文 档: IBM X-Force如何抵御未知威胁
作 者: 李承达@IBM
语 言: 外文
标 签 X-Force 深度包检测 威胁分析
介 绍:
  • What is PAM?
  • PAM does more with less
  • PAM parses each frame, layer by layer
  • PAM Parser Overview
  • PAM Protocol Heuristics (layer 5)
  • Example of Deep Packet Inspection (1 of 5)
  • Ahead of the Threat (AOTT)
  • X-Force Top 100 Ahead of the Threat Coverage
  • AOTT coverage with MOV_Container_Overflow
  • AOTT coverage with Script_DOM_Unconditional_Undo
  • AOTT coverage with Zip_Directory_Traversal
  • AOTT coverage with Script_Array_Overflow
  • Pattern Matching vs. Deep Packet Inspection
  • Advantages: Pattern Matching vs. Deep Packet Inspection
  • X-Force Top 100 Ahead of the Threat Coverage
  • Pattern Matching: False Negative
  • Pattern Matching: A rule for each exploit
  • 2016 IBM Corporation 25
  • Pattern Matching: Lack of Coverage
  • Pattern Matching: Large Rule Set
  • Powered by PAM provides broad threat coverage
  • IBM X-Force monitors and analyzes the changing threat landscape
  • IBM X-Force® Exchange
援 引: http://www.skdlabs.com/bbs/forum.php?mod=viewthread&tid=108&extra=page
附件下载
相关推荐
基于业务 构筑安全
议题概要: 站在企业CEO们最关心的商业风险的角度,他认为面对新威胁,企业
高级威胁的新动向
#目录 - 永恒之蓝 引起的思考 - 如何有效检测 永恒之蓝 - 高级威胁
检测来自 Web 的威胁
- 背景介绍 - 沙盒设计与数据收集 - 分析与关联 - 数据与案例
高级恶意攻击结合威胁情报云的多维分析
- 我们这样构建威胁情报云 - 我们这样使用威胁情报云 - 如何使用威胁情报
智能编排技术如何加速企业安全威胁响应
#目录 - 案例分享 - 现实困境 - 关于自动化 - 编排vs智能编排
IBM X-Force如何抵御未知威胁
- What is PAM? - PAM does more with les
阅读心得