检测至关重要——工业网络安全计划中威胁检测的务实方法.pdf

编号:991851 PDF 14页 791.02KB 下载积分:VIP专享
下载报告请您先登录!

1、DETECTIONis a mustC:whoamiAustin ScottDirector of DetectionDragoshttps:/ Prevention Vs ICS DetectionBetter to focus on prevention andjust doing the basics like asset management to get the best ROIThreat Detection generates too much noise and false positives,wasting already limited resources.You Cant

2、 ProtectWhat You Cant SeeA lot of the ransomware cases we get called into literally didnt know what was in their network.They had no visibility and no asset identificationICS IncidentResponseTriggers IRDefensibleArchitectureICS NetworkVisibilitySecureRemote AccessVulnerabilityManagement12345Validate

3、s SegmentationTells The ICS StoryUnauthorized AccessVulnerability ExploitationDetection+SANS 5 Critical Controls for ICSBAUXITE+Sophos Firewall (CVE-2022-3236,CVE-2022-1040)BAUXITE exploited specific Sophos Firewall vulnerabilities,notably CVE-2022-3236 and CVE-2022-1040,to plant the IOControl backd

4、oorApril2024When Prevention FailsHELLDOWN+Zyxel Firewalls(CVE-2023-28771)Unauthenticated command injection allowing remote code execution.Exploited by HELLDOWN in August 2024,targeting manufacturing with leaked Lockbit builder.May2024VOLTZITE+Cisco,Fortinet,Ivanti,F5,SonicWall,PaloAltoHas utilized 0

5、-days used by other PRC adversariesQuickly Integrate and then target devices from released POCs for remote access assets or other internet-exposed assetsAugust2023May2025PARASITE+Credential Stuffing+ZKTeco(CVE-2023-38950)Stolen VPN administrator credentials Exploited publicly facing ZKTeco BioTime v

6、8.5.5 software *Source:Dragos WorldviewRecent Critical Firewall Vulnerabilities FortinetCVE-2022-406849.8(Critical)CVE-2022-424759.3(Critical)CVE-2022-413287.1(High)CVE-2023-256109.3(Critical)CVE-2023-279979.8(Critical)CVE-2023-226397.8(High)CVE-2023-280019.8(Critical)CVE-2023-333089.8(Critical)CVE-

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(检测至关重要——工业网络安全计划中威胁检测的务实方法.pdf)为本站 (可不可以) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠