=Start=<\/p>\n\n\n\n
\u6574\u7406\u4e00\u4e0b\u6700\u8fd1\u770b\u5230\u76842\u7bc7\u4e0d\u9519\u7684\u6587\u7ae0\uff0c\u65b9\u4fbf\u540e\u9762\u6709\u9700\u8981\u7684\u65f6\u5019\u53c2\u8003\u3002<\/p>\n\n\n\n
\u5982\u679c\u4e0d\u4e86\u89e3\u7f51\u7edc\u653b\u51fb\u8005\u5c06\u4f1a\u8ffd\u6c42\u4ec0\u4e48<\/strong>\uff0c\u9700\u8981\u4ece\u4e86\u89e3\u73af\u5883\u5f00\u59cb\uff0c\u4ece\u4e86\u89e3\u4ed6\u4eec\u5c06\u8981\u505a\u4ec0\u4e48\u5f00\u59cb\u3002\u4e86\u89e3\u73af\u5883\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u968f\u65f6\u89c2\u5bdf\u4e00\u5207\uff0c\u5e76\u786e\u4fdd\u62e5\u6709\u6574\u4e2a\u73af\u5883\u7684\u5e7f\u6cdb\u53ef\u89c1\u6027<\/strong>\u3002<\/p>\n\n\n\n \u786e\u4fdd\u5728\u73af\u5883\u4e2d\u91c7\u53d6\u4e86\u4fdd\u62a4\u63aa\u65bd<\/strong>\u3002\u4ece\u5f00\u53d1\u4eba\u5458\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u786e\u4fdd\u4e86\u89e3\u6b63\u5728\u7ba1\u7406\u7684\u6f0f\u6d1e\u3001\u81ea\u5df1\u77e5\u9053\u7684\u6f0f\u6d1e\u3001\u7b2c\u4e09\u65b9\u77e5\u9053\u7684\u6f0f\u6d1e\uff0c\u5e76\u91c7\u7528\u9002\u5f53\u7684\u6d41\u7a0b<\/strong>\u9002\u5f53\u5730\u7ba1\u7406\u5b83\u4eec\u3002<\/p>\n\n\n\n &<\/p>\n\n\n\n One of the first lessons that everybody should be aware of is the level of a threat actor. The nation-state is not some movie prop. It\u2019s a very real threat actor that is patient, extremely thoughtful, on a mission, and very quiet in the environment. All those things that make them hard to discover and hard to combat is that adversary that we faced today. [Those same models] will start shifting to organized crime.<\/p>\n\n\n\n If you don\u2019t understand what [adversaries] would be after, start there. Start by understanding your environment, start by understanding what they would be after, start by doing that quick visibility into your environment, so that you\u2019re watching everything at every moment, and make sure that you do have broad ranges of visibility across the environment.<\/p>\n\n\n\n Make sure that you have the safeguards installed into your environment. From a development perspective, [make sure] that you\u2019re managing vulnerabilities, ones that you know about, ones that third parties know about, and that you have a process in place to be able to manage them appropriately.<\/p>\n\n\n\n One of the lessons is, no matter how much you practice [incident response], it\u2019s going to be different. When something of this level happens, you just need to be ready with your processes and procedures. We were there until two in the morning every morning for two weeks, simply because there\u2019s just so much to do.<\/p>\n\n\n\n Have the right people on speed dial; you can\u2019t do everything yourself. When you get something like this level, bring in folks that have done it before. From a messaging perspective, from a response perspective, from an investigation perspective, all those things require having skilled people involved who have been through it before.<\/p>\n\n\n\n About a year before the incident, we put a process in place that every security bug, whether it\u2019s recorded externally, by our tools, or somewhere else, [becomes] a Jira ticket, just like regular bugs, but it gets a security tag, CVSS score. My security team monitors those. If they don\u2019t meet our internal SLA for resolution, they go through our RAF (risk assessment form) process, where I have to sign off on the risk and the head of engineering signs off on the risk. That raises the level of how you deal with vulnerabilities in the product to an appropriate level to make decisions on whether something is fixed and how it gets fixed.<\/p>\n\n\n\n Have processes in place that make sure that you are at a moving forward on the vulnerability front, because it won\u2019t necessarily be the threat actor is coming into your environment and changing code like they did in ours. It could be a threat actor discovering zero days in your products and being able to take advantage of those. So, make sure you have coverage in both of those areas.<\/p>\n\n\n\n \u9996\u5148\uff0c\u6bcf\u4e2a\u4eba\u90fd\u5e94\u8be5\u4e86\u89e3\u5a01\u80c1\u884c\u4e3a\u8005\u7684\u7ea7\u522b<\/strong>\u3002\u6c11\u65cf\u56fd\u5bb6\u4e0d\u662f\u4ec0\u4e48\u7535\u5f71\u9053\u5177\u3002\u5b83\u662f\u4e00\u4e2a\u975e\u5e38\u771f\u5b9e\u7684\u5a01\u80c1\u884c\u4e3a\u4f53\uff0c\u6709\u8010\u5fc3\u3001\u8003\u8651\u5468\u5168\u3001\u6709\u4f7f\u547d\u611f<\/strong>\uff0c\u5728\u6267\u884c\u4efb\u52a1\u65f6\uff0c\u5728\u73af\u5883\u4e2d\u975e\u5e38\u5b89\u9759\u3002\u6240\u6709\u8fd9\u4e9b\u4f7f\u5f97\u4ed6\u4eec\u5f88\u96be\u88ab\u53d1\u73b0\uff0c\u4e5f\u5f88\u96be\u88ab\u6253\u8d25\uff0c\u8fd9\u5c31\u662f\u6211\u4eec\u4eca\u5929\u9762\u4e34\u7684\u5bf9\u624b\u3002(\u8fd9\u4e9b\u76f8\u540c\u7684\u6a21\u5f0f)\u5c06\u5f00\u59cb\u8f6c\u5411\u6709\u7ec4\u7ec7\u72af\u7f6a\u3002<\/p>\n\n\n\n \u5982\u679c\u4f60\u4e0d\u4e86\u89e3[\u5bf9\u624b]\u7684\u76ee\u6807\u662f\u4ec0\u4e48\uff0c\u90a3\u5c31\u4ece\u8fd9\u91cc\u5f00\u59cb\u3002\u4ece\u4e86\u89e3\u4f60\u7684\u73af\u5883\u5f00\u59cb\uff0c\u4ece\u4e86\u89e3\u4ed6\u4eec\u7684\u76ee\u6807\u5f00\u59cb<\/strong>\uff0c\u4ece\u5feb\u901f\u4e86\u89e3\u4f60\u7684\u73af\u5883\u5f00\u59cb\uff0c\u8fd9\u6837\u4f60\u5c31\u80fd\u5728\u6bcf\u65f6\u6bcf\u523b\u76d1\u89c6\u7740\u4e00\u5207\uff0c\u5e76\u786e\u4fdd\u4f60\u5728\u6574\u4e2a\u73af\u5883\u4e2d\u62e5\u6709\u5e7f\u6cdb\u7684\u53ef\u89c1\u6027<\/strong>\u3002<\/p>\n\n\n\n \u786e\u4fdd\u5728\u73af\u5883\u4e2d\u5b89\u88c5\u4e86\u9632\u62a4\u63aa\u65bd\u3002\u4ece\u5f00\u53d1\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u786e\u4fdd\u4f60\u6b63\u5728\u7ba1\u7406\u6f0f\u6d1e<\/strong>\uff0c\u90a3\u4e9b\u4f60\u77e5\u9053\u7684\u6f0f\u6d1e\uff0c\u90a3\u4e9b\u7b2c\u4e09\u65b9\u77e5\u9053\u7684\u6f0f\u6d1e\uff0c\u5e76\u4e14\u4f60\u6709\u4e00\u4e2a\u80fd\u591f\u9002\u5f53\u7ba1\u7406\u5b83\u4eec\u7684\u6d41\u7a0b\u3002<\/p>\n\n\n\n \u5176\u4e2d\u4e00\u4e2a\u6559\u8bad\u662f\uff0c\u65e0\u8bba\u4f60\u7ec3\u4e60\u591a\u5c11\u6b21(\u4e8b\u4ef6\u54cd\u5e94)\uff0c\u7ed3\u679c\u90fd\u4f1a\u6709\u6240\u4e0d\u540c\u3002\u5f53\u8fd9\u79cd\u7ea7\u522b\u7684\u4e8b\u60c5\u53d1\u751f\u65f6\uff0c\u4f60\u53ea\u9700\u8981\u51c6\u5907\u597d\u4f60\u7684\u6d41\u7a0b\u548c\u7a0b\u5e8f<\/strong>\u3002\u8fde\u7eed\u4e24\u5468\uff0c\u6211\u4eec\u6bcf\u5929\u65e9\u4e0a\u90fd\u5728\u90a3\u91cc\u5f85\u5230\u51cc\u6668\u4e24\u70b9\uff0c\u56e0\u4e3a\u6709\u592a\u591a\u4e8b\u60c5\u8981\u505a\u3002<\/p>\n\n\n\n \u628a\u5408\u9002\u7684\u4eba\u653e\u5728\u5408\u9002\u7684\uff08\u5feb\u901f\u54cd\u5e94\u7684\uff09\u4f4d\u7f6e\u4e0a\uff0c\u4f60\u4e0d\u53ef\u80fd\u4e8b\u4e8b\u4eb2\u529b\u4eb2\u4e3a<\/strong>\u3002\u5f53\u4f60\u9047\u5230\u8fd9\u79cd\u60c5\u51b5\u65f6\uff0c\u8bf7\u627e\u4e00\u4e9b\u6709\u7ecf\u9a8c\u7684\u4eba\u3002\u4ece\u4fe1\u606f\u4f20\u9012\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u4ece\u56de\u5e94\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u4ece\u8c03\u67e5\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u6240\u6709\u8fd9\u4e9b\u90fd\u9700\u8981\u6709\u7ecf\u9a8c\u4e30\u5bcc\u7684\u6280\u672f\u4eba\u5458\u53c2\u4e0e<\/strong>\u3002<\/p>\n\n\n\n \u5927\u7ea6\u5728\u4e8b\u4ef6\u53d1\u751f\u524d\u4e00\u5e74\uff0c\u6211\u4eec\u5236\u5b9a\u4e86\u4e00\u4e2a\u6d41\u7a0b\uff0c\u6bcf\u4e2a\u5b89\u5168\u6f0f\u6d1e\uff0c\u65e0\u8bba\u662f\u5916\u90e8\u8bb0\u5f55\u7684\u3001\u6211\u4eec\u7684\u5de5\u5177\uff0c\u8fd8\u662f\u5176\u4ed6\u5730\u65b9\uff0c\u8981\u53d8\u6210\u4e00\u4e2aJira\u7968\u636e\uff0c\u5c31\u50cf\u666e\u901a\u7684\u6f0f\u6d1e\u4e00\u6837\uff0c\u4f46\u5b83\u5f97\u5230\u4e86\u4e00\u4e2a\u5b89\u5168\u6807\u7b7e\u3001CVSS\u5206\u6570\u3002\u6211\u7684\u5b89\u5168\u56e2\u961f\u4f1a\u76d1\u89c6\u8fd9\u4e9b\u3002\u5982\u679c\u4ed6\u4eec\u4e0d\u7b26\u5408\u6211\u4eec\u5185\u90e8SLA\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u4ed6\u4eec\u5c06\u901a\u8fc7\u6211\u4eec\u7684RAF(\u98ce\u9669\u8bc4\u4f30\u8868)\u8fc7\u7a0b\uff0c\u5728\u90a3\u91cc\u6211\u5fc5\u987b\u5728\u98ce\u9669\u4e0a\u7b7e\u5b57\uff0c\u5de5\u7a0b\u4e3b\u7ba1\u5728\u98ce\u9669\u4e0a\u7b7e\u5b57\u3002\u8fd9\u5c06\u60a8\u5982\u4f55\u5904\u7406\u4ea7\u54c1\u4e2d\u7684\u6f0f\u6d1e\u63d0\u5347\u5230\u4e00\u4e2a\u9002\u5f53\u7684\u6c34\u5e73\uff0c\u4ee5\u51b3\u5b9a\u662f\u5426\u4fee\u590d\u4ee5\u53ca\u5982\u4f55\u4fee\u590d\u3002<\/p>\n\n\n\n \u6709\u9002\u5f53\u7684\u6d41\u7a0b\uff0c\u4ee5\u786e\u4fdd\u60a8\u5728\u6f0f\u6d1e\u65b9\u9762\u53d6\u5f97\u8fdb\u5c55<\/strong>\uff0c\u56e0\u4e3a\u4e0d\u4e00\u5b9a\u662f\u5a01\u80c1\u884c\u4e3a\u8005\u8fdb\u5165\u60a8\u7684\u73af\u5883\u5e76\u66f4\u6539\u4ee3\u7801\uff0c\u5c31\u50cf\u4ed6\u4eec\u5728\u6211\u4eec\u7684\u73af\u5883\u4e2d\u6240\u505a\u7684\u90a3\u6837\u3002\u5b83\u53ef\u80fd\u662f\u4e00\u4e2a\u5a01\u80c1\u884c\u4e3a\u8005\u5728\u4f60\u7684\u4ea7\u54c1\u4e2d\u53d1\u73b0\u4e86\u96f6\u65e5\u6f0f\u6d1e\uff0c\u5e76\u80fd\u591f\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u3002\u6240\u4ee5\uff0c\u786e\u4fdd\u4f60\u5728\u8fd9\u4e24\u4e2a\u9886\u57df\u90fd\u6709\u8986\u76d6\u3002<\/p>\n\n\n\n \u5b9e\u9645\u4e0a\uff0c\u5e76\u4e0d\u662f\u5b89\u5168\u6ca1\u6709\u53d1\u5c55\uff0c\u800c\u662f\u653b\u5b88\u65b9\u9762\u4e0d\u5e73\u7b49\u3002\u201c\u4f20\u7edf\u5b89\u5168\u9632\u62a4\u624b\u6bb5\u5728\u9632\u62a4\u5df2\u77e5\u7684\u653b\u51fb\u7c7b\u578b\u65f6\u975e\u5e38\u6709\u6548\uff0c\u4f46\u9ed1\u5ba2\u7684\u653b\u51fb\u624b\u6cd5\u8d8a\u6765\u8d8a\u9690\u853d\u548c\u590d\u6742\uff0c\u9ed1\u4ea7\u8d8a\u6765\u8d8a\u4e13\u4e1a\u5316\u3001\u96c6\u56e2\u5316\u201d\uff0cUCloud\u5b89\u5168\u4e13\u5bb6\u5b97\u6cfd\u8868\u793a\uff0c\u201c\u8fd9\u662f\u4f20\u7edf\u5b89\u5168\u65b9\u6848\u5f88\u96be\u6d89\u53ca\u5230\u7684\u3002\u201d\u4ed6\u900f\u9732\uff0c\u5a92\u4f53\u62a5\u9053\u7684\u4e8b\u4ef6\u53ea\u662f\u9ed1\u4ea7\u5f88\u5c0f\u7684\u4e00\u65b9\u9762\uff0c\u5927\u591a\u5f88\u4e45\u4e4b\u540e\u624d\u8fdb\u884c\u66dd\u5149\u3002\u66f4\u6709\u751a\u8005\uff0c\u73b0\u5728\u9ed1\u4ea7\u7ec4\u7ec7\u5df2\u7ecf\u6784\u5efa\u51fa\u4e00\u5957\u4e2a\u4eba\u4fe1\u606f\u67e5\u8be2\u7cfb\u7edf\uff0c\u6570\u5343\u4e07\u7684\u4e2a\u4eba\u4fe1\u606f\u90fd\u53ef\u4ee5\u5728\u4e92\u8054\u7f51\u4e0a\u88ab\u9ed1\u5ba2\u67e5\u8be2\u4f7f\u7528\u3002\u5b97\u6cfd\u6307\u51fa\uff0c\u8fd9\u5c31\u76f8\u5f53\u4e8e\u4f01\u4e1a\u540c\u65f6\u5bf9\u6297\u7f51\u7edc\u4e0a\u7684\u5168\u90e8\u9ed1\u5ba2\uff0c\u4f20\u7edf\u88ab\u52a8\u9632\u5fa1\u65b9\u6848\u518d\u5b89\u5168\uff0c\u9762\u5bf9\u8fd9\u79cd\u60c5\u51b5\u4e5f\u65e0\u80fd\u4e3a\u529b\u3002<\/p>\n\n\n\n \u6b64\u5916\uff0c\u4f20\u7edf\u4ea7\u4e1a\u591a\u662f\u5927\u4e2d\u578b\u4f01\u4e1a\uff0c\u4e1a\u52a1\u7eb7\u7e41\u590d\u6742\uff0c\u4ea7\u4e1a\u94fe\u6761\u8f83\u957f\uff0c\u6570\u636e\u4e2d\u5fc3\u5206\u5e03\u5404\u5730\uff0c\u5982\u679c\u6709\u8fb9\u7f18\u4e1a\u52a1\u6216\u73af\u8282\u4e0d\u91cd\u89c6\u5b89\u5168\u9632\u62a4\u7684\u8bdd\uff0c\u201c\u5bf9\u9ed1\u5ba2\u800c\u8a00\uff0c\u4ec5\u9700\u653b\u7834\u4e00\u4e2a\u70b9\u5c31\u53ef\u9976\u8fdb\u5185\u90e8\u7cfb\u7edf\uff0c\u9020\u6210\u5f88\u5927\u5371\u5bb3\u201d\uff1b\u5373\u4fbf\u4f01\u4e1a\u81ea\u8eab\u5b89\u5168\u975e\u5e38\u5230\u4f4d\uff0c\u4f46\u5916\u5305\u4f9b\u5e94\u5546\u4e5f\u53ef\u80fd\u6210\u4e3a\u7a81\u7834\u53e3\uff0c\u201c\u5c31\u50cf\u300a\u8d8a\u72f1\u300b\u4e2d\uff0c\u4e3b\u89d2\u603b\u80fd\u4ece\u4f9b\u5e94\u5546\u62ff\u5230\u81ea\u5df1\u7684\u6307\u7eb9\u4e00\u6837\u201d\u3002<\/p>\n\n\n\n \u4e91\u5b89\u5168\u8054\u76df(CSA)\u5927\u4e2d\u534e\u533a\u4e3b\u5e2d\u674e\u96e8\u822a\u6307\u51fa\uff1a\u201c\u5927\u6570\u636e\u4e91\u8ba1\u7b97\u65f6\u4ee3\uff0c\u540e\u7aef\u4e2d\u5fc3\u5316\u8d8b\u52bf\u660e\u663e\uff0c\u524d\u7aef\u91cf\u8d8a\u6765\u8d8a\u5927\uff0c\u4e0d\u4ec5\u4f01\u4e1a\u4f7f\u7528\u8ba1\u7b97\u8d44\u6e90\uff0c\u4efb\u4f55\u4e2a\u4eba\u4e5f\u53ef\u4ee5\u4f7f\u7528\u8ba1\u7b97\u8d44\u6e90\uff0c\u5b89\u5168\u7684\u8fb9\u754c\u4f1a\u66f4\u52a0\u6a21\u7cca\u751a\u81f3\u6d88\u5931\u3002\u201d<\/p>\n\n\n\n \u5b97\u6cfd\u5f3a\u8c03\uff0c\u4e00\u76f4\u4f9d\u9760\u88ab\u52a8\u9632\u5fa1\u7684\u601d\u8def\u53bb\u9762\u5bf9\u73b0\u5728\u6108\u52a0\u4e13\u4e1a\u3001\u6108\u52a0\u7f51\u7edc\u5316\u7684\u9ed1\u5ba2\u653b\u51fb\uff0c\u6c38\u8fdc\u9632\u4e0d\u4e86\uff0c\u6c38\u8fdc\u6709\u6f0f\u6d1e\uff0c\u6c38\u8fdc\u96be\u9003\u6570\u636e\u6cc4\u9732\u7684\u95ee\u9898\u3002<\/p>\n\n\n\n \u4ee5\u4e91\u8ba1\u7b97\u548c\u5927\u6570\u636e\u4e3a\u4ee3\u8868\u548c\u63a8\u52a8\u529b\u7684\u201c\u4e92\u8054\u7f51+\u201d\u6218\u7565\u6781\u5927\u5730\u63a8\u52a8\u4e86\u4f20\u7edf\u4ea7\u4e1a\u7684\u53d8\u9769\uff0c\u4f46\u5728\u5bf9\u4e1a\u52a1\u4ea7\u751f\u79ef\u6781\u5f71\u54cd\u7684\u540c\u65f6\uff0c\u4e5f\u8ba9\u4f01\u4e1a\u7684\u4fe1\u606f\u5b89\u5168\u73af\u5883\u4ea7\u751f\u4e86\u6781\u5927\u7684\u6539\u53d8\u3002<\/p>\n\n\n\n \u300a2016\u5e74\u4e91\u5b89\u5168\u805a\u7126\u62a5\u544a\u300b\u4fbf\u6307\u51fa\uff0c\u4f17\u591a\u4f01\u4e1a\u4e0d\u65ad\u52a0\u5927\u4e91\u57fa\u7840\u8bbe\u65bd\u6295\u5165\u529b\u5ea6\uff0c\u540c\u65f6\u4ea6\u5f00\u59cb\u610f\u8bc6\u5230\u9700\u8981\u5728\u65b0\u73af\u5883\u4e0b\u5b9e\u73b0\u4e0e\u4f20\u7edfIT\u57fa\u7840\u8bbe\u65bd\u4e2d\u76f8\u5bf9\u7b49\u7684\u5b89\u5168\u63a7\u5236\u4e0e\u529f\u80fd\u3002<\/p>\n\n\n\n \u5b97\u6cfd\u4ee5\u5b59\u5b50\u5175\u6cd5\u4e3e\u4f8b\uff1a\u201c\u77e5\u5df1\u77e5\u5f7c\u767e\u6218\u4e0d\u6b86\u3002\u4e0d\u77e5\u5f7c\u800c\u77e5\u5df1\uff0c\u4e00\u80dc\u4e00\u8d1f\u3002\u4e0d\u77e5\u5f7c\uff0c\u4e0d\u77e5\u5df1\uff0c\u6bcf\u6218\u5fc5\u6b86\u3002\u201d\u56e0\u6b64\uff0c\u60f3\u5728\u4e92\u8054\u7f51\u548c\u4e91\u8ba1\u7b97\u65f6\u4ee3\u505a\u597d\u4f01\u4e1a\u5b89\u5168\uff0c\u5fc5\u987b\u9996\u5148\u4e86\u89e3\u5bf9\u624b\u2014\u2014\u9ed1\u5ba2\u9ed1\u4ea7\uff0c\u548c\u81ea\u5df1\u2014\u2014\u4f01\u4e1a\u7684\u6570\u636e\u8d44\u4ea7\u3002<\/p>\n\n\n\n \u4ee5\u70ab\u8000\u6280\u80fd\u4e3a\u76ee\u7684\u7684\u653b\u51fb\u8005\u8d8a\u6765\u8d8a\u5c11\uff0c\u73b0\u5728\u7684\u9ed1\u5ba2\u548c\u9ed1\u4ea7\u7ed3\u5408\u5f97\u8d8a\u6765\u8d8a\u7d27\u3002\u5b97\u6cfd\u4ee5\u957f\u671f\u4e0e\u9ed1\u5ba2\u5bf9\u6297\u7684\u7ecf\u9a8c\uff0c\u603b\u7ed3\u51fa\u4e13\u4e1a\u9ed1\u5ba2\u7684\u653b\u51fb\u94fe\u8def\uff1a\u9996\u5148\u5bf9\u76ee\u6807\u4f01\u4e1a\u8e29\u70b9\uff0c\u67e5\u770b\u4f01\u4e1a\u7f51\u7edc\u8bbe\u7f6e\u3001\u5458\u5de5\u624b\u673a\u4fe1\u606f\u7b49\uff1b\u5176\u6b21\u901a\u8fc7\u626b\u63cf\u3001\u9493\u9c7c\u3001\u5916\u5305\u4f9b\u5e94\u5546\u6f0f\u6d1e\u7b49\u65b9\u5f0f\u6536\u96c6\u4fe1\u606f\uff1b\u968f\u540e\u8fdb\u884c\u5bc6\u7801\u7834\u89e3\u3001\u5229\u7528\u5b89\u5168\u6f0f\u6d1e\uff0c\u6e17\u900f\u5b9e\u9645\u4e1a\u52a1\u73af\u5883\uff0c\u518d\u4f3a\u673a\u653b\u51fb\uff0c\u83b7\u53d6\u975e\u6cd5\u5229\u76ca\u3002<\/p>\n\n\n\n \u4f20\u7edf\u5b89\u5168\u65b9\u6848\u805a\u7126\u5916\u90e8\u9632\u5fa1\uff0c\u800c\u9ed1\u4ea7\u7684\u67e5\u8be2\u7cfb\u7edf\u66b4\u9732\u4e86\u5927\u91cf\u4e2a\u4eba\u4fe1\u606f\uff0c\u6709\u65f6\u751a\u81f3\u53ef\u4ee5\u76f4\u63a5\u4ee5\u5458\u5de5\u8eab\u4efd\u767b\u9646\u5185\u90e8\u7cfb\u7edf\uff0c\u56e0\u6b64\u65b0\u73af\u5883\u4e0b\uff0c\u4f01\u4e1a\u5b89\u5168\u4eba\u5458\u5fc5\u987b\u8db3\u591f\u4e86\u89e3\u771f\u5b9e\u7684\u81ea\u5df1\u3002<\/p>\n\n\n\n \u4f55\u8c13\u771f\u5b9e\u7684\u81ea\u5df1\uff1f\u6309\u5b89\u5168\u7406\u8bba\u6700\u5c0f\u5316\u539f\u5219\uff0c\u5148\u5c01\u95ed\u6309\u9700\u6c42\u5f00\u653e\uff0c\u5c31\u662f\u8bf4\u5fc5\u987b\u660e\u786e\u4f01\u4e1aIT\u54ea\u4e9b\u5f00\u653e\uff0c\u94a5\u5319\u5728\u8c01\u624b\u4e2d\u3002\u53e6\u5916\u201c\u611f\u89c9\u4f1a\u6b3a\u9a97\u4eba\u7684\u5927\u8111\uff0c\u4f46\u662f\u6570\u636e\u4e0d\u4f1a\u201d\uff0c\u5b97\u6cfd\u6307\u51fa\uff0c\u65b0\u578b\u5b89\u5168\u9700\u5c06\u673a\u5668\u548c\u4eba\u90fd\u6570\u5b57\u5316\u5904\u7406\u3002\u5bf9\u4e8e\u4eba\uff0c\u4f60\u7684\u884c\u4e3a\u4e60\u60ef\u6570\u636e\u4f1a\u6bd4\u4f60\u7684\u611f\u89c9\u66f4\u4e86\u89e3\u4f60\uff1b\u5bf9\u4e8e\u673a\u5668\uff0c\u53ef\u4ee5\u91c7\u96c6\u670d\u52a1\u5668\u5e94\u7528\u5c42\u548c\u65e5\u5fd7\u76d1\u63a7\u7b49\u6574\u4e2a\u7f51\u7edc\u4fe1\u606f\u8d44\u4ea7\u3002\u901a\u8fc7\u6574\u7406\u5e76\u5efa\u7acb\u6570\u636e\u6a21\u578b\uff0c\u5c31\u80fd\u591f\u6784\u5efa\u4eba\u548c\u4fe1\u606f\u7684\u884c\u4e3a\u94fe\uff0c\u5e2e\u52a9\u6211\u4eec\u53d1\u73b0\u65e5\u5e38\u884c\u4e3a\u4e2d\u7684\u5f02\u5e38\u56e0\u7d20\uff0c\u6bd4\u5982\u6838\u5fc3\u6570\u636e\u5e93\u7684\u5f02\u5e38IP\u94fe\u63a5\uff0c\u5185\u90e8\u5458\u5de5\u7684\u5f02\u5e38\u4f7f\u7528\u4e60\u60ef\u7b49\uff0c\u751a\u81f3\u53ef\u4ee5\u628a\u9ed1\u5ba2\u884c\u4e3a\u4e32\u63a5\u8d77\u6765\uff0c\u627e\u51fa\u7cfb\u7edf\u5f31\u70b9\uff0c\u627e\u51fa\u653b\u51fb\u6e90\u5934\u3002<\/p>\n\n\n\n \u6b64\u5916\u8fd8\u8981\u6ce8\u91cd\u8fde\u63a5\u5316\u3001\u53ef\u89c6\u5316\u3001\u4e91\u7aef\u5316\u3001\u5206\u5c42\u5316\uff0c\u8ba9\u5b89\u5168\u4ece\u5355\u4e00\u7684\u9632\u62a4\u6f14\u53d8\u4e3a\u5b8c\u5584\u652f\u6491\u4f53\u7cfb\u7684\u751f\u6001\u7cfb\u7edf\u3002\u5c31\u50cf\u7f8e\u56fd\u5bfc\u5f39\u7cfb\u7edf\u9632\u5fa1\u7cfb\u7edf\u90a3\u6837\uff0c\u4e0d\u4ec5\u6709\u4f20\u7edf\u7684\u9646\u5730\u5e73\u9762\u9632\u5fa1\uff0c\u800c\u662f\u6d77\u9646\u7a7a\u7acb\u4f53\u5f0f\u76d1\u63a7\u4e0e\u9632\u62a4\u3002<\/p>\n\n\n\n \u6700\u540e\u5b97\u6cfd\u603b\u7ed3\uff0c\u4e91\u7aef\u5316\u548c\u4e92\u8054\u7f51+\u5e76\u6ca1\u6709\u6539\u53d8\u5b89\u5168\u653b\u9632\u7684\u672c\u8d28\uff0c\u51fa\u73b0\u5b89\u5168\u98ce\u9669\u7684\u4e3b\u8981\u539f\u56e0\u5728\u4e8e\u4f01\u4e1a\u4e1a\u52a1\u4e91\u7aef\u5316\u540e\uff0c\u76f8\u5e94\u7684\u5b89\u5168\u610f\u8bc6\u548c\u9632\u5fa1\u7b56\u7565\u5e76\u6ca1\u6709\u968f\u4e4b\u66f4\u65b0\u3002<\/p>\n\n\n\n \u4e91\u7aef\u8f6c\u578b\uff0c\u5b89\u5168\u5148\u884c\u3002\u4e92\u8054\u7f51\u5316\u7684\u4f01\u4e1a\u5b89\u5168\u610f\u8bc6\uff0c\u987b\u7406\u6e05\u5185\u90e8\u4e1a\u52a1\u903b\u8f91\uff0c\u8ba4\u8bc6\u5230\u54ea\u4e9b\u8054\u7f51\uff0c\u54ea\u4e9b\u9694\u79bb\uff0c\u54ea\u4e9b\u673a\u5bc6\uff0c\u54ea\u4e9b\u5f00\u653e\uff0c\u5e76\u505a\u597d\u4e0d\u540c\u4e1a\u52a1\u4e4b\u95f4\u7684\u9694\u79bb\u548c\u7ba1\u63a7\uff1b\u6b64\u5916\u91cd\u89c6\u5a01\u80c1\u60c5\u62a5\uff0c\u4e86\u89e3\u7f51\u7edc\u5316\u7684\u9ed1\u5ba2\u624b\u6cd5\u548c\u9ed1\u4ea7\u52a8\u6001<\/strong>\u3002<\/p>\n\n\n\n \u5728\u9632\u5fa1\u7b56\u7565\u65b9\u9762\uff0c\u4f20\u7edf\u7684\u5b89\u5168\u8bbe\u65bd\u5f80\u5f80\u96be\u4ee5\u9002\u5e94\u5982\u4eca\u591a\u6837\u5316\uff0c\u4e2a\u6027\u5316\u7684\u4e92\u8054\u7f51\u4e1a\u52a1\uff0c\u5b97\u6cfd\u5efa\u8bae\u4f20\u7edf\u4f01\u4e1a\u4e92\u8054\u7f51\u5316\u65f6\u9009\u62e9\u4e00\u4e9b\u6bd4\u8f83\u6709\u4e92\u8054\u7f51\u5b89\u5168\u7ecf\u9a8c\uff0c\u5c24\u5176\u662f\u4e13\u6ce8\u670d\u52a1\u4f01\u4e1a\u7684\u7684\u4e91\u5e73\u53f0\uff0c\u56e0\u4e3a\u4ed6\u4eec\u66f4\u61c2\u5982\u4f55\u5728\u4e92\u8054\u7f51\u4e91\u7aef\u5316\u4e0a\u53bb\u5e94\u5bf9\u9ed1\u5ba2\u7684\u653b\u51fb\u3002<\/p>\n\n\n\n \u4ee5UCloud\u4e3a\u4f8b\uff0c\u62e5\u6709\u6574\u5957\u4e92\u8054\u7f51\u5b89\u5168\u89e3\u51b3\u65b9\u6848\uff0c\u63d0\u4f9b\u4e86\u4ece\u7f51\u7edc\u3001\u5e94\u7528\u3001\u4e3b\u673a\u7b49\u5168\u9762\u7684\u5b89\u5168\u7eb5\u6df1\u9632\u62a4\uff0c\u5305\u62ec\u7f51\u7edc\u6297D\u9632\u62a4\u3001WEB\u5e94\u7528\u9632\u706b\u5899\u3001\u5b89\u5168\u5ba1\u8ba1\u670d\u52a1\u3001\u5165\u4fb5\u68c0\u6d4b\u7b49\uff0c2015\u5e74\u5e2e\u52a9\u4f01\u4e1a\u7528\u6237\u62b5\u5fa1\u4e86880\u4e07\u4e2a\u653b\u51fb\u6e90\u5bf9\u4e91\u7684\u6f0f\u6d1e\u653b\u51fb\uff0c\u62e6\u622a\u5404\u7c7bCC\u653b\u51fb318.6\u4ebf\u6b21\u3002<\/p>\n\n\n\n \u540c\u65f6\uff0cUCloud\u4f9d\u6258\u5bf9\u4e92\u8054\u7f5119\u4e2a\u7ec6\u5206\u884c\u4e1a\u3001250\u4ebf\u4e1a\u52a1\u603b\u91cf\u53ca\u8d85\u8fc76\u4ebf\u7ec8\u7aef\u670d\u52a1\u7528\u6237\u7684\u5927\u6570\u636e\u5206\u6790\uff0c\u7387\u5148\u8fdb\u884c\u5927\u6570\u636e\u5b89\u5168\u68c0\u6d4b\u4e0e\u9632\u5fa1\u7cfb\u7edf\u7684\u5efa\u8bbe\uff0c\u7531\u6570\u636e\u9a71\u52a8\u5b89\u5168\uff0c\u4ece\u9632\u8303\u62d3\u5c55\u5230\u9884\u8b66\u3002<\/p>\n\n\n\n \u4f46\u662f\u5b97\u6cfd\u4e5f\u5f3a\u8c03\uff0c\u4efb\u4f55\u5355\u4e2a\u673a\u6784\u4f9d\u9760\u4f20\u7edf\u624b\u6bb5\u5df2\u96be\u4ee5\u6709\u6548\u5e94\u5bf9\u4e92\u8054\u7f51\u5b89\u5168\u5a01\u80c1\u3002\u5c31\u50cf\u9009\u62e9\u4e91\u670d\u52a1\u4e00\u6837\uff0c\u4f01\u4e1a\u9700\u8054\u5408\u7b2c\u4e09\u65b9\u5b89\u5168\u5382\u5546\uff0c\u8054\u624b\u6253\u9020\u4e91\u7aef\u5b89\u5168\u751f\u6001\u5708\uff0c\u8fd9\u6837\u624d\u80fd\u6709\u6548\u62b5\u5fa1\u9ed1\u5ba2\u653b\u51fb\uff0c\u4fc3\u8fdb\u56fd\u5185\u7f51\u7edc\u5b89\u5168\u5f62\u52bf\u66f4\u5065\u5eb7\u7684\u53d1\u5c55\u3002<\/p>\n\n\n\n \u201c\u4ece\u4f20\u7edf\u5b89\u5168\u5230\u4e92\u8054\u7f51\u5b89\u5168\uff0c\u5c31\u662f\u4ece\u88ab\u52a8\u9632\u5fa1<\/strong>\u5230\u4ee5\u6570\u636e\u4e3a\u57fa\u7840\u7684\u5b89\u5168<\/strong>\u751f\u6001\u3002\u5c31\u50cf\u72ec\u5b64\u4e5d\u5251\u4e00\u6837\uff0c\u6599\u654c\u5148\u673a<\/strong>\uff0c\u65e0\u62db\u65e0\u8d25\u3002\u201d<\/p>\n<\/blockquote>\n\n\n\n SolarWinds CISO: Know your adversary, what they want, watch everything SolarWinds\u516c\u53f8\u9996\u5e2d\u4fe1\u606f\u5b89\u5168\u5b98\u7684\u5efa\u8bae\uff1a\u4e86\u89e3\u5bf9\u624b\u53ca\u5176\u60f3\u8981\u4ec0\u4e48\uff0c\u5e76\u5173\u6ce8\u4e00\u5207\n
\n\n\n\nWhat\u2019s the most important task other CISOs should be doing at companies that are likely to be targeted by this kind of an adversary?<\/h4>\n\n\n\n
\u5bf9\u4e8e\u53ef\u80fd\u6210\u4e3a\u8fd9\u7c7b\u5bf9\u624b\u653b\u51fb\u76ee\u6807\u7684\u516c\u53f8\uff0c\u5176\u4ed6\u9996\u5e2d\u4fe1\u606f\u5b89\u5168\u5b98\u5e94\u8be5\u505a\u7684\u6700\u91cd\u8981\u7684\u5de5\u4f5c\u662f\u4ec0\u4e48\uff1f<\/h4>\n\n\n\n
\n\n\n\n\n
\u667a\u8005\u5343\u8651\uff0c\u5fc5\u6709\u4e00\u5931<\/h5>\n\n\n\n
\u77e5\u5df1\u77e5\u5f7c\uff0c\u767e\u6218\u4e0d\u6b86<\/h5>\n\n\n\n
\u4ed6\u5c71\u4e4b\u77f3\uff0c\u53ef\u4ee5\u653b\u7389<\/h5>\n\n\n\n
\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n\n\n\n
https:\/\/www.csoonline.com\/article\/571527\/solarwinds-ciso-know-your-adversary-what-they-want-watch-everything.html<\/a><\/p>\n\n\n\n
https:\/\/mp.weixin.qq.com\/s\/8cdZXjyUSa2_o_x2R-jJdQ<\/a><\/p>\n\n\n\n