{"id":1467,"date":"2024-08-19T18:37:49","date_gmt":"2024-08-19T16:37:49","guid":{"rendered":"https:\/\/www.soledpro.cz\/?p=1467"},"modified":"2024-08-19T18:38:11","modified_gmt":"2024-08-19T16:38:11","slug":"aktualizace-spolecnych-aktivit-datove-bezpecnosti-2017-2030","status":"publish","type":"post","link":"https:\/\/www.soledpro.cz\/de\/aktualizace-spolecnych-aktivit-datove-bezpecnosti-2017-2030\/","title":{"rendered":"Aktualizace spole\u010dn\u00fdch aktivit datov\u00e9 bezpe\u010dnosti 2017 \u2013 2030"},"content":{"rendered":"

Threat Intelligence<\/strong><\/h1>\n\n\n\n

1.      Intern\u00ed v\u00fdzkum<\/h1>\n\n\n\n
    \n
  1. Anal\u00fdza s\u00ed\u0165ov\u00e9ho provozu<\/li>\n\n\n\n
  2. Automatizovan\u00e1 anal\u00fdza phishingu<\/li>\n\n\n\n
  3. Neuronov\u00e9 s\u00edt\u011b<\/li>\n\n\n\n
  4. Dark Web Scouting Team<\/li>\n<\/ol>\n\n\n\n

    2.      Glob\u00e1ln\u00ed partnerstv\u00ed<\/h1>\n\n\n\n
      \n
    1. D\u016fv\u011bryhodn\u00ed partne\u0159i<\/li>\n\n\n\n
    2. Spole\u010dn\u00fd v\u00fdzkum<\/li>\n\n\n\n
    3. OSINT<\/li>\n<\/ol>\n\n\n\n

      3.      Region\u00e1ln\u00ed partnerstv\u00ed<\/h1>\n\n\n\n
        \n
      1. CERT<\/li>\n\n\n\n
      2. Evropsk\u00e1 komise (DNS4EU)<\/li>\n\n\n\n
      3. T\u00fdmy pro prevenci podvod\u016f telekomunika\u010dn\u00edch spole\u010dnost\u00ed<\/li>\n\n\n\n
      4. Crowdsourcing<\/li>\n\n\n\n
      5. M\u00edstn\u00ed OSINT<\/li>\n<\/ol>\n\n\n\n

        Threat Intelligence<\/strong><\/h1>\n\n\n\n

        Skute\u010dn\u00fd rozd\u00edl v re\u00e1ln\u00e9m \u010dase<\/p>\n\n\n\n

        Pokud lze sou\u010dasnou situaci v oblasti glob\u00e1ln\u00edch kybernetick\u00fdch hrozeb definovat jedn\u00edm slovem, pak je to slovo „rychl\u00fd“. Neust\u00e1le se objevuj\u00ed nov\u00e9 hrozby, nov\u00e9 techniky a nov\u00e9 zranitelnosti. Abychom byli v\u017edy o krok nap\u0159ed p\u0159ed kyberzlo\u010dinci, \u010del\u00edme t\u011bmto v\u00fdzv\u00e1m nov\u00fdmi \u0159e\u0161en\u00edmi, nov\u00fdmi algoritmy a nov\u00fdmi p\u0159\u00edstupy.<\/p>\n\n\n\n

        Prov\u00e1d\u00edme vlastn\u00ed v\u00fdzkum a kombinujeme jej s pe\u010dliv\u00fdm a pr\u016fb\u011b\u017en\u00fdm vyhodnocov\u00e1n\u00edm mnoha zdroj\u016f, abychom z\u00edskali nejlep\u0161\u00ed v\u00fdsledky ve sv\u00e9 t\u0159\u00edd\u011b.     <\/p>\n\n\n\n

        D\u00edky nejv\u011bt\u0161\u00edmu po\u010dtu nasazen\u00ed kybernetick\u00e9 bezpe\u010dnosti pro spot\u0159ebitele z oblasti telekomunikac\u00ed na trhu a stovk\u00e1m z\u00e1kazn\u00edk\u016f z \u0159ad poskytovatel\u016f internetov\u00fdch slu\u017eeb po cel\u00e9m sv\u011bt\u011b m\u00e1me mo\u017enost analyzovat a interpretovat obrovsk\u00fd glob\u00e1ln\u00ed internetov\u00fd provoz.<\/p>\n\n\n\n

        Spolupracujeme s v\u00fdzkumn\u00fdmi institucemi a akademickou sf\u00e9rou, abychom posunuli schopnosti detekce hrozeb pomoc\u00ed strojov\u00e9ho u\u010den\u00ed na vy\u0161\u0161\u00ed \u00farove\u0148.     <\/p>\n\n\n\n

        V\u0161echny na\u0161e algoritmy neust\u00e1le dola\u010fujeme na z\u00e1klad\u011b sledovan\u00e9ho provozu, abychom zajistili absolutn\u00ed aktu\u00e1lnost s co nejmen\u0161\u00ed chybovost\u00ed, co\u017e vede k nejni\u017e\u0161\u00ed m\u00ed\u0159e fale\u0161n\u011b pozitivn\u00edch v\u00fdsledk\u016f na trhu.<\/p>\n\n\n\n

        V\u0161echny vstupy spot\u0159ebov\u00e1v\u00e1me v re\u00e1ln\u00e9m \u010dase a v\u00fdsledky na\u0161eho \u00fasil\u00ed v oblasti Threat Intelligence okam\u017eit\u011b \u0161\u00ed\u0159\u00edme do Whalebone DNS Resolver\u016f nam\u00edsto pravideln\u00fdch hromadn\u00fdch aktualizac\u00ed, abychom neztr\u00e1celi \u017e\u00e1dn\u00fd \u010das. <\/p>\n\n\n\n

        V\u017edy p\u0159ibli\u017eujeme a spolupracujeme s m\u00edstn\u00edmi odborn\u00edky na Threat Intelligence, jako jsou CERTS a intern\u00ed bezpe\u010dnostn\u00ed t\u00fdmy telekomunika\u010dn\u00edch spole\u010dnost\u00ed, abychom zajistili nejlep\u0161\u00ed region\u00e1ln\u00ed Threat Intelligence na trhu.<\/p>\n\n\n\n

        Intern\u00ed v\u00fdzkum<\/h1>\n\n\n\n

        N\u00e1\u0161 t\u00fdm Threat Intelligence neust\u00e1le testuje a hodnot\u00ed v\u0161echny na\u0161e zdroje, v\u010detn\u011b na\u0161ich vlastn\u00edch. Neust\u00e1le je p\u0159ehodnocujeme, abychom zajistili co nejaktu\u00e1ln\u011bj\u0161\u00ed informace, a aktualizujeme na\u0161e sk\u00f3rovac\u00ed algoritmy na z\u00e1klad\u011b nov\u00fdch hrozeb.<\/p>\n\n\n\n

        Analyzujeme historick\u00e1 data, statistiky a vyu\u017e\u00edv\u00e1me na\u0161i jedine\u010dnou technologii, abychom vytvo\u0159ili co nejlep\u0161\u00ed hodnocen\u00ed \u0161kodlivosti dom\u00e9ny. P\u0159i ur\u010dov\u00e1n\u00ed, zda m\u00e1 b\u00fdt dom\u00e9na zablokov\u00e1na, \u010di nikoli, se zohled\u0148uje v\u00edce faktor\u016f a algoritm\u016f.<\/p>\n\n\n\n

        N\u00e1\u0161 intern\u00ed v\u00fdzkum lze rozd\u011blit do \u010dty\u0159 hlavn\u00edch kategori\u00ed:<\/u><\/strong><\/p>\n\n\n\n

          \n
        1. Anal\u00fdza s\u00ed\u0165ov\u00e9ho provozu<\/li>\n\n\n\n
        2. Automatick\u00e1 anal\u00fdza phishingu<\/li>\n\n\n\n
        3. Neuronov\u00e9 s\u00edt\u011b<\/li>\n\n\n\n
        4. T\u00fdm pro pr\u016fzkum temn\u00e9ho webu (Dark Web)<\/li>\n<\/ol>\n\n\n\n
            \n
          1. Anal\u00fdza provozu v s\u00edti<\/u><\/strong><\/li>\n<\/ol>\n\n\n\n

            D\u016fle\u017eit\u00fdm pil\u00ed\u0159em na\u0161eho intern\u00edho v\u00fdzkumu je anal\u00fdza s\u00ed\u0165ov\u00e9ho provozu. Zkoum\u00e1me po\u010det u\u017eivatel\u016f komunikuj\u00edc\u00edch s dom\u00e9nami v \u010dase, v r\u016fzn\u00fdch \u010dasov\u00fdch intervalech a z r\u016fzn\u00fdch region\u016f. Kontrolujeme ned\u00e1vn\u00e9 zm\u011bny a pomoc\u00ed statistick\u00e9 anal\u00fdzy odhalujeme nesrovnalosti nebo podez\u0159el\u00e9 aktivity, kter\u00e9 je t\u0159eba d\u00e1le zkoumat.<\/p>\n\n\n\n

            Z\u00e1rove\u0148 vyu\u017e\u00edv\u00e1me strojov\u00e9 u\u010den\u00ed historick\u00fdch kontakt\u016f pro ka\u017edou jednotlivou dom\u00e9nu na z\u00e1klad\u011b rozs\u00e1hl\u00e9ho provozu, kter\u00fd z\u00edsk\u00e1me k anal\u00fdze. V\u017edy bereme v \u00favahu standardn\u00ed chov\u00e1n\u00ed u\u017eivatel\u016f a v\u0161echny mo\u017en\u00e9 metainformace, ke kter\u00fdm m\u00e1me p\u0159\u00edstup ze z\u00e1znam\u016f komunikace DNS.<\/p>\n\n\n\n

              \n
            1. Automatizovan\u00e1 anal\u00fdza phishingu<\/u><\/strong><\/li>\n<\/ol>\n\n\n\n

              Zkoum\u00e1me nov\u011b registrovan\u00e9 dom\u00e9ny a vydan\u00e9 certifik\u00e1ty a porovn\u00e1v\u00e1me je s platn\u00fdmi slu\u017ebami a jejich dom\u00e9nami, abychom odhalili dom\u00e9ny vytvo\u0159en\u00e9 nebo vygenerovan\u00e9 za \u00fa\u010delem phishingu. Na\u0161e algoritmy analyzuj\u00ed regul\u00e1rn\u00ed fr\u00e1ze i neviditeln\u00e1 metadata, v\u010detn\u011b metadat z certifik\u00e1t\u016f.<\/p>\n\n\n\n

              Analyzujeme trendy a vzory, kter\u00e9 kyberzlo\u010dinci pou\u017e\u00edvaj\u00ed pro vytv\u00e1\u0159en\u00ed t\u011b\u017eko rozpoznateln\u00fdch fale\u0161n\u00fdch dom\u00e9n. T\u00edmto zp\u016fsobem se dost\u00e1v\u00e1me k blokov\u00e1n\u00ed dom\u00e9n, kter\u00e9 klamou b\u011b\u017en\u00e9 u\u017eivatele t\u00edm, \u017ee jsou podobn\u00e9 slu\u017eb\u00e1m, kter\u00e9 denn\u011b pou\u017e\u00edvaj\u00ed.<\/p>\n\n\n\n

                \n
              1. Neuronov\u00e9 s\u00edt\u011b Whalebone<\/u><\/strong><\/li>\n<\/ol>\n\n\n\n

                Abychom mohli neust\u00e1le zachycovat \u010dinnost kyberzlo\u010dinc\u016f, vyv\u00edj\u00edme nov\u00e9 technologie, kter\u00e9 umo\u017e\u0148uj\u00ed p\u0159edv\u00eddat jejich dal\u0161\u00ed kroky a reagovat rychleji, ne\u017e je v lidsk\u00fdch sil\u00e1ch.<\/p>\n\n\n\n

                Whalebone DGA Sonar<\/p>\n\n\n\n

                Zlo\u010dinci \u010dasto pou\u017e\u00edvaj\u00ed takzvan\u00e9 algoritmy generov\u00e1n\u00ed dom\u00e9n (DGA), aby zabr\u00e1nili org\u00e1n\u016fm \u010dinn\u00fdm v trestn\u00edm \u0159\u00edzen\u00ed odstavit m\u00edsta setk\u00e1n\u00ed infikovan\u00fdch po\u010d\u00edta\u010d\u016f a \u0159\u00eddic\u00edch a kontroln\u00edch server\u016f. Pravideln\u011b generuj\u00ed velk\u00e9 mno\u017estv\u00ed dom\u00e9n na z\u00e1klad\u011b p\u0159edem definovan\u00fdch pravidel, kter\u00fdch se infikovan\u00e1 za\u0159\u00edzen\u00ed sna\u017e\u00ed dos\u00e1hnout.<\/p>\n\n\n\n

                Ve spolupr\u00e1ci s \u010cVUT v Praze jsme vyvinuli unik\u00e1tn\u00ed neuronovou s\u00ed\u0165, kter\u00e1 dok\u00e1\u017ee ur\u010dit dom\u00e9ny generovan\u00e9 DGA a p\u0159edpov\u011bd\u011bt dom\u00e9ny, kter\u00e9 budou generov\u00e1ny v budoucnu. T\u00edmto zp\u016fsobem jsme v\u017edy o krok nap\u0159ed.<\/p>\n\n\n\n

                Virtu\u00e1ln\u00ed analytik Whalebone<\/p>\n\n\n\n

                P\u0159esto\u017ee na\u0161i odborn\u00edci na anal\u00fdzu hrozeb pe\u010dliv\u011b analyzuj\u00ed podez\u0159el\u00e9 dom\u00e9ny, vzhledem k objemu glob\u00e1ln\u00edho provozu, kter\u00fd spole\u010dnost Whalebone zpracov\u00e1v\u00e1, nen\u00ed mo\u017en\u00e9 spol\u00e9hat se pouze na manu\u00e1ln\u00ed pr\u00e1ci. Proto jsme vyvinuli v\u00fdkonn\u00fd n\u00e1stroj Virtual Analyst, kter\u00fd n\u00e1m pom\u00e1h\u00e1.<\/p>\n\n\n\n

                Tato neuronov\u00e1 s\u00ed\u0165 napodobuje chov\u00e1n\u00ed skute\u010dn\u00e9ho analytika. Vyu\u017e\u00edv\u00e1 vyhled\u00e1va\u010de k z\u00edsk\u00e1n\u00ed dal\u0161\u00edch informac\u00ed o dom\u00e9n\u011b, hled\u00e1 \u010dl\u00e1nky, kter\u00e9 by o dom\u00e9n\u011b pojedn\u00e1valy, zkoum\u00e1 odkazy na p\u00edskovi\u0161t\u011b a na z\u00e1klad\u011b v\u00fdsledk\u016f vyhled\u00e1v\u00e1n\u00ed vytv\u00e1\u0159\u00ed kvalifikovan\u00e9 p\u0159edpoklady.<\/p>\n\n\n\n

                Tunelov\u00fd blok<\/p>\n\n\n\n

                Jednou z velmi d\u016fle\u017eit\u00fdch \u0161kodliv\u00fdch technik, kter\u00e9 vyu\u017e\u00edvaj\u00ed protokol DNS, je tzv. tunelov\u00e1n\u00ed DNS. Hacke\u0159i pou\u017e\u00edvaj\u00ed tunelov\u00e1n\u00ed DNS k pa\u0161ov\u00e1n\u00ed zak\u00f3dovan\u00fdch dat v r\u016fzn\u00fdch form\u00e1tech prost\u0159ednictv\u00edm b\u011b\u017en\u00e9 komunikace DNS.<\/p>\n\n\n\n

                Aplikace Whalebone Tunnel Block je vy\u0161kolena tak, aby blokovala exfiltraci dat, ani\u017e by naru\u0161ila b\u011b\u017en\u00e9, ne\u0161kodn\u00e9 po\u017eadavky na p\u0159eklad DNS.<\/p>\n\n\n\n

                  \n
                1. T\u00fdm pro pr\u016fzkum temn\u00e9ho webu (Dark Web)<\/u><\/strong><\/li>\n<\/ol>\n\n\n\n

                  Pro na\u0161i bezpe\u010dnostn\u00ed vrstvu ochrany identity m\u00e1me specializovan\u00fd t\u00fdm odborn\u00edk\u016f, kte\u0159\u00ed denn\u011b prozkoum\u00e1vaj\u00ed ve\u0159ejn\u011b dostupn\u00e1 i skryt\u00e1 f\u00f3ra a aktualizuj\u00ed na\u0161i datab\u00e1zi unikl\u00fdch p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f. Sou\u010dasn\u011b p\u00e1tr\u00e1me po datech, kter\u00e1 byla ukradena malwarem a hromadn\u00fdmi v\u00fdpisy z malwaru, spywaru, keylogger\u016f atd.<\/p>\n\n\n\n

                  P\u0159i ukl\u00e1d\u00e1n\u00ed v\u0161ech t\u011bchto informac\u00ed d\u00e1v\u00e1me p\u0159ednost ochran\u011b soukrom\u00ed. Uchov\u00e1v\u00e1me nap\u0159\u00edklad pouze \u00fadaje ozna\u010duj\u00edc\u00ed nalezen\u00e1 unikl\u00e1 hesla, nikoli hesla samotn\u00e1. P\u0159\u00edle\u017eitostn\u011b m\u016f\u017eeme \u010d\u00e1sti ukraden\u00fdch p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f sd\u00edlet s koncov\u00fdmi z\u00e1kazn\u00edky, \u010d\u00edm\u017e zajist\u00edme, \u017ee p\u0159i ukl\u00e1d\u00e1n\u00ed nep\u0159edstavuj\u00ed \u017e\u00e1dnou \u0161kodu.<\/p>\n\n\n\n

                  Glob\u00e1ln\u00ed partnerstv\u00ed<\/h1>\n\n\n\n

                  V\u011b\u0159\u00edme, \u017ee ConnectedMeansProtected<\/strong> – jde o propojen\u00ed v\u00fdzkumn\u00fdch a v\u00fdvojov\u00fdch t\u00fdm\u016f a vyu\u017eit\u00ed poznatk\u016f v\u00fdzkumn\u00edk\u016f z cel\u00e9ho sv\u011bta.<\/p>\n\n\n\n

                  Proto pe\u010dliv\u011b vyb\u00edr\u00e1me, vyhodnocujeme a pr\u016fb\u011b\u017en\u011b testujeme r\u016fzn\u00e9 partnery a zdroje, abychom zajistili co nejlep\u0161\u00ed v\u00fdsledky.<\/p>\n\n\n\n