攻击者的困境

  • A+
所属分类:安全闲碎

攻击者的困境


1.防御者的困境


攻击者的困境

You've heard of the Defender's Dillema: "Defenders have to get it right every time. Attackers only have to get it right once."

Did you know this is a lie?

I think it was @Soinull who created the idea of the Attacker's Dilemma: defenders have many chances to defend across the entire kill chain. To be successful, attackers have to evade all the defenses in their chosen chain.
 
The Defender's Dilemma really only makes sense if you think of an "attack" as a single atomic thing, which of course it is not. Attacking a complex system will always be easier than defending it. The key to defender success is exploiting the home ground advantage.

Forget the Defender's Dilemma and recognize that we have a lot of chances to succeed. We may not have the resources to take them all, but by choosing wisely, we can make an attacker's job MUCH harder while giving ourselves the best chance of success.

2.攻击者的困境


攻击者的困境

“Attacker’s Dilemma”:
    How do they get to their goal and exfiltrate their target without tripping a single one of our detection ‘landmines’?


攻击者的困境


攻击者的困境


攻击者的困境

3.防御者如何思考?


攻击者的困境

1. Focus on the criminal’s activities rather than the tools and exploits
2. Use the attacker’s needs and techniques against them
3. Balance prevention, detection, and response appropriately
4. Invest in your people over your tools



攻击者的困境

攻击者的困境

攻击者的困境


攻击者的困境


往期精选


围观

威胁猎杀实战(六):横向移动攻击检测


热文

全球“三大”入侵分析模型


热文

实战化ATT&CK:威胁情报


攻击者的困境

本文始发于微信公众号(天御攻防实验室):攻击者的困境

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: