本文介绍威胁情报系统的架构及其工作原理。威胁情报系统收集并分析安全威胁数据,包括威胁行为者、漏洞利用、恶意软件等,并将这些信息自动分发到企业的攻击缓解组件中,更新安全配置。此外,该系统还能提供安全网站的黑白名单,帮助识别新的漏洞并提醒用户安装安全补丁。
Threat Intelligence System
Threat intelligence is evidence-based knowledge, including context, indicators, implications, and actionable advice, that can provide information about an existing or emerging threat to an asset that can be used to inform decisions as to how the organization should respond to that threat. Common forms of threat intelligence data include security threats, threat actors, exploits, malware, vulnerabilities, and compromise indicators.
Figure 1 - A threat intelligence system architecture.
Figure 1 shows collection, analysis, distribution and use of analysis information in a threat intelligence system. The data is automatically distributed to attack mitigation components in the enterprise, providing automatic updates of security configurations. The automatic updates can extend to cloud consumers’ browser protection systems.
Attackers commonly attempt to take advantage of web browsers and their vulnerabilities. Threat intelligence can provide whitelists and blacklists of safe and compromised websites that can alert for new vulnerabilities and when security patches are available.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
