何谓数码风险保障(DRP)?
数字风险保护(DRP) is the process of safeguarding digital assets 和 br和 reputation from external threats. 随着越来越多的企业采用数字实践,威胁和 攻击表面 这可能会被威胁行为者利用. DRP solutions operate on the premise that organizations can use threat actor activity to their advantage to identify attacks before they happen.
事实上, 美国政府网络安全和基础设施安全局(CISA) has said that information sharing amongst organizations operated within the private sector is critical in the quest for a more holistic underst和ing of the crosscutting 和 shared risks that may have cascading impacts within 和 across organizations, 行业, 和国家关键职能.
This is why it’s imperative to institute a DRP solution that can correlate multiple sources of telemetry; one that can scan the clear, 深的, 和 黑暗的网络s for potential dangers as well as proactively identify 和 research malware, 网络钓鱼诈骗, 以及其他威胁行为者.
It may seem overwhelming to be able to st和 up a solution that can both connect these disparate sources of suspicious activity 和 also help defend a network. 这些天, 然而, there is no other choice but for security organizations to try 和 do just that – 和 then to push risk mitigation 和 threat intelligence strategies even further to continue to stay a step ahead of attackers.
数码风险保障如何运作?
DRP的工作原理是利用从 网络威胁情报(CTI) 监测以突出可操作和具体的保护措施. CTI 监控ing uses data from multiple sources to build a snapshot of the threat l和scape. This can identify emerging threats against organizations 和 allow proactive mitigation before attacks occur.
DRP平台使用智能算法加上多种侦察方法进行查找, track, 并实时分析威胁. 使用这两种 妥协指标(ioc) 攻击指标(IOAs)情报, a DRP solution can analyze risks 和 warn security teams of potential or imminent attacks.
The data h和ling 和 analysis capabilities of DRP systems prevent security teams from being overwhelmed by intelligence data 和 therefore overlooking a relevant threat. 他们可以不断地找到, 监控, 并实时降低针对组织数字资产的风险.
A DRP system should also be able to simplify workflows through advanced investigation 和 mapping capabilities that can create highly contextualized alerts, 将分析师从筛选噪音中解放出来. 企业和安全组织是, 毕竟, looking to drive forward underlying goals 和 broader initiatives; there is no way for an organization to pause its digital footprint from evolving.
因此, an effective DRP platform must also work to evolve alongside a security organization 和 business, identifying new potential attack vectors 和 anticipating the next area of exposure along a network 和 its systems.
数字风险保护的四个象限
DRP需要采取多方面的方法. 下面列出的四个象限结合起来提供有效的DRP解决方案.
Map
Underst和ing the digital attack surface is essential to determine how 和 where threat actors might strike. This includes an assessment of digital assets 和 helps to create a foundation for how a security organization 监控s suspicious threat activity.
监控
DRP解决方案将数百万个数据点转化为可操作的商业智能. 这是通过多维威胁分析完成的, 数字足迹语境化, 以及威胁进化跟踪.
减轻
Automating the threat mitigation process with a DRP solution enables an organization to extend security support to other departments 和 company initiatives.
管理
这指的是管理DRP解决方案以及实现策略, 额外的威胁研究, 人类的智慧, 丰富ioc并优先处理漏洞.
数字风险保护用例
Effective DRP deployment can ease the security burden 和 enable teams to focus on essential business tasks. Let’s take a look at examples of how DRP built on comprehensive CTI can make life easier for IT professionals.
网络钓鱼检测
网络钓鱼 威胁参与者最常用的攻击媒介是什么. 跟踪网络钓鱼指标-注册域名, 邮件交换(MX)记录更改, DNS reputation – with DRP can identify planned 网络钓鱼诈骗 和 enable the takedown of impostor domains 和 sites.
贵宾及行政人员保护
鱼叉式网络钓鱼 以组织内的真实用户为目标的做法很普遍. DRP可以识别欺骗计划并保护属于vip的数字资产, 高管, 和其他人员.
缺陷优先级
CTI和DRP收集和分析的安全数据量一直在增加. DRP uses intelligent algorithms to automatically sift through this data 和 prioritize alerts for security teams. 重点放在最紧迫和最紧迫的威胁指标上.
暗网监控
大多数恶意网络攻击计划和活动发生在 黑暗的网络. DRP解决方案监控讨论和计划犯罪活动的所有场所, 使该过程对识别和减轻威胁至关重要.
品牌保护
品牌是有价值的. DRP监视域 欺骗 以及通过使用品牌或相近的类似物进行IP地址欺骗. Taking down these illicit activities protects a business' IT systems 和 its reputation.
防欺诈保护
DRP监控非法金融和敏感数据拍卖. 有价值的数据在暗网上出售,用于网络钓鱼和其他攻击, 这意味着监控这种活动是至关重要的.
恶意应用识别
威胁行为者敏锐地意识到,移动应用程序对现代商业至关重要, which is why they steal consumer data by deploying fake apps designed to mimic real apps. DRP可以监控并突出显示这些恶意移动应用程序.
自动威胁缓解
对已查明的威胁作出快速反应是必不可少的. Automating responses based on predefined criteria delivers better security for both users 和 data.
泄露凭证监控
被盗的登录和其他访问凭证对于威胁参与者来说是宝贵的资产. DRP solutions 监控 the web for references to leaked credentials 和 alert security professionals upon discovery.
敏感数据泄漏监测
泄露的数据对于威胁行为者来说也是很有价值的. DRP监控有关数据泄露的讨论, 和 will alert when any references to an organization’s data are found on the web or 黑暗的网络. 这在包含复杂数据集的大型数据泄露中特别有用.
供应链风险保护
大多数组织都有广泛的物理和数字供应链. DRP can 监控 for references to the systems used by suppliers so that there is less of a likelihood a breach occurs via a trusted-yet-unwitting supply partner with access to the business’ network.
数码风险保障服务
通过寻找安全服务提供商来帮助管理DRP程序, organizations can realize time-saving benefits that enable analysts to focus on larger issues affecting the business. 但是我应该怎么做呢? 安全运营中心(SOC) 在寻找正确的时候要寻找 管理数字风险保护 (MDRP)提供者?
- 分析: Manual 和 time-consuming processes can hinder the productivity of security personnel. Hours spent analyzing risk signals on the 黑暗的网络 or a web-based Git repository can easily be offloaded to an MDRP that brings expertise to tackle issues faster.
- 伙伴关系在战壕中度过数小时/数天/数周后, an MDRP provider should be able to come back with clear 和 actionable insights to share with a client 和 collaborate on a plan to move forward.
- ROI:如果一个组织找到了符合其特定需求的合适合作伙伴, ROI可能会及时跟进. 固定的牙套会, 当然, 转到MDRP提供商, 但随着效率的提高,这项服务很可能会收回成本,然后再收回成本.
- 风险的理解: Security organizations will gain rapid 和 unprecedented visibility into their risk profiles 和 the benefits this can impart to the overall business, 特别是作为一个提供商,可以帮助减轻威胁,比如 数据泄漏在面临威胁时确保品牌声誉.
- 业务成果:最后, 通过假设风险分析和保护的权重, an MDRP provider will be able to help their clients take a more proactive stance when it comes to risk mitigation. It isn’t enough to react in this modern threat environment; organizations must be proactive in increasingly intelligent ways.
阅读更多关于数字风险保护的信息