DDOS防御专家-提供超强DDoS高防/CC防护/大流量清洗服务!
当前位置:主页 > 高防服务器 > 正文

国内高防cdn_软防ddos有用吗_快速解决

国内高防cdn_软防ddos有用吗_快速解决

With the April rollout of VMRay Platform Version 3.3, we’re introducing major enhancements to our advanced threat detection and analysis solutions: A new naming convention – VMRay Platform – articulates the unified nature of our solutions, core technology, and individual products: VMRay Analyzer, VMRay Detector, and VMRay Email Threat Defender. A new capability – automated scoring and flagging of IOCs – lets security teams easily extract actionable threat intelligence from dynamic malware analysis. The launch of a US data center gives our customers, especially those in regulated industries, a choice of whether their data will reside in the US or the EU. In addition, v3.3 offers enhanced phishing detection, several improvements to our analysis engine, and expanded enterprise features – all summarized below. Who’s Zoomin’ who? But first, let me start with a story that demonstrates VMRay’s relevance in today’s threat landscape. In March, Technical Lead Felix Seele was test-driving one of our new features — dynamic analysis of macOS PKG files — when he discovered a security issue in Zoom’s installation process. In a tweet and subsequent blog post, Felix described how Zoom "installs itself on Macs by working around Apple’s regular security, demonstrating behavior commonly associated with malware."  His post was re-tweeted 4,100 times, drew national media attention and prompted an acknowledgment from Zoom CEO Eric Yuan, who signed off saying: "Your point is well taken and we will continue to improve." Likewise, with VMRay Platform v3.3, we continue to improve in four broad areas: Unlocking the True Potential of IOCs Sandbox-generated IOCs are an underutilized source of threat intelligence, due to the difficulty of extracting actionable, trusted IOCs in an efficient way. Version 3.3 takes a big step toward unlocking this potential by solving three underlying challenges: Misclassified IOCs that create a "fear of false positives" Limited value of threat intelligence due to insufficient context Difficulty integrating across systems in heterogenous environments due to a proliferation of proprietary formats. Distinguishing artifacts from IOCs With enhanced capabilities for distinguishing between artifacts and IOCs, Version 3.3 sets a new standard for IOC generation. An Indicator of Compromise (IOC) is a piece of forensics data derived from manual or automatic analysis, which is useful in characterizing the behavior of a given threat and can be used to identify that threat in other contexts. IOCs are a subset of a larger universe: artifacts that encompass all forensics information related to the threat. This includes files, URLs, IPs, processes, registries and other data that’s observed during runtime in the sandbox or statically extracted from the analyzed file, such as links in an email sample. Identifying high-quality IOCs among dozens or even many hundreds of sandbox-generated artifacts is a difficult, time-consuming task. Irrelevant artifacts in the results make it more likely some threats will slip through undetected. Misclassifying a trivial or benign artifact as an IOC can lead to many false alerts, causing legitimate applications and activity to be blocked. This latter scenario not only impacts productivity and incurs costs. For these reasons, many organizations still use largely manual methods to extract IOCs that are reliable and actionable. Let’s look at how VMRay addresses this issue in Version 3.3 Scoring artifacts and flagging IOCs The key innovation is the use of VMRay Threat Identifier (VTI) rules to flag and score artifacts and determines which qualify as IOCs. In the analysis report shown below, we see there are four categories of artifacts: files, URLs, IPs and processes. The VTIs associated with the highlighted process (gastart.exe) assign a score, causing it to be flagged as an IOC.  In addition to the AV result, we can see that a VTI rule for Anti-Analysis is triggered, providing more context to the already flagged IOC. Figure 1: Of nearly 600 artifacts observed during analysis of one malware sample, filtering allows the display of just the 52 related IOCs. Complementing VTI scoring, other new features in Version 3.3 include: Easier export of IOCs: Adding CSV and STIX 2.0 data-exchange formats to existing JSON support, v3.3 offers multiple ways to export IOCs to other security systems. Added context: Artifacts and IOCs are now enriched with more attributes including geographic location, user agent, related processes, classifications, threat names, and others. A better user experience: An interactive IOCs tab provides detailed information on indicators, artifacts, and VTIs and allows team members to easily filter and export IOCs. Figure 2: VMRay Threat Identifier (VTI) rules are used to score artifacts observed during dynamic analysis. We can see the context for each artifact. The IOCs can be easily exported all at once, by category, or individually.   Enhanced Detection of Phishing Attacks Given that phishing attacks are an ongoing challenge for enterprises, we’ve enhanced detection in a number of ways. Automated analysis of phishing URLs hosted on legitimate cloud applications This feature helps detect attacks that are delivered using file-sharing web applications such as SharePoint, Dropbox, and Google Drive as well as other major cloud applications. The Automatic User Interaction feature was enhanced to click on download links found in these applications. URLs that are hosting malicious content are submitted for analysis. This feature was added in response to the VMRay Labs Team observing in 2019 that threat actors were increasingly using SharePoint and similar tools for hosting malicious content. Figure 3: Phishing attacks often use file-sharing applications like Microsoft SharePoint. Phishing detection for HTML samples The second enhancement helps detect phishing attacks delivered via HTML attachments, which on the victim’s device instead of the public internet, thereby avoiding URL reputation checks. VMRay’s web engine analyzes HTML files to detect credential-harvesting Web forms so they can be blocked. In addition, embedded objects in HTML files are now extracted and analyzed by the static engine. Submission of Safe Link URLs and formatted URLs: Version 3.3 introduces more flexibility in how URLs can be submitted for analysis. VMRay now normalizes submitted URLs to support two scenarios: Submission of Safe Link URLs: When extracting URLs embedded in emails, many security tools rewrite the URL, replacing it with a safe version of the same link and alerting the recipient of the potential security risk. In some cases, the underlying malicious link isn’t analyzed unless and until the end-user clicks on the safe link. This creates the possibility a malicious link will go undetected, missing an opportunity to add it to threat intelligence. In addition, the time gap between the creation of the safe link and time-of-click can result in the end user’s system being inadvertently compromised. VMRay addresses both situations by temporarily disarming the safe link long enough to submit the original malicious URL for analysis and then rearming the safe link to maintain protection. Figure 4: Emojis, which are characters in the UTF-8 alphabet, can be converted to an ASCII equivalent. Submission of specially formatted URLs: The universe of characters a URL may contain is much vaster than the 256 characters extended ASCII can accommodate. So URLs containing non-ASCII characters must be converted to the equivalent ASCII format, as defined by UTF-8 encoding. Version 3.3, for the first time, normalizes several types of specially formatted URLs so they can be automatically submitted to VMRay for threat analysis and detection. These URL types include % encoded URLs, Emoji domains, Punycode-encode domains and Google referrers. The original formatted URL is kept in the analysis report as forensic evidence. Analysis Engine Improvements Version 3.3 also features several improvements to our analysis engine. PKG file support for macOS We continue to expand macOS support, complementing VMRay’s longstanding coverage of Microsoft environments. The new release supports the analysis of PKG files during setup and installation of Mac applications. As mentioned earlier, this feature was instrumental in one of our researchers discovering a deceptive aspect of Zoom installation. Figure 4: While test-driving PKG file support for macOS, VMRay’s Felix Seele discovered a deceptive aspect of Zoom’s installation process for Mac systems. Detection and analysis of embedded Power Queries Excel’s Power Query function lets users link spreadsheets with other data sources: external databases, text documents, web pages, etc. Threat actors are exploiting this feature to load malicious content into Excel and launch hard-to-detect attacks that often combine multiple attack surfaces. Power Query Artifacts are now extracted and analyzed by the relevant engines (reputation, static, dynamic), and are flagged as IOCs. Support for OS reboot as part of a prescript Prescripts are essential for tailoring the analysis environment, ensuring for example that the target machine is fully localized to reflect the production environment requiring protection. We have added support for performing OS reboot as part of a prescript, meaning the analysis will still run as intended following a reboot. Enterprise-Ready Enhancements US Data Center and Compliance Enhancements With the April opening of a new data center, VMRay now offers customers a choice of where their data resides: in the US or the EU. This is especially significant for enterprises in regulated industries (health care, financial services, government) that are bound by regulation and compliance to have control over where their data is stored. Both facilities are ISO27001 compliant, meet GDPR standards for data protection and privacy, and meet the Singapore Monetary Authority guidelines for cloud services for the financial sector. Customers choose their preferred data center location at the time their account is created. Improved login capabilities Version 3.3 features SAML support for single sign-on (SSO) and multi-factor authentication (MFA), making it easy to integrate our platform with your company’s chosen identity provider. About Uriel CohenUriel is VP Products at VMRay. With over a decade in cyber security, Uriel has become passionate about solving enterprise security challenges with technology innovations. Prior to joining VMRay, Uriel served as Director of Product Management for Ifasec GmbH, a German-based company bringing to market an adaptive network access control solution. Prior to that, Uriel was the Director of Products at WireX Systems, a network forensics company based in California and Israel. Prior to WireX, Uriel held a Technical Product Management role at Check Point Software Technologies, where he focused on building a successful roadmap for its FW-integrated Threat Prevention solution. Uriel holds a B.Sc with honors in mathematics from Ben Gurion University of the Negev.

,防御ddos策略,传奇如何防御cc攻击,什么盾防御ddos,什么盾防御cc好,5gddos防御

版权保护: 本文由 DDOS防御专家 原创,转载请保留链接: /ddos/61157.html

DDoS防御专家简介孤之剑
国内资深白帽子二十人组成员,前BAT资深网络安全工程师,知名网络安全站点板块大神,每年提交Google及微软漏洞,原sina微博负载插件开发者,现在整体防御复合攻击长期接受1-4.7T攻击,CC防护自主开发指纹识别系统,可以做到99.9999%的无敌防御。
  • 文章总数
  • 8153466访问次数
  • 建站天数

    QQ客服

    400-0797-119

    X