1.防御者的困境
You've heard of the Defender's Dillema: "Defenders have to get it right every time. Attackers only have to get it right once."
Did you know this is a lie?
I think it was @Soinull who created the idea of the Attacker's Dilemma: defenders have many chances to defend across the entire kill chain. To be successful, attackers have to evade all the defenses in their chosen chain.
The Defender's Dilemma really only makes sense if you think of an "attack" as a single atomic thing, which of course it is not. Attacking a complex system will always be easier than defending it. The key to defender success is exploiting the home ground advantage.
Forget the Defender's Dilemma and recognize that we have a lot of chances to succeed. We may not have the resources to take them all, but by choosing wisely, we can make an attacker's job MUCH harder while giving ourselves the best chance of success.
2.攻击者的困境
“Attacker’s Dilemma”:
How do they get to their goal and exfiltrate their target without tripping a single one of our detection ‘landmines’?
3.防御者如何思考?
1. Focus on the criminal’s activities rather than the tools and exploits
2. Use the attacker’s needs and techniques against them
3. Balance prevention, detection, and response appropriately
4. Invest in your people over your tools
往期精选
围观
热文
热文
本文始发于微信公众号(天御攻防实验室):攻击者的困境
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论