基于软件定义安全的企业内网威胁诱捕机制

A software defined threat trapping mechanism

随着攻防速度加快和内网渗透增多,以欺骗技术为代表的主动防御思想变得重要。针对防守手段单一、迟缓,提出了一种基于软件定义安全的威胁诱捕机制,基于最大化业务吸引度和相关度构造高真实度的诱捕环境,并通过多应用编排实现自适应的跟踪朔源和隔离威胁,最终切断攻击链。

As the speed of attacks and defense becomes faster and internal network penetrationincreases,the mindset of active defense,deception for instance,is getting extremely important. We propose a software defined threat trapping mechanism comparing to former monotonous and slow defense techniques,where a luring environment is constructed based on maximizing business attraction and relevancy,application orchestration technique is leveraged to trace and contain threats adaptively,so finally the killchain is interrupted.