Cloud computing and cloud security technology drive the development of large data and online business applications, but also a revolutionary wave in the traditional network security periphery. In the security technology and virus confrontation, Inner Mongolia electric Power Company with the global server security, virtualization and cloud computing security leadership trend technology based on the "Global Reputation Assessment database" cloud security technology to replace manual code update and decentralized management, with officescan effectively prevent the occurrence of intranet virus infection.
Information into the "New starting point" network anti-virus more "new requirements"
It is understood that Inner Mongolia electric Power Company's information construction started very late. In recent years, the company in accordance with the "unified leadership, unified planning, unified standards, unified implementation" principle, for information construction and security management ushered in a "new starting point." In the "New starting point" on the information innovation comprehensively enhance the company's competitiveness, and its behind the need to meet the "new requirements" of the defense system for innovative applications escort.
With the rapid expansion of network scale, fast growth of network users, popularization and deepening of key applications, network security work becomes more and more important. Whether the production system, or business management system, once the hacker attack or virus, will directly destroy the power plant's core database, and even disrupt the normal production operation of the enterprise. To this end, the Department of Inner Mongolia Electric Power Company branch in the network Border Protection, physical layer Security, network layer Security, platform security and other aspects have taken the latest technology and equipment to protect security and stability requirements to achieve.
Inner Mongolia Electric Power Company Information Security director said: "As a large number of terminal equipment, large enterprises, if only relying on human resources and the changing and haphazard virus confrontation, there must be a large number of ' anti-virus dead end '. After the company has carried on the comprehensive ability evaluation to the existing security defense platform, it is found that the terminal anti-virus software which relies on the virus characteristic code is not enough, the virus characteristic code upgrades frequently and cannot keep up with the virus change speed, the single machine performance influence is serious and the network resource occupancy rate is too high, End user protection awareness is poor and can not be unified management, and many other drawbacks. Therefore, in order to avoid the production management system under the new threat attack, avoid the daily office terminal caused by the virus cross-infection caused by the safety accident, we must choose the latest architecture and technology to replace the backward anti-virus system. ”
Fully research Frontier security technology focus on "global reputation Assessment database"
The latest data suggest that an average of 1 seconds has a new security threat, every 5 minutes will be a network intrusion behavior, then what kind of security technology for the internet era of anti-virus requirements, speed and ability to exceed the virus? With this core issue, Inner Mongolia Electric Power company has carried on the thorough investigation to the cloud security and so on frontier technology.
According to the person in charge: "The company has referred to the most consistent with the Internet environment NSS Labs Enterprise Safety protection software Evaluation results, its actual test is not in the closed test environment, using stale or problematic samples to do the test, which is the same as our Internet application environment." Ultimately, everyone's focus is on the use of the ' Global reputation Assessment database ' trend in technology cloud security products. After fully understanding the characteristics of the reputation assessment technology and the smart Homeowner receptacle network architecture, we tested the latest version of OfficeScan. ”
Subsequent test results show that the new cloud client file reputation (cloud-client file REPUTATION,CCFR) technology reduces most of the client's updates in the traditional update model, and cloud scanning services can replace "local code scanning". This changes the terminal system's repetitive update mode, minimizing the amount of antivirus code downloads. For example, the traditional mode client to update the 4-9MB code every day, the CCFR mode client only needs to update the 0.74-0.88MB daily, to ensure that the office traffic is not affected.
The trend of science and technology cloud security technology to prevent the effectiveness of intranet antivirus
In the end, the Inner Mongolia Power Company selected and deployed the trend of technology OfficeScan 10.6, in order to simplify the deployment, management and day-to-day operation of the advantages of support, the use of cloud security reputation assessment technology for the company to build a "new requirements" of the protection framework.
In terms of deployment: for OfficeScan installation, the administrator uses the Microsoft Active Directory Group Policy configuration to automate the installation document (MSI format) with the OfficeScan Client Package tool and automate the deployment of the terminal at Headquarters. For each unit, the antivirus wall network version of the client is deployed or upgraded in a more user-friendly manner through the web.
In the management aspect: the information security management personnel can directly through the trend Science and technology TMCM (trend technology Anti-Virus wall control center) to the entire network terminal OfficeScan configuration, the deployment and the management. At the same time, TMCM can real-time access to all of the company's Terminal virus information, the system will be automatically submitted to the trend Technology virus Monitoring Center MOC professional engineers to carry out detailed analysis, and for management to provide timely daily, weekly, monthly detailed data reports, the threat to eliminate in the bud.
In effect: To prevent cross-infection, monitor all suspicious activity across the network by enabling OfficeScan virus outbreak blocking (outbreak prevention policy short OPP), and set up client computer port and folder settings that need to be blocked. And in the cross infection of the most serious mobile storage (U disk, etc.) link, the administrator set up for the client to protect the rules of mobile devices, such as: Skip automatic playback and automatic operation link, u disk data backstage two times scan, u disk virus warning function. In addition, the use of officescan directly to the isolation directory set to the server side, the virus file into the network completely isolated, so as to avoid the host of the virus in the U disk Trojan "resurgence."
The ability of data operation and synchronization scheduling in the Cloud Security protection network opens up a new situation for the network security work of Inner Mongolia Electric Power company, and the Director of information Security says: At the terminal anti-virus level, the trend technology anti-virus wall OfficeScan performance improvement and application effect has passed a long time test. Next, we will conduct a comprehensive test and subordinates for the virtual patches in the OfficeScan, the data Loss prevention, and the security of the desktop virtualization, so that the antivirus work in the large data and virtualization environment is stepped up. At the same time, the growing number of ipads, iphones, Android mobile terminals, BlackBerry and other smart device mobile devices to carry out unified security management and threat protection. In the core data layer, we will conduct in-depth research on advanced persistent threats (Advanced persistent threat,apt) and effective prevention management, using innovative cloud security technology to form a comprehensive, three-dimensional defense system.