当前位置:首页 > 报告详情

防守方是否取胜?.pdf

上传人: 竿*** 编号:981626 2025-11-29 56页 2.38MB

1、#BHUSA BlackHatEventsIs Defense Winning?Is Defense Winning?Jason Healeywith Tarang Jain and Sam DebMeasuring if Cyberspace is Becoming More Defensible and Resilient#BHUSA BlackHatEventsAgenda:Lets Win!(And Measure)Whoami Why“is defense winning?”and what is“winning”anyway Propositions:what winning lo

2、oks for threat,vulnerability,and impact Next steps and conclusions#BHUSA BlackHatEventswhoami Long-time in information security,mostly on policy,intel,responseHelped create worlds first cyber command(1998)Stood up response and threat-intel capability for Goldman Sachs,vice-chair of FS-ISACWhite Hous

3、e policy director,2003-2005,2022-2023.Helped implement first national cyber strategy(2003)and draft the most recent(2023)First came to DEF CON 9.Review Boards for DEF CON and Black Hat Speaker at Black Hat 2013,2014,2016(Best Briefing award),2019,2023(moderated keynote fireside)Teaching and research

4、ing since 2011:Atlantic Council and Columbia University SIPA Jason_Healey#BHUSA BlackHatEventsWait,what does“winning”mean?Wait,what does“winning”mean?#BHUSA BlackHatEventsDefensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users

5、working at physically unprotected consoles connected to the system by unprotected communications.”“None of the known red team efforts has failed to date.”“Few if any contemporary computer security controls have prevented a red team from easily accessing any information sought.”#BHUSA BlackHatEventsD

6、efensive Struggles“Contemporary technology cannot provide a secure system in an open environment,which includes uncleared users working at physically unprotected consoles connected to the system by unprotected communications.”1970“None of the known red team efforts has failed to date.”1972“Few if an

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《Is Defense Winning?》一文,以下为全文关键点: 1. **防御挑战**:自1970年代以来,尽管技术进步,但开放环境中的系统安全性仍然是一个挑战,红队测试几乎从未失败。 2. **防御与攻击的对比**:攻击者拥有优势,即使高级防御者也难以阻止基本攻击和威胁攻击者造成重大影响。 3. **防御目标**:目标是实现防御优势,使攻击者难以实现简单目标,并使防御成功但成本高昂。 4. **衡量标准**:目前缺乏有效的系统级指标来衡量防御成效,许多指标无用或仅关注输入和输出。 5. **威胁指标**:包括攻击者工具和技术(TTP)的变化、漏洞快速更替、0day漏洞价格上升等。 6. **漏洞指标**:如软件漏洞的多样性增加、安全软件开发周期(SDLC)的改进、开源和供应链的安全性提高等。 7. **影响指标**:包括互联网核心的停机时间减少、经济损失减少、国家安全相关事件减少等。 8. **下一步计划**:建立“防御是否获胜”的初始框架,创建更全面的指标目录,鼓励数据报告,并推动改进的分析。 9. **结论**:尽管攻击者目前拥有优势,但通过持续的努力和改进,防御方有可能取得胜利。
防守胜算几何?" 防守是否在赢?" 防守能否逆袭?"
客服
商务合作
小程序
服务号
折叠