TRADITIONAL STATIC SECURITY APPROACHES
AND ARCHITECTURES BASED ON SECURITY CONTROLS, PREVENTATIVE TECHNOLOGIES AND PERIODIC STRATEGY REVIEWS ARE NOW OUTDATED
File to Fileless
Abnormal to Normal
Malicious to Neutral
12
• Invisible Attacks
• VPN, AD, PtH, PtT
• Invisible Network Traffic
• Google Drive, Dropbox
• Invisible Malware
• Task schedule, Wmi , Powershell
Low visibility of Cyber Threats
30
34
• https://www.facebook.com/HITCON/videos/1245856318779021/
資安問題本質上是一個風險問題
The target will always be a target, so we should coexist with the threat, and deal with the cyber investigation more adaptively and effectively.
42
An Intelligence-Driven Approach to Cyber Defense
https://hitcon.org/2016/pacific/agenda.htm
45
ATT&CK Matrix
https://attack.mitre.org/
ATT&CK Groups
https://attack.mitre.org/
47
Structured Threat Information eXpression
49
Machine-readable threat intelligence
Not able to generate IOCs
able to generate IOCs
Closed threat intelligence(organization)
Thank YouFOR LESSENING