Kecerdasan Data Generatif

Keamanan Siber

Menggunakan Visibilitas Jaringan Timur-Barat untuk Mendeteksi Ancaman pada Tahapan Selanjutnya MITRE ATT&CK

Diterbitkan ulang oleh Plato
Diterbitkan ulang oleh Plato

Tanggal:

views: 0

Badan Keamanan Siber dan Infrastruktur (CISA) menyebut “pemantauan jaringan internal yang tidak memadai” adalah salah satu penyebabnya 10 kesalahan konfigurasi jaringan yang paling umum. Memang, analisis dan visibilitas jaringan (NAV) masih merupakan tantangan abadi. Ketika batas-batas di sekitar jaringan tradisional menghilang dan lanskap ancaman aktif menjadi lebih kompleks, perusahaan memerlukan metode dan solusi baru untuk mempertahankan kinerja, keamanan, dan kelangsungannya.

Di situlah tempatnya MITRE ATT & CK framework comes in. The adversary tactics and techniques it collects help us understand and combat cyber threats, such as ransomware, as well as advanced persistent threats (APTs) that seek to inflict potentially devastating damage on an enterprise. By looking for known tactics and techniques of known APT groups, tim keamanan siber dapat menggagalkan ancaman sebelum mereka berubah menjadi serangan yang berhasil.

Once ransomware is detected, it’s normally way too late to prevent damage. This underscores the need for complete and continuous monitoring of the network, an understanding of preventative strategies, and uninhibited visibility capabilities to detect anomalies that not only encompass “north-south” traffic between the data center and clients, but “east-west” traffic between servers as well.

Pahami Lanskap Ancaman dan Jaringan Anda

Meskipun visibilitas jaringan yang lengkap adalah tujuan akhirnya, hal ini lebih mudah diucapkan daripada dilakukan. Organisasi memerlukan visibilitas holistik across the service delivery ecosystem. Monitoring network activity for tracking and trending traffic and application utilization is essential. In addition, you must go beyond enterprisewide visibility to implement a broad-based performance and availability strategy that encompasses not only the headquarters, remote offices, and private data centers, but also colocation centers, contact centers, public clouds, and software-as-a-service (SaaS) environments.

In addition, maintaining high-performing digital services across increasingly distributed hybrid cloud environments is crucial for enterprise IT organizations. With a more distributed environment comes new challenges in providing customers and the hybrid workforce with safe, secure access to and availability of business applications and services. In some cases, managing quality performance in the wake of traffic growth across SD-WAN links, crucial Internet circuits, VPN gateways, and hybrid clouds has moved from an operational challenge to a business-critical priority.

For example, many companies today permanently moved thousands of employees to work-from-home and hybrid-cloud environments during and after the pandemic. As companies transitioned to hybrid workforce and zero-trust models, NetOps teams realized that they needed better tools to identify whether SD-WAN bandwidth could adequately handle spikes in remote network traffic related to thousands of remote users. At the same time, SecOps teams needed this same level of visibility to detect threats and confirm their zero-trust network policies were working as designed.

Ultimately, by understanding the threat landscape of the network in this instance, IT management can better understand and identify where “crown jewels,” such as key servers, applications, and databases, reside. That way, when threats do occur, anomalous behavior is clearer to NetOps and SecOps teams.

In today’s expanded service edge environments, visualizing the remote end user experience in the context of multitier network and vendor environments is essential to quickly isolate problems and provide visibility across all stages of MITRE ATT&CK.

Pastikan Visibilitas Jaringan Baik Internal maupun Eksternal

dibutuhkan oleh tim TI visibilitas ujung ke ujung throughout their entire enterprise networks, from SD-WAN and remote offices, to hybrid/multicloud environments, to co-los and data centers. When there is a lack of visibility, SecOps teams do not have adequate insight into all stages of MITRE ATT&CK.

A modern zero-trust environment assumes that the network has already been breached. That is, the initial phases of MITRE ATT&CK — reconnaissance, resource development, and initial access — have already happened. North-south network visibility alone is inadequate to track the internal movement of the attacker, which is now progressing through later MITRE ATT&CK phases of execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, and collection.

Untuk menangkap penyusupan pada tahap ini, tim SecOps memerlukan visibilitas lalu lintas timur-barat. Dengan tingkat visibilitas komunikasi server-server ini, tim SecOps dapat mendeteksi perilaku lalu lintas yang tidak wajar terkait server permata mahkota mereka. Jika terjadi serangan ransomware, banyak taktik dan teknik MITRE ATT&CK mendahului eksfiltrasi dan enkripsi data yang sebenarnya.

Serangan seperti ini menggarisbawahi perlunya pemantauan jaringan yang menyeluruh dan berkelanjutan, pemahaman tentang strategi pencegahan, dan kemampuan visibilitas tanpa hambatan untuk mendeteksi anomali yang mencakup lalu lintas yang mengalir dari segala arah. Dengan menggunakan solusi yang berhubungan dengan internal dan eksternal, tim TI, NetOps, dan SecOps dapat menerapkan pemantauan kinerja yang terbaik dari keduanya.

Memanfaatkan data yang berasal dari kedua bentuk lalu lintas paket jaringan membantu mengatasi masalah yang sulit diisolasi di lingkungan hibrid dan jarak jauh. Kombinasi visibilitas jaringan utara-selatan dan timur-barat diperlukan untuk fase terakhir MITRE ATT&CK — komando dan kontrol, eksfiltrasi, dan dampak.

tempat_img

Intelijen Terbaru

tempat_img

Hak Cipta @ 2024 Plato Technologies Inc.

Hubungi kami

Hai, yang di sana! Apa yang bisa saya bantu?