作
小程序
服务号
折叠