当前位置:首页 > 报告详情

理解混乱.pdf

上传人: 可*** 编号:991853 2025-12-07 33页 1.14MB

1、Making Sense of the ChaosWHEN TO CONDUCT STRUCTURED AND UNSTRUCTURED THREAT HUNTSArun WarikooHead of Cyber Threat Intelligence,CIB Americas,BNP ParibasLee ArchinalSenior Threat Hunt Analyst,Intel 471Meet the presentersArun Warikoo210+Years in IT 6+as Network Admin United States Army 5 years in SOC 4

2、 years Threat Hunting Black Hat USA 23&24 Trainer Conducts Threat Hunt Workshops based on different MITRE ATT&CK Tactics15+Years in Cyber Security with focus on Threat Intel,Hunting and DetectionChair of FS-ISAC Threat Hunting Working Group Host of“Cyber from the Frontlines”,a podcast available on S

3、potify and YouTubeResearcher&InnovatorPatent on determining threat attribution with high confidencePublications on Cyber Criminal Profiling&AttributionLee Archinal1.What is Threat Hunting2.What is a Structured Threat Hunt3.What is an Unstructured Threat Hunt4.Key TakeawaysDiscussionPointsThreat Hunt

4、ing 101WHAT IS THREAT HUNTING?THREAT HUNTING METHODOLOGYWHY THREAT HUNTTHREAT HUNT OUTCOMESMetrics are tough!Successful Outcomes:Found maliceConfirmed Visibility CoverageConfirmed Visibility GapPromoted Hunt to DetectionAdministrative issuesStructured HuntsWHAT IS A STRUCTURED THREAT HUNTIntel Drive

5、n approach to detect malicious activity based on defined objectives and an established hypothesisStructured Threat HuntOutcomesImprove security posture by detectingintrusions previously missed&augmentthreat detection capabilitiesKey CharacteristicsHypothesis DrivenBuilt around a specific hypothesis

6、about potential threatsDerived from the current threat landscape,emerging threats or analysis of past incidentsDefined ObjectivesDefine clear goals for the huntWhat are we looking for APTs,TTPs,MalwareRepeatableInvolves a well-defined methodology that can be repeated and refined over timeSTRUCTURED

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **威胁狩猎概述**:威胁狩猎是一种主动的安全策略,旨在通过分析网络数据来发现潜在的恶意活动。 2. **结构化威胁狩猎**: - 基于假设和定义目标,通过查询和模拟来检测恶意活动。 - 核心步骤包括:研究威胁、构建假设、构建查询、执行与分析、后狩猎行动。 - 目标是提高安全态势,检测之前遗漏的入侵并增强威胁检测能力。 3. **非结构化威胁狩猎**: - 一种直觉和探索性的分析,用于检测异常行为和潜在威胁,没有既定的目标和假设。 - 通过数据聚合学习环境中的正常行为,并发现异常。 4. **关键要点**: - 建立威胁狩猎库,以扩展威胁狩猎计划。 - 结构化狩猎有助于专注于与组织相关的威胁。 - 非结构化狩猎不仅检测未检测到的恶意活动,还推动检测机会,最终提高安全态势。
如何精准打击网络威胁?" 探索未知威胁的奥秘!" 提升安全检测能力!"
客服
商务合作
小程序
服务号
折叠