Socket, an a16z portfolio company, detected the malicious dependency in the Axios attack within 6 minutes of its publication. That's roughly 63,000 times faster than the industry average.
令人惊讶的是:Socket公司在Axios攻击发布后仅6分钟就检测到恶意依赖,这比行业平均水平快约63,000倍。这种速度差异凸显了传统安全工具与新型行为检测方法之间的巨大鸿沟,也展示了早期检测在防止供应链攻击中的关键作用。
Socket, an a16z portfolio company, detected the malicious dependency in the Axios attack within 6 minutes of its publication. That's roughly 63,000 times faster than the industry average.
令人惊讶的是:安全公司Socket能在恶意包发布后6分钟内检测到问题,比行业平均水平快约63,000倍。更令人震惊的是,他们在第一个受损的Axios版本发布前16分钟就发现了问题,因为他们直接检测到了可疑的依赖包本身。
Socket, an a16z portfolio company, detected the malicious dependency in the Axios attack within 6 minutes of its publication. That's roughly 63,000 times faster than the industry average.
大多数人认为供应链攻击需要数月甚至数年才能被发现,但作者展示了新型安全工具可以在几分钟内检测到攻击,比行业平均水平快63000倍。这表明安全检测范式正在从基于CVE的静态检查转向基于行为的实时分析。
Abbott, K. R., & Sherratt, T. N. (2013). Optimal sampling and signal detection: Unifying models of attention and speed–accuracy trade-offs. Behavioral Ecology, 24(3), 605–616. https://doi.org/10.1093/beheco/art001
Daley, J. (n.d.). Millions of Rapid COVID-19 Antigen Tests May Help Fill the Testing Gap. Scientific American. Retrieved September 30, 2020, from https://www.scientificamerican.com/article/millions-of-rapid-covid-19-antigen-tests-may-help-fill-the-testing-gap/