国产欧美日韩精品a在线观看-国产欧美日韩精品一区二区三区-国产欧美日韩精品综合-国产欧美中文字幕-一区二区三区精品国产-一区二区三区精品国产欧美

最近的總結(jié)帖頗多，一些引人注目的數(shù)據(jù)泄露事件影響了大量用戶和技術(shù)發(fā)展，必將給未來(lái)幾年的市場(chǎng)帶來(lái)沖擊。CSOOnline根據(jù)安全和IT主管的看法，給出了一些更值得注意的發(fā)展趨勢(shì)。2017年網(wǎng)絡(luò)安全事件是不是會(huì)在這些方面呢？

2016網(wǎng)絡(luò)安全事件回顧

（1）DNS事件導(dǎo)致互聯(lián)網(wǎng)網(wǎng)站下線

10月末，提提供受管DNS服務(wù)的基礎(chǔ)設(shè)施提供商Dyn被攻擊，隨后許多互聯(lián)網(wǎng)網(wǎng)站（包括一些最大的網(wǎng)站）下線。

這次DDoS攻擊事件影響了美國(guó)東海岸大部分地區(qū)的用戶，以及德克薩斯、華盛頓和加利福尼亞的數(shù)據(jù)中心。根據(jù)Dyn發(fā)布的聲明，幾千萬(wàn)個(gè)IP地址向它的基礎(chǔ)設(shè)施發(fā)動(dòng)了攻擊。

Barr Snyderwine, director of information systems and technology at Hargrove 評(píng)價(jià)

“The DNS attack was interesting in that it made all levels of [our] company aware that security-driven changes to our DNS and internet access were made in order to avoid such denial of service,”

“It also made all users aware that security is important,” Snyderwine says. “Users have to be aware that every device is a potential risk and that it can impact their own jobs. Our security phishing training we provided just the previous month is serious business. In fact, many people said it helped them at home and work.”

（2）勒索軟件攻擊增多

2016年，勒索軟件攻擊在所有行業(yè)都變得更常見。但醫(yī)療保健行業(yè)輕松成為這類攻擊的最大目標(biāo)。隨著多次高調(diào)攻擊醫(yī)院成功，網(wǎng)絡(luò)罪犯越來(lái)越多地瞄準(zhǔn)醫(yī)療保健提供者。

James Beeson, CISO and IT risk leader at GE Capital Americas評(píng)價(jià)

“There is a significant increase in ransomware overall, but we1re also seeing the bad guys hone in on important operations like healthcare and fine tune their pricing to make it more cost effective for the victim to pay rather than fight,”

（3）雅虎確認(rèn)大規(guī)模數(shù)據(jù)泄露

在某些報(bào)道成為史上對(duì)大規(guī)模數(shù)據(jù)泄露的事件中，互聯(lián)網(wǎng)新聞和搜索網(wǎng)站雅虎在9月份宣布，該公司近期開展的調(diào)查確認(rèn)，攻擊者在2014年末從該公司網(wǎng)絡(luò)竊取了用戶賬戶信息。

據(jù)雅虎首席信息安全官Bob Load所說，失竊賬戶信息可能包括姓名、電子郵件地址、電話號(hào)碼、生日和其他數(shù)據(jù)。根據(jù)調(diào)查結(jié)果，雅虎懷疑至少有5億賬戶的相關(guān)信息失竊。

Apart from the number of records, what makes the Yahoo incident stand out is that the company was in the midst of being acquired by communications provider Verizon for $4.8 billion. News of the breach led to speculation about the potential impact on the transaction.

Beeson 評(píng)價(jià)

“Clearly it's become a major sticking point in the negotiation and serves to remind us all of the financial magnitude an account breach can have on a company,”

“I suspect it's also impacted the cycle time of the deal, which also costs both companies money.”

To make matters worse, in December Yahoo reported that data associated with more than 1 billion user accounts was stolen in August 2013. The incident is separate from the earlier breach Yahoo announced.

Stolen user data from the newer breach involves names, email addresses, phone numbers, dates of birth, and hashed passwords using an aging algorithm known as MD5 that can be cracked.

（4）美國(guó)大選中的黑客攻擊

美國(guó)民主黨全國(guó)委員會(huì)的電腦遭受攻擊，引發(fā)俄羅斯涉及黑客攻擊的猜測(cè)，并激起了對(duì)俄羅斯影響美國(guó)大選的擔(dān)憂。另外，維基解密公布了數(shù)千份從美國(guó)民主黨全國(guó)委員會(huì)竊取的電子郵件。

展望2017網(wǎng)絡(luò)安全形勢(shì)

（1）人工智能（Artificial Intelligence，AI）取得進(jìn)展

今年，人工智能變得更加主流。隨著AI功能被嵌入到越來(lái)越多的設(shè)備，機(jī)器變得越來(lái)越智能。

各公司使用機(jī)器學(xué)習(xí)技術(shù)訓(xùn)練機(jī)器人，使其具有更強(qiáng)的功能，執(zhí)行更復(fù)雜的任務(wù)。數(shù)據(jù)分析和可視數(shù)據(jù)分析的進(jìn)步為AI帶來(lái)了新維度。另外，用于語(yǔ)言處理的機(jī)器學(xué)習(xí)算法得到增強(qiáng)，使得人機(jī)交流更加簡(jiǎn)單。

這一切都對(duì)安全有重大影響。

All of this has significant implications for security.

“AI has come a long way with machine learning technologies now capable of performing intelligent analysis of data and situations,” says Erkan Kahraman, CSO at Planview. “It’s also making an impact on the security industry, where we see more tools and solutions with AI capability, such as network intrusion detection with AI or advanced data analytics and behavior analysis powered by AI. Everything will be plus-AI in the future.”

（2）聚光燈下的區(qū)塊鏈

今年還發(fā)生了很多與區(qū)塊鏈——記錄所有已發(fā)生的比特幣交易的公開分類賬——相關(guān)的事件。這一數(shù)字分類賬可以在分布式網(wǎng)絡(luò)中的系統(tǒng)間共享。隨著區(qū)塊以線性、時(shí)間順序不停添加，這個(gè)分類賬在不斷增長(zhǎng)。

區(qū)塊鏈?zhǔn)褂眉用芗夹g(shù)令參與者能安全操作分類賬，而不需要一個(gè)中央權(quán)威。

Kahraman評(píng)價(jià)

“Blockchain itself is a technology with potential to transform our lives significantly, “

“It’s regarded as a ‘secure’ way to perform decentralized, peer-to-peer transactions due to the inherent transparency and availability it provides. This is great for public data or data which is meant to be seen by others. But we are only just exploring how to secure ledgers and transactions when it comes to proprietary and sensitive information in private blockchains.”

（3）機(jī)器人流程自動(dòng)化（Robotic Process Automation，RPA）興起

對(duì)RPA工具的需求正在上升。這些工具使用軟件“機(jī)器人”來(lái)復(fù)制人類工作者的行為，比如數(shù)據(jù)輸入。機(jī)構(gòu)可以配置RPA軟件來(lái)捕獲和翻譯現(xiàn)有業(yè)務(wù)應(yīng)用程序的操作。

這類軟件可以自動(dòng)地操作數(shù)據(jù)、與其他系統(tǒng)溝通并根據(jù)需要處理事務(wù)。與其他新技術(shù)一樣，RPA對(duì)安全也有影響。

Christina Critzer, senior vice president, Enterprise Shared Services as SunTrust.評(píng)價(jià)

“Where RPA is most effective is with standing up a center of excellence [COE] to assess and execute automation opportunities,”

“By its very nature the COE has the ability to cut across applications and teams to automate activities,”

“This challenges typical security models, which emphasize segregation of duties.”

（4）內(nèi)部威脅的增長(zhǎng)

長(zhǎng)期以來(lái)，對(duì)內(nèi)部威脅的處理一直是安全管理員的關(guān)注點(diǎn)，但這樣的關(guān)注似乎在增長(zhǎng)。

來(lái)源：安全加