Upload
others
View
3
Download
1
Embed Size (px)
Citation preview
TRADITIONAL STATIC SECURITY APPROACHES
AND ARCHITECTURES BASED ON SECURITY CONTROLS, PREVENTATIVE TECHNOLOGIES AND PERIODIC STRATEGY REVIEWS ARE NOW OUTDATED
File to Fileless
Abnormal to Normal
Malicious to Neutral
12
• Invisible Attacks
• VPN, AD, PtH, PtT
• Invisible Network Traffic
• Google Drive, Dropbox
• Invisible Malware
• Task schedule, Wmi , Powershell
Low visibility of Cyber Threats
30
34
• https://www.facebook.com/HITCON/videos/1245856318779021/
資安問題本質上是一個風險問題
The target will always be a target, so we should coexist with the threat, and deal with the cyber investigation more adaptively and effectively.
42
An Intelligence-Driven Approach to Cyber Defense
https://hitcon.org/2016/pacific/agenda.htm
45
ATT&CK Matrix
https://attack.mitre.org/
ATT&CK Groups
https://attack.mitre.org/
47
Structured Threat Information eXpression
49
Machine-readable threat intelligence
Not able to generate IOCs
able to generate IOCs
Closed threat intelligence(organization)
Thank YouFOR LESSENING