随着APT攻击事件的日益增多,其组织化、潜伏性、持续性、利用0day漏洞的攻击特点,导致目前大多数企业采用的传统信息安全防护体系难以奏效.本文依据对典型APT攻击事件过程的分析,提炼出的被攻击者安全防护体系的薄弱环节,并依据业界最新提出的PPDR安全防护体系建设理论,结合作者多年工作实际经验,阐述了传统信息安全防护体系的未来建设发展的目标与方法,实现从静态特征检测到动态异常检测的转变、从边界防护向全网防护的转变、从被动防御到充分利用威胁情报进行主动防护的转变.%With the increasing number of APT attacks,the majority of enterprises using the traditional information security protection system is difficult to defend such attacks, because APT attackers usually use of 0day vulnerabilities and ambush for a long time.Based on the analysis of the typical APT attack process, this paper discuss the weakness of the traditional cyber attack protection system. According to the latest PPDR cyber attack protection system construction theory, combined with years of the author's work experience, we discuss the changes we should make for the traditional information attack protection system with the fresh goal and method, including the changes from static feature detection to dynamic anomaly detection, the changes from the border protection to the whole network protection, and the changes from passive defense to full use of threat intelligence for active protection.
展开▼
