郑聿铭-从EDR到XDR构建主动防御体系（22页）.pdf

《郑聿铭-从EDR到XDR构建主动防御体系（22页）.pdf》由会员分享，可在线阅读，更多相关《郑聿铭-从EDR到XDR构建主动防御体系（22页）.pdf（22页珍藏版）》请在三个皮匠报告上搜索。

1、郑聿铭从EDR到XDR，构建主动防御体系2021 FireEye2021 FireEye2021 FireEye2021 FireEye关于EDR与XDR2021 FireEye2021 FireEyeThe EDR market is defined as solutions that record endpoint-system-level behaviorsand events(for example user,file,process,registry,memory and network events),and store this information either locall

2、y on the endpoint or in a centralized database.Databases of known IOCs and behavior analytics techniques are then used to continually search the data to identify early identification of breaches(including insider threats),and to rapidly respond to those attacks.These tools also help with rapid inves

3、tigation into the scope of attacks,and provide response capability；EDR市场被定义为记录终端系统级行为和事件的解决方案(例如用户、文件、进程、注册表、内存和网络事件)，并将此信息存储在本地的端点上或集中的数据库中。然后使用已知IOC的数据库和行为分析技术不断搜索数据，以识别早期入侵(包括内部威胁)，并快速应对这些攻击。这些工具还有助于快速调查攻击范围，并提供响应能力。Endpoint Detection&Response(EDR)的定义2021 FireEye2021 FireEyeEDR的三个特征记录终端行为(Telemet

4、ry)识别早期入侵(IOCs)确认入侵范围(Investigation)2021 FireEye2021 FireEyeEDR时间线2015-122016-112019-122015 Market Guide for EDR Solutions2016 Market Guide for EDR Solutions2019 Market Guide for EDR Solutions2016-06Comparison of EDR Technologies&Solutions2010-10Mandiant Intelligent Response IntroducedWhich Evolved

5、into FireEye Endpoint Security“At one time,Mandiant Consulting(now part of FireEye),with its Mandiant Intelligent Response(MIR)commercial tool(and its freeware cousin,called Redline),was the only one playing that game”有一段时间，只有Mandiant Consulting(现在是FireEye的一部分)和它的Mandiant Intelligent Response(MIR)商业

6、工具(以及它的免费软件“Redline”)是唯一的玩家“2021 FireEye2021 FireEyeExtended detection and response(XDR)is a vendor-specific,threat detection and incident response tool that unifies multiple security products into a security operations system.Primary functions include centralization and normalization of data in a r