TRADITIONAL STATIC SECURITY APPROACHES

AND ARCHITECTURES BASED ON SECURITY CONTROLS, PREVENTATIVE TECHNOLOGIES AND PERIODIC STRATEGY REVIEWS ARE NOW OUTDATED

File to Fileless

Abnormal to Normal

Malicious to Neutral

12

• Invisible Attacks

• VPN, AD, PtH, PtT

• Invisible Network Traffic

• Google Drive, Dropbox

• Invisible Malware

• Task schedule, Wmi , Powershell

Low visibility of Cyber Threats

30

34

• https://www.facebook.com/HITCON/videos/1245856318779021/

資安問題本質上是一個風險問題

The target will always be a target, so we should coexist with the threat, and deal with the cyber investigation more adaptively and effectively.

42

An Intelligence-Driven Approach to Cyber Defense

https://hitcon.org/2016/pacific/agenda.htm

45

ATT&CK Matrix

https://attack.mitre.org/

ATT&CK Groups

https://attack.mitre.org/

47

Structured Threat Information eXpression

49

Machine-readable threat intelligence

Not able to generate IOCs

able to generate IOCs

Closed threat intelligence(organization)

Thank YouFOR LESSENING