检测至关重要——工业网络安全计划中威胁检测的务实方法.pdf

《检测至关重要——工业网络安全计划中威胁检测的务实方法.pdf》由会员分享，可在线阅读，更多相关《检测至关重要——工业网络安全计划中威胁检测的务实方法.pdf（14页珍藏版）》请在三个皮匠报告上搜索。

1、DETECTIONis a mustC:whoamiAustin ScottDirector of DetectionDragoshttps:/ Prevention Vs ICS DetectionBetter to focus on prevention andjust doing the basics like asset management to get the best ROIThreat Detection generates too much noise and false positives,wasting already limited resources.You Cant

2、 ProtectWhat You Cant SeeA lot of the ransomware cases we get called into literally didnt know what was in their network.They had no visibility and no asset identificationICS IncidentResponseTriggers IRDefensibleArchitectureICS NetworkVisibilitySecureRemote AccessVulnerabilityManagement12345Validate

3、s SegmentationTells The ICS StoryUnauthorized AccessVulnerability ExploitationDetection+SANS 5 Critical Controls for ICSBAUXITE+Sophos Firewall (CVE-2022-3236,CVE-2022-1040)BAUXITE exploited specific Sophos Firewall vulnerabilities,notably CVE-2022-3236 and CVE-2022-1040,to plant the IOControl backd

4、oorApril2024When Prevention FailsHELLDOWN+Zyxel Firewalls(CVE-2023-28771)Unauthenticated command injection allowing remote code execution.Exploited by HELLDOWN in August 2024,targeting manufacturing with leaked Lockbit builder.May2024VOLTZITE+Cisco,Fortinet,Ivanti,F5,SonicWall,PaloAltoHas utilized 0

5、-days used by other PRC adversariesQuickly Integrate and then target devices from released POCs for remote access assets or other internet-exposed assetsAugust2023May2025PARASITE+Credential Stuffing+ZKTeco(CVE-2023-38950)Stolen VPN administrator credentials Exploited publicly facing ZKTeco BioTime v

6、8.5.5 software *Source:Dragos WorldviewRecent Critical Firewall Vulnerabilities FortinetCVE-2022-406849.8(Critical)CVE-2022-424759.3(Critical)CVE-2022-413287.1(High)CVE-2023-256109.3(Critical)CVE-2023-279979.8(Critical)CVE-2023-226397.8(High)CVE-2023-280019.8(Critical)CVE-2023-333089.8(Critical)CVE-