"Read, read, read. Read everything—trash, classics, good and bad, and see how they do it. Just like a carpenter who works as an apprentice and studies the master. Read! You'll absorb it" Opinions Are My Own
"Read, read, read. Read everything—trash, classics, good and bad, and see how they do it. Just like a carpenter who works as an apprentice and studies the master. Read! You'll absorb it" Opinions Are My Own
流量是座大宝藏,对于传统安全场景,流量分析不是替换传统方法,而是互补和结合,“流量+”也会将企业的安全能力带上一个新台阶。但事无完美,流量层也存在硬伤:加密问题。随着https普及以及http2、QUIC特性的使用,传统网络层看到的将是一串加密二进制数据,不再是http下的明文字符,基于黑特征的检测拦截能力都将失效(上面我们提到的网络层WAF方案的弊端)。解决办法是将流量接入层下移,比如位于接入网关GW/LB解密卸载之后;同时对于某些场景,需要降低对黑特征、关键字的依赖,综合利用大数据、AI等手段,构建基于行为的检测机制,比如木马主控C&C行为的发现。
Comments