文 档: IBM X-Force如何抵御未知威胁
作 者: 李承达@IBM
语 言: 外文
标 签 X-Force 深度包检测 威胁分析
介 绍:
  • What is PAM?
  • PAM does more with less
  • PAM parses each frame, layer by layer
  • PAM Parser Overview
  • PAM Protocol Heuristics (layer 5)
  • Example of Deep Packet Inspection (1 of 5)
  • Ahead of the Threat (AOTT)
  • X-Force Top 100 Ahead of the Threat Coverage
  • AOTT coverage with MOV_Container_Overflow
  • AOTT coverage with Script_DOM_Unconditional_Undo
  • AOTT coverage with Zip_Directory_Traversal
  • AOTT coverage with Script_Array_Overflow
  • Pattern Matching vs. Deep Packet Inspection
  • Advantages: Pattern Matching vs. Deep Packet Inspection
  • X-Force Top 100 Ahead of the Threat Coverage
  • Pattern Matching: False Negative
  • Pattern Matching: A rule for each exploit
  • 2016 IBM Corporation 25
  • Pattern Matching: Lack of Coverage
  • Pattern Matching: Large Rule Set
  • Powered by PAM provides broad threat coverage
  • IBM X-Force monitors and analyzes the changing threat landscape
  • IBM X-Force® Exchange
援 引: http://www.skdlabs.com/bbs/forum.php?mod=viewthread&tid=108&extra=page
附件下载
相关推荐
微步威胁情报云探秘与实战案例
#主要内容 - SWEED团伙揭秘 - 微步在线威胁情报云 - 威胁情报云
高级威胁可感可知
- 高级威胁的主要特点 - 困扰安全运维人员的关键问题 - 基于AI的网络大
IBM X-Force如何抵御未知威胁
- What is PAM? - PAM does more with les
洋葱狗Operation_OnionDog
#目录 - 第1章 概述 - 主要发现 - 第2章 持续的网络
在野0day揭秘 威胁情报感知发现apt攻击
#目录 - 全球在野0DAY攻击回顾 - 自主捕获的0DAY和APT攻击案
高级威胁的新动向
#目录 - 永恒之蓝 引起的思考 - 如何有效检测 永恒之蓝 - 高级威胁
阅读心得