跳转到主要内容
redteam_security_moat

深入利用网络防御构筑护城河

Believe it or not, defense in depth has its foundation (no pun intended) in medieval times. Back then, the term referred to the use of multiple mechanisms incorporated to protect the royal treasure, 如果一种机制失败了, 另一个是在适当的地方防御攻击.

Similarly, the term is also used by the military to describe a strategy for delaying the advance of an attacker. 而不是将所有可用的人力集中在一道坚固的防线上, this approach is designed to slow the advance of an attacker by buying enough time to wear them down. 这使得他们容易受到反击,最终失败.

网络安全防御深度战略

Defense in depth for cyber security takes the best of both scenarios and applies them to approaches that include guidance for controls (military strategy) as well as hardware and software solutions (castle walls). Defense-in-depth strategy elements contain approaches intended to stop and/or slow an attacker's efforts. The defensive mechanisms are layered to protect valuable data and information and act like marbles to hinder the progress of a threat, 慢慢地,磨损它, until either it ceases to threaten or until additional resources can pitch in to help eliminate that threat.

城堡的防御
The castle's main gate is protected by an army of soldiers and surrounded on all sides by a large fence.

网络攻击者的心态
前门有重兵把守,所以冰球突破豪华版试玩得另找一条路进去. 他们对大门周围的防御很有信心, 城堡不考虑其他进入的方式,包括;
  • 伪装成工人潜入城堡
  • 通过打开的窗口获得物理访问
  • Climb through terrace as entry point at night and place USB drives loaded with malware throughout staff quarters
  • 从附近的森林连接城堡的Wi-Fi,获得网络接入
  • Tailgate behind a carriage vendor into the castle to look for server room
 

深层防御体系结构

Because there is no single method that can successfully protect against every single type of attack, companies choose to employ a defense in depth architecture to better protect IT resources. Implementing a collection of security solutions increases the security of a system as a whole and addresses many different attack vectors. This coordinated use of multiple security countermeasures also includes how a team monitors, is alerted to, 并对威胁做出反应. This way, damage avoidance or mitigation that cannot be managed by purely technological measures can be enacted before the full effects of a threat are realized.

先进的对手模拟

Using an 先进的对手模拟 to test a company's defenses helps determine if security strategies are set up properly to identify emerging threats and warn teams. 如果公司选择信任使用单一安全层, an attacker will quickly pivot around that protected area to another area full of vulnerabilities that are wide open. 通过结合防火墙, 恶意软件扫描, 数据加密和完整性审计解决方案, 入侵检测系统, companies close gaps otherwise left exposed by the use of a single security layer.

 

Q: What are some ways you can help keep attackers off of your on-prem/cloud network?

Brian: So to keep the attackers at bay and keep them out of the cloud and on-premise networks,你真的需要一个好的防守策略和深度. You know, don't just rely on that one or two tools and think that they're going to be everything. 一个好的攻击者会先在你身上做功课. They're going to do lots of enumeration to figure out what type of defenses you may have in place to see if there are bypasses or something they can develop to bypass. 所以你需要有一个整体的观点, alright, 考虑到我现在的情况这是我的 内部网络, 这是我的云网络, and here's how they all communicate; where are my largest areas of weakness? 现在我知道我的 最大的弱点 are, how can I put something to detect if someone is aiming for that weakness or if someone is aiming for that vulnerable soft area in either the cloud network or the on-premise network. 并且要有深度防御,这样即使冰球突破豪华版试玩绕过了反病毒程序, there's plenty of artifacts that we leave behind as attackers that still allow you to find us and hopefully stop us, or find the real attacker and stop the real attacker before they do ransomware or whatever it is they're trying to accomplish. 

Q: Why do so many organization fail to notice that an attacker got into their network?

Brian: One of the reasons companies may think that they're protected when they put all this investment in - and attackers are still getting in, 冰球突破豪华版试玩每天都能在新闻中看到. 这些公司都被入侵了 are 投资于安全. 他们的工作是监督安全, but oftentimes, 这也是你必须拥有攻击者心态的事情之一, or, as I mentioned earlier; if the only way you think to get into a building is through a door, you're going to put all your security around the doors and not realize that people can go through windows. 公司的内部网络或云网络也是如此. If you think the only way into the 内部网络 is through the VPN or this cloud access security broker and you put all of your attention, 你所有的意识和注意力都集中在那些事情上, 你忘记了坏人会思考 多个不同的向量, and they're going to go in through the side entrance to get into your network, or they're going to go through some legacy system that you'd forgotten about.

获得一个免费的定制提案
并开始保护您的云环境
范围的问卷 我的项目范围

得到一个定制的提案

Use our 范围的问卷 to provide us with the necessary information to put together a proposal for you. 请尽可能详尽地答复, 因为它帮助冰球突破豪华版试玩确保一个准确和完整的建议.
如果您对应用程序冰球突破豪华版试玩感兴趣, 你可能会发现这篇文章对你的回答很有帮助: 理解冰球突破豪华版试玩的应用复杂性.

如果您有任何问题,请冰球突破豪华版试玩 (952) 836-2770 or 安排一个会议. 一旦收到您的回复,冰球突破豪华版试玩会立即跟进. 冰球突破豪华版试玩期待很快与您交谈.

无法查看范围调查问卷? 检查一下是否有广告拦截器阻止页面正常加载.

专用客户端门户

Interact in real-time with your RedTeam security professionals on our user-friendly client portal and see firsthand as the team closes in on your company data.

认证的安全专家

Our trusted security professionals hold certifications from the leading industry organizations, including OSCP, CASS, CPT, CISSP and more.

的方法之一

We hold industry-leading certifications and dedicate part of every day to research the latest exploit techniques to ensure our clients remain protected from evolving online attacks.

免费修复测试

一旦您的团队解决了补救建议, RedTeam将为您安排复试,无需额外费用.
友情链接: 1 2 3 4 5 6 7 8 9 10