摘要
端点检测与响应是国际上端点安全领域新近出现的研究热点。它完全不同于以往的端点被动防护思路,而是通过云端威胁情报、机器学习、异常行为分析、攻击指示器等方式,主动发现来自外部或内部的安全威胁,并进行自动化的阻止、取证、补救和溯源,从而有效对端点进行防护。综述端点检测与响应技术,介绍端点检测与响应的研究现状,阐述端点检测与响应的基本原理和主要关键技术,最后讨论端点检测与响应技术的优势和问题,并对其应用前景进行展望。
Endpoint detection and response is a new research hotspot in the field of endpoint security. It is completely different from the previous passive protection idea of endpoint, but via cloud threat intelligence, machine learning, abnormal behavior analysis, attack indicators, and so on, initiatively discovers security threats from external or internal sources, and realizes automatic prevention, forensics, remediation, and tracing of attack source, thus to effectively protect the endpoint. The endpoint detection and response technology is overviewed, its research status of endpoint detection and response deccribed, and its the basic principle and key techniques also expounded. Finally, the advantages and problems of endpoint detection and response technology are discussed, and the application prospects forecasted.
出处
《通信技术》
2017年第7期1493-1498,共6页
Communications Technology
关键词
端点检测与响应
高级持续性威胁
端点安全
沙箱
endpoint detection and response
advanced persistent threat
endpoint security
sandbox