During the GISEC 2023, Anxinsec released its Guidance for Defense Team in Red and Blue Team Exercise, through an analysis of previous cases, summarising issues the defending side should focus on and strategies for dealing with red team attacks.
The guidance sorts out common attacking techniques in the exercise, among which the Anxinsec security expert team predicts the top 5 favored weapons of the red team, including fileless phishing, weak password exploitation, memory webshell attack, AD domain attack, and 0-Day/N-Day vulnerability exploit. The guidance provides targeted defense recommendations or fundamental strategies to assist blue teams in detecting, responding to, and tracing threats.
At the X-labs stage, Roger Wang, Anxinsec’s CSO said that people can’t rely on one single force or measure, no matter how strong and expensive it is. Instead, a more practical and smart strategy is to set up layered, multiple capabilities combined, and in-depth defensive lines.
Recently, more advanced threats have emerged, such as Log4j, Emotet, Purple Fox, and APT attacks. Committed to protecting the peace of the digital world, Anxinsec helps enterprises that are suffering from these threats:
For 0-Day vulnerabilities, Anxinsec can reproduce the vulnerability exploits and detect the vulnerability attacks without any upgrade to stop millions of servers from huge risks.
For fileless phishing, Anxinsec provides an integrated security solution for email attachments, accounts, URLs, and abnormal email behaviors to lower difficulties in detection and traceability.
For memory-targeted attacks, Anxinsec offers fine-granular monitoring of memory reading, writing, and execution actions, abnormal actions, and an efficient response model to mitigate fileless attacks, 0-Day vulnerability exploits, and other attacks that may evade traditional security solutions.
Anxinsec’s CEO, Alex Jiang said, memory protection technology, as the future-oriented technology, boasts more effective information detection and better threat perception, which complement current shortcomings in protection against advanced threats. Traditional protection is not good at detecting advanced threats under the limitations of accuracy, understanding, visibility, and effectiveness of the protection against attacks, while memory protection technology can ensure application execution integrity and business system security.
Discussion about this post