MITRE sadece g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini kar\u015f\u0131la\u015ft\u0131ran bir \u015firket de\u011fil. Misyonu daha g\u00fcvenli bir d\u00fcnya yaratmak olan kar amac\u0131 g\u00fctmeyen bir kurulu\u015f. Siber g\u00fcvenlik d\u00fcnyas\u0131n\u0131 bilen herkes, MITRE\u2019nin \u00f6ncelikle Ortak G\u00fcvenlik A\u00e7\u0131klar\u0131 ve Etkilenmeler (CVE) veritaban\u0131 ile tan\u0131nd\u0131\u011f\u0131n\u0131 bilir. Bir s\u00fcre \u00f6nce, \u015firket yeni bir ad\u0131m daha atarak MITRE ATT&CK (Rakip Taktikleri, Teknikler ve Ortak Bilgiler) tehdit matrisini yaratt\u0131.<\/p>\n
Esasen MITER ATT&CK, \u00e7e\u015fitli hedefe y\u00f6nelik sald\u0131r\u0131larda kullan\u0131lan teknikleri i\u00e7eren bir a\u00e7\u0131k bilgi taban\u0131. Matris bi\u00e7iminde sunulan veriler, sald\u0131rganlar\u0131n kurumsal altyap\u0131ya nas\u0131l n\u00fcfuz ettikleri ve kurumsal altyap\u0131da nas\u0131l bir dayanak kazand\u0131klar\u0131, tespit edilmemek i\u00e7in kulland\u0131klar\u0131 p\u00fcf noktalar\u0131, vb. hakk\u0131nda genel bir bak\u0131\u015f sunuyor. Bu, kurumsal d\u00fczeyde bir tehdit matrisi. Ancak MITRE ayn\u0131 zamanda siber su\u00e7lular\u0131n mobil cihazlara ve end\u00fcstriyel kontrol sistemlerine y\u00f6nelik siber sald\u0131r\u0131lar i\u00e7in kulland\u0131\u011f\u0131 taktikleri kapsayan matrisler \u00fczerinde de \u00e7al\u0131\u015f\u0131yor.<\/p>\n
Bununla birlikte MITER ATT&CK yaln\u0131zca bilgi toplam\u0131\u015f olmak i\u00e7in bilgi toplamaktan ibaret de\u011fil. \u00c7e\u015fitli end\u00fcstriler i\u00e7in tehdit modelleri olu\u015fturmay\u0131 basitle\u015ftirmeyi ama\u00e7l\u0131yor; daha da \u00f6nemlisi, belirli bir \u00e7\u00f6z\u00fcm\u00fcn veya \u00e7\u00f6z\u00fcm kombinasyonunun hangi bilinen tehditleri tespit edebilece\u011fini belirlemek i\u00e7in kullan\u0131labiliyor. Teori \u015fu: Alt yap\u0131s\u0131n\u0131 korumak i\u00e7in bir \u00e7\u00f6z\u00fcm arayan bir \u015firket, her aday\u0131n yeteneklerini ATT&CK matrisine kar\u015f\u0131 e\u015fle\u015ftiriyor ve hangi tehditlerin a\u00e7\u0131kta kald\u0131\u011f\u0131n\u0131 g\u00f6rebiliyor. Biraz tombala oyunu gibi. Pratikte ise MITRE, belirli bir g\u00fcvenlik \u00fcr\u00fcn\u00fcn\u00fcn hangi tehditleri tan\u0131mlad\u0131\u011f\u0131n\u0131 anlamak i\u00e7in ATT&CK de\u011ferlendirmesi olarak bilinen testleri y\u00fcr\u00fct\u00fcyor.<\/p>\n
MITRE ara\u015ft\u0131rmac\u0131lar\u0131 bilinen bir APT akt\u00f6r\u00fc se\u00e7er ve birka\u00e7 g\u00fcnl\u00fck bir s\u00fcre boyunca test ortam\u0131nda \u00e7\u00f6z\u00fcmlerini de\u011ferlendirdikleri sald\u0131r\u0131lar\u0131 taklit ederler; ancak elbette ge\u00e7mi\u015f sald\u0131r\u0131lar\u0131n birebir kopyalar\u0131n\u0131 kullanmazlar. Bunun yerine, \u00e7\u00f6z\u00fcm\u00fcn bir sald\u0131r\u0131n\u0131n a\u015famalar\u0131nda \u00e7e\u015fitli rakip teknikleri nas\u0131l tespit etti\u011fini bulmak i\u00e7in bireysel sald\u0131r\u0131 ara\u00e7lar\u0131n\u0131 de\u011fi\u015ftirirler. Yan\u0131t mekanizmalar\u0131 de\u011ferlendirme s\u0131ras\u0131nda devre d\u0131\u015f\u0131 b\u0131rak\u0131l\u0131r aksi takdirde baz\u0131 a\u015famalar\u0131n test edilmesi imkans\u0131zd\u0131r.<\/p>\n
Testin \u015fu anki turuna APT29 De\u011ferlendirmesi deniyor. Bu de\u011ferlendirmede ara\u015ft\u0131rmac\u0131lar, CozyDuke, Cozy Bear ve The Dukes olarak da bilinen APT29<\/a> grubunun giri\u015fimlerini taklit ediyorlar. Burada ATT&CK hakk\u0131nda ayr\u0131nt\u0131l\u0131 bir makale<\/a> bulabilirsiniz.<\/p>\n Son tur, Kaspersky Endpoint Detection and Response \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fc ve Kaspersky Managed Protection servisimizi test etti. Spesifik ayarlar hakk\u0131nda daha ayr\u0131nt\u0131l\u0131 bilgileri bu makalede<\/a> bulabilirsiniz.<\/p>\n \u00c7\u00f6z\u00fcm\u00fcm\u00fcz, modern hedefli sald\u0131r\u0131lar\u0131n \u00f6nemli a\u015famalar\u0131nda, \u00f6zellikle de Y\u00fcr\u00fctme, Kal\u0131c\u0131l\u0131k, Ayr\u0131cal\u0131k Y\u00fckselmesi ve Yanal Hareket a\u015famalar\u0131nda y\u00fcksek d\u00fczeyde kilit teknik saptamas\u0131 becerisini ortaya koydu. Ayr\u0131nt\u0131l\u0131 de\u011ferlendirme sonu\u00e7lar\u0131 ve ATT&CK ile ilgili di\u011fer materyaller i\u00e7in kurumsal web sitemizin MITRE ATT&CK<\/a> alan\u0131na g\u00f6z atabilirsiniz.<\/p>\n","protected":false},"excerpt":{"rendered":" MITRE \u00e7\u00f6z\u00fcmlerimizi APT29 de\u011ferlendirmesinde test etti. Testin ne oldu\u011funu, neden ve nas\u0131l yap\u0131ld\u0131\u011f\u0131n\u0131 ve sonu\u00e7lar\u0131n ne anlama geldi\u011fini a\u00e7\u0131kl\u0131yoruz. <\/p>\n","protected":false},"author":2581,"featured_media":8146,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[618,2182,1035],"class_list":{"0":"post-8145","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-hedefli-saldirilar","10":"tag-mitre","11":"tag-test"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/mitre-apt29-evaluation\/8145\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/mitre-apt29-evaluation\/20737\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/mitre-apt29-evaluation\/16492\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/mitre-apt29-evaluation\/21563\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/mitre-apt29-evaluation\/19802\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/mitre-apt29-evaluation\/18497\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/mitre-apt29-evaluation\/22512\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/mitre-apt29-evaluation\/21433\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/mitre-apt29-evaluation\/28216\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/mitre-apt29-evaluation\/35037\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/mitre-apt29-evaluation\/13390\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/mitre-apt29-evaluation\/23784\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/mitre-apt29-evaluation\/25339\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/mitre-apt29-evaluation\/22112\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/mitre-apt29-evaluation\/27403\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/mitre-apt29-evaluation\/27240\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/hedefli-saldirilar\/","name":"hedefli sald\u0131r\u0131lar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=8145"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8145\/revisions"}],"predecessor-version":[{"id":8147,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/8145\/revisions\/8147"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/8146"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=8145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=8145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=8145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Test edilen \u00fcr\u00fcnler ve sonu\u00e7lar\u0131<\/h2>\n