实施自动化安全控制以防御零日漏洞.pdf

《实施自动化安全控制以防御零日漏洞.pdf》由会员分享，可在线阅读，更多相关《实施自动化安全控制以防御零日漏洞.pdf（23页珍藏版）》请在三个皮匠报告上搜索。

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C O P 3 4 4Implementing Automated Security Controls for Zero-Day DefenseWalid Alkassabgy(he/him)Senior Technical Account ManagerAWSMegan Velez Rivera(she/her)Senior

2、Solutions ArchitectAWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AgendaWhat is a zero-day vulnerability?Why are zero-day vulnerabilities challenging?What tools can you use?2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its

3、affiliates.All rights reserved.“A zero-day vulnerability is a software vulnerabilitydiscovered by attackers before the vendor has become aware of it.Because the vendors are unaware,no patch exists for zero-day vulnerabilities,making attacks likely to succeed.”-Kaspersky 2025,Amazon Web Services,Inc.

4、or its affiliates.All rights reserved.Lifecycle of a zero-day attack 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Lifecycle of a zero-day attackVULNERABILTY INTRODUCEDVULNERABILITY DISCOVEREDVULNERABILITY DISCLOSEDVENDOR DEVELOPS A FIXVENDOR RELEASES PATCHPATCH DEPLOYMENT COMPL

5、ETE&VERIFIED 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Lifecycle of a zero-day attackVULNERABILTY INTRODUCEDVULNERABILITY DISCOVEREDVULNERABILITY DISCLOSEDVENDOR DEVELOPS A FIXVENDOR RELEASES PATCHPATCH DEPLOYMENT COMPLETE&VERIFIEDEXPLOITRELEASED 2025,Amazon Web Services,Inc

6、.or its affiliates.All rights reserved.Lifecycle of a zero-day attackVULNERABILTY INTRODUCEDVULNERABILITY DISCOVEREDVULNERABILITY DISCLOSEDVENDOR DEVELOPS A FIXVENDOR RELEASES PATCHPATCH DEPLOYMENT COMPLETE&VERIFIEDEXPLOITRELEASED 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Li