Protecting against malicious files(防范恶意文件)¶
Most IT and Security teams maintain tools and controls to prevent the presence of malicious files on computers. Such controls generally include network-based or endpoint-based scanning and monitoring, and they should ideally cover the entirety of your IT footprint (user workstations, administrative systems, servers, etc.).
When your team begins using Foundry for syncing and storing files, it’s important to also include Foundry as in-scope for protection against malicious files and malware.
Foundry controls¶
Foundry is a large-scale data platform with unlimited use cases and potential functionality. As such, Foundry does not place blanket restrictions on uploading of certain potentially risky files or filetypes, such as executables. Rather, Foundry has security measures in place to safely accommodate use cases that may require unrestricted uploading.
Security controls on file uploads in Foundry include:
- Binary execution restrictions on upload endpoints.
- Process isolation for the upload service preventing escalation of privileges or lateral movement.
- File size limits on front-end imports.
Additional recommendations¶
Although Foundry’s platform-based file controls serve as effective mitigations against malicious files, Foundry exists as part of a shared security responsibilty model, and our Security engineers recommend that Foundry customers maintain additional security controls in their environment(s) to prevent the propagation of malware:
- Customer systems should run reputable, up-to-date antimalware tooling.
- Antimalware tooling should ideally offer periodic scans, and real-time detection.
- Customers should enforce use of the native malware protections present in most major web browsers.
If you’re a Palantir customer with any questions or concerns regarding malicious file controls, feel free to ask your Palantir representative for guidance, and our engineers will be happy to assist.
中文翻译¶
防范恶意文件¶
大多数IT和安全团队都会维护相关工具和控制措施,以防止计算机中出现恶意文件。此类控制通常包括基于网络或端点的扫描与监控,理想情况下应覆盖整个IT基础设施(用户工作站、管理系统、服务器等)。
当您的团队开始使用Foundry同步和存储文件时,务必将Foundry纳入恶意文件与恶意软件(malware)的防护范围。
Foundry控制措施¶
Foundry是一个大规模数据平台,具有无限的应用场景和潜在功能。因此,Foundry不会对上传某些潜在风险文件或文件类型(如可执行文件)设置全面限制。相反,Foundry内置了安全措施,以安全地支持可能需要无限制上传的使用场景。
Foundry中关于文件上传的安全控制包括:
- 对上传端点(endpoint)的二进制执行限制。
- 上传服务的进程隔离,防止权限提升或横向移动。
- 前端导入的文件大小限制。
其他建议¶
尽管Foundry基于平台的文件控制措施能有效缓解恶意文件风险,但Foundry遵循共享安全责任模型。我们的安全工程师建议Foundry客户在其环境中维护额外的安全控制,以防止恶意软件(malware)传播:
- 客户系统应运行信誉良好且更新及时的防恶意软件工具。
- 防恶意软件工具最好能提供定期扫描和实时检测功能。
- 客户应强制使用大多数主流网页浏览器自带的恶意软件保护功能。
如果您是Palantir客户,对恶意文件控制有任何疑问或顾虑,请随时向您的Palantir代表咨询,我们的工程师将乐意为您提供帮助。