セキュリティアーキテクトは、メールサーバーを設定して、最新のIoCリストを維持し、既知の悪意のある受信メールをブロックしたいと考えています。このタスクにおいて、セキュリティアーキテクトが最も必要とすると思われるものは次のうちどれですか(2つ選択してください)。
正解:B,D
To keep the mail server up to date with indicators of compromise (IoCs) and block known-malicious emails, the security architect needs mechanisms to ingest new threat intelligence and apply it dynamically. The best solutions are:
Threat Feed API (B): This provides automated updates from external or commercial threat intelligence providers. By integrating a threat feed, the mail server can regularly fetch IoCs such as malicious domains, IPs, or attachment hashes.
Webhooks (D): These allow real-time or near real-time updates when new IoCs are published. Instead of waiting for scheduled pulls, the mail server can receive push notifications with updated indicators, ensuring rapid response to evolving threats.
Other options are less effective. Log analyzers (A) assist with monitoring but don't actively update or block threats. A scheduled task (C) may automate local operations but lacks the external intelligence integration required. Inbox deletion code (E) is reactive and inefficient. A security runbook (F) defines processes but does not technically enable automated updates.
Thus, the combination of Threat Feed APIs and Webhooks provides continuous, automated IoC ingestion, reducing exposure to malicious email campaigns.