usb物理端点和逻辑端点
Ransomware attack continues to loom large as a threat, cybercriminals evolving ever sophisticated approaches to target the organizations across industry and government agencies, no one is untouched it’s only a matter of time.
勒索软件攻击继续以威胁的形式出现,网络犯罪分子不断发展复杂的方法来针对行业和政府机构的组织,没有人碰它,这只是时间问题。
It’s becoming challenging for security & compliance teams to protect the enterprise assets and data from cyber-attacks. The killing of Iranian IRGC Quds Force commander has taken full cybersecurity space across the industry, government leaders are starting the year on high alert for Iranian cyberattacks retaliating for the U.S military strike that killed the top Iranian leaders.
对于安全和合规团队来说,保护企业资产和数据免受网络攻击正变得越来越具有挑战性。 伊朗IRGC Quds Force指挥官被杀已在整个行业中占据了全部网络安全空间,政府领导人正开始高度警惕伊朗网络攻击,以报复为杀害伊朗最高领导人的美军罢工。
Most of the cyber-attacks that transpired today start at the endpoint, despite enterprises spending a lot to protect their assets. Regardless of the motive, such as financial gain, geopolitical conflicts or espionage activities — no matter what latest or greatest cybersecurity protection that an enterprise has invested into to protect the organization, if an endpoint is not properly protected & present any vulnerabilities then this is the low hanging fruit that the cybercriminals go after to step into the enterprise. Once an endpoint is compromised then it is easy to go for Cybercriminals to lateral movement around the network and get hold-of “Crown Jewels” hosting business-sensitive & customer data that they’re behind.
尽管企业花费大量时间保护自己的资产,但今天发生的大多数网络攻击还是始于端点。 无论动机是什么,例如财务收益,地缘政治冲突或间谍活动-无论企业为保护组织投入了什么最新或最大的网络安全保护,如果端点没有得到适当的保护并存在任何漏洞,那么这就是网络罪犯进军企业后的低挂果实。 一旦端点受到威胁,网络罪犯就可以轻松地在网络中横向移动,并获得“皇冠珠宝”的控制权,以托管他们所落后的对业务敏感的客户数据。
The speculation around Iran’s cyberattack is one of the events that freshly started with 2020, though there is a lot to come, such as the upcoming US election that will be country’s most prominent cybersecurity test ever before as we all know debates on last election and Russians interference.
关于伊朗网络攻击的猜测是从2020年开始的新事件之一,尽管还有很多事情要发生,例如即将到来的美国大选将是该国有史以来最重要的网络安全测试,因为我们都知道上次大选和俄罗斯人的辩论干扰。
According to the IDC findings, 70 percent of successful breaches originate from the endpoint. The JP Morgan breach, which exposed half of U.S. households and millions of small businesses, started with a compromised endpoint.
根据IDC的调查结果,成功违规的70%来自端点。 JP摩根大通的违规行为始于受到损害的端点,该违规事件暴露了一半的美国家庭和数百万家小型企业。
Endpoints are the weakest link in the enterprise network security. Endpoint devices include a laptop, desktops, mobile devices, point-of-sale (POS) devices and IoT devices that connect to the network and access and/or process the enterprise business-critical data. The workplace is changing as businesses embrace digital transformation and a new way of working from anywhere and anytime, keeping sensitive data safe is growing the challenge for the enterprises.
端点是企业网络安全性中最薄弱的环节。 端点设备包括笔记本电脑,台式机,移动设备,销售点(POS)设备和IoT设备,这些设备连接到网络并访问和/或处理企业关键业务数据。 随着企业接受数字化转型以及随时随地的新工作方式,工作场所正在发生变化,保持敏感数据的安全对企业构成了越来越大的挑战。
Cybercriminals are today trying to get into the organizations by compromising the endpoints and using technologies powered by AI and machine learning capabilities, the threat landscape is continuing to grow in its complexity and sophistication. 71 percent of data breaches were motivated by financial gain per Verizon’s 2019 data breach investigation report, the findings further indicate that financial gain is still the most common motive behind data breaches where a motive is known or applicable.
如今,网络犯罪分子正试图通过破坏端点并使用由AI和机器学习功能提供支持的技术来进入组织,威胁形势在其复杂性和复杂性方面持续增长。 根据Verizon的2019年数据泄露调查报告,有71%的数据泄露是出于财务收益的动机,调查结果进一步表明,在已知或适用的动机下,财务收益仍然是数据泄露背后的最常见动机。
The common threat that targets the endpoints:
针对端点的常见威胁:
· Malware, any software or code developed for the purpose of compromising or harming information assets without the owner’s informed consent
·未经所有者的知情同意,为损害或损害信息资产而开发的恶意软件,任何软件或代码
· Social, tactics employing deception, manipulation, intimidation, etc. to exploit the human element, or users, of endpoints assets
·利用欺骗,操纵,恐吓等手段来利用端点资产的人为因素或用户的社会,战术
· Advanced Persistent Threat (APT), An Advanced Persistent Threat is a stealthy computer network threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period
·高级持久威胁(APT),高级持久威胁是计算机网络的隐身威胁参与者,通常是一个国家或州赞助的团体,可以未经授权地访问计算机网络,并且在很长一段时间内未被发现
· Ransomware, a type of malicious software, or malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website
·勒索软件,一种恶意软件,或旨在拒绝对计算机系统或数据进行访问直到勒索赎金的恶意软件。 勒索软件通常通过网络钓鱼电子邮件或在不知情的情况下访问受感染的网站进行传播
Endpoint Security Challenges:
端点安全挑战:
An organization must protect every single endpoint in the network, while cybercriminals only need to compromise one to get success.
一个组织必须保护网络中的每个端点,而网络罪犯只需要妥协一个端点即可获得成功。
1. The endpoint continues to grow as the organization grows and hires new employees and contractors.
1.随着组织的发展以及雇用新员工和承包商的发展,端点不断增长。
2. According to the recent findings, 42 percent of endpoints are unprotected at any given time, the study indicates that increasing security spending does not provide adequate protection.
2.根据最近的发现,有42%的端点在任何给定时间都没有受到保护,该研究表明,增加安全支出并不能提供足够的保护。
3. Misconfigurations and employee mistakes contribute to breaches — 84% of organizations say spear-phishing attacks successfully compromised them.
3.错误的配置和员工的错误是造成漏洞的原因-84%的组织表示,鱼叉式网络钓鱼攻击已成功地破坏了它们。
4. Due to large endpoint footprint and legacy endpoint protection solutions that were implemented a few years back failed to provide protection from today’s evolving threats.
4.由于几年前实施的大型端点足迹和传统端点保护解决方案无法提供针对当今不断发展的威胁的保护。
5. Some industry’s processes are still followed old traditional water-fall approaches when it comes to upgrading new solutions or technology implementation which take years for them to be able to operationalize the new technology or solution by that time the solution that was selected becomes outdated.
5.在升级新解决方案或技术实施时,某些行业的流程仍遵循旧的传统瀑布方法,而当选择的解决方案过时时,他们需要花费数年的时间才能使新技术或解决方案投入运营。
6. The traditional or legacy endpoint security solution not only fall short on providing the protection from evolving threats, but they also generate a high volume of alerts and organization don’t have enough resources & time to look and investigate every single alert that comes out from these legacy endpoint security solutions.
6.传统或旧式端点安全解决方案不仅不能提供针对不断发展的威胁的保护,而且还会生成大量警报,并且组织没有足够的资源和时间来查看和调查发出的每个警报从这些旧式端点安全解决方案中获取。
7. Organizations don’t have visibility across the environment in order to address the open vulnerability that may present on the endpoint due to the lack of asset management or configuration management database (CMDB) practices.
7.由于缺乏资产管理或配置管理数据库(CMDB)的实践,组织无法解决整个环境的可见性,无法解决端点上可能存在的开放漏洞。
8. Almost every organization today faces inhouse skills and security expertise when it comes to managing the exiting solution or opportunities to transition these legacy solutions into next-generation endpoint security solutions.
8.在管理现有解决方案或将这些旧解决方案过渡到下一代端点安全解决方案的机会方面,当今几乎每个组织都面临内部技能和安全专业知识。
9. Research points that the users are significantly susceptible to social attacks and cyber criminals targeting endpoint (a laptop or mobile devices) using the email-based spear phishing, spoofing attacks that attempt to mimic legitimate webpages, as well as attacks via social media.
9.研究表明,用户使用基于电子邮件的鱼叉式网络钓鱼,试图模仿合法网页的欺骗性攻击以及通过社交媒体进行的攻击,极易受到社交攻击和针对端点(笔记本电脑或移动设备)的网络犯罪分子的攻击。
Time to Re-design Endpoint Security Strategy — Think beyond traditional approaches.
是时候重新设计端点安全策略了-超越传统方法的思考。
Cyberattacks are growing in complexity and becoming hard to prevent and continue to accelerate. It’s time to think beyond traditional endpoint technology focused on signature-based prevention. Today’s malware changes daily and hourly basis and making signature-based prevention tools are becoming obsolete. Today we need an integrated threat prevention solution powered by AI & Machine earning models to detect & block malware infections with additional security controls to provide protection against script-based, fileless, memory exploits and zero-day attacks, and be able to detect a threat in the environment if the protection layer fails — to contain the threat and minimize the damage.
网络攻击的复杂性越来越大,难以预防,而且还在继续加速。 现在是时候超越传统的端点技术来关注基于签名的预防了。 当今的恶意软件每天和每小时都在变化,并且使基于签名的预防工具变得过时了。 如今,我们需要一个由AI和机器收入模型支持的集成威胁防御解决方案,以检测和阻止恶意软件感染以及其他安全控件,以提供针对基于脚本的,无文件,内存利用和零时差攻击的保护,并能够检测到威胁在保护层失效的环境中-遏制威胁并使损害最小化。
To address the growing cyber-attacks on the enterprise, endpoint security needs to be integrated into the overall cybersecurity plans to be more effective providing prevention, detection and response to the attacks in real-time and provide effective compliance reporting. An organization must be able to isolate, secure, and always control every endpoint on the network and be able to design the solution with Zero Trust strategy — validate before trusting an endpoint in the network. BYOD is another endpoint that is coming along due to the change in the way we live and work in today’s fast changes workspace environment. The organization should not trust employee’s own laptops or mobile devices without putting require protection and monitoring capabilities. The BYOD devices come with an extra risk to enterprises if an attacker could compromise it while the user is connected to the enterprise network.
为了应对不断增长的企业网络攻击,需要将端点安全性集成到整体网络安全计划中,以更有效地提供实时的预防,检测和响应攻击,并提供有效的合规报告。 组织必须能够隔离,保护并始终控制网络上的每个端点,并且能够使用零信任策略设计解决方案-在信任网络中的端点之前进行验证。 BYOD是由于我们在当今快速变化的工作空间环境中生活和工作方式的变化而出现的另一个端点。 如果没有要求的保护和监视功能,组织不应信任员工自己的笔记本电脑或移动设备。 如果攻击者在用户连接到企业网络时对其进行破坏,则BYOD设备将给企业带来额外的风险。
翻译自: https://medium.com/swlh/endpoint-security-the-foundation-to-cybersecurity-d05295a37236
usb物理端点和逻辑端点