Background Analysis of Intranet Threat Management
The power industry is a technology-intensive and equipment-intensive industry. Its unique production and operation methods determine its informatization development model. Due to the particularity of the industry, the power industry puts forward high security, high reliability, and high stability requirements for IT equipment. Various power enterprises have accelerated their informatization processes, including office automation (OA), MIS, power market and marketing systems, power transfer systems (EMS), and Power Distribution Management Systems (DMS) the Call Center and power automation management system have been applied to different degrees. However, the difference between the power industry and other industries is that each province and city independently plan and operate, so the IT system construction of power enterprises in each province and city faces diversity and complexity.
Therefore, while ensuring the normal operation of power enterprises and the safe and efficient operation of key services, how can we ensure the availability and security of the above-mentioned business applications, this is a major problem that power enterprises need to solve in network management and O & M.
Intranet Threat Management
The Intranet Threat Management System is a Network Security Device Manager. It is not only used for unified management and maintenance of functional components in the NBAD Intranet security management system, but also can interact with network devices of various brands, perform joint defense. It manages the scattered NBAD security devices through a single web page. When a threat occurs, the Administrator only needs to view the Threat Report provided by the Administrator to understand what problems have occurred in the network, instead of constantly switching between the management interfaces of multiple devices. In addition, the system also allows you to automatically respond to threats based on predefined security policies and with other network devices, reducing the possibility of increasing risks and improving efficiency.
Main functions:
Centralized Management
Centralized management of the threat detector and threat Analyzer deployed on the network );
View, analyze, and manage network threat events on a single interface;
Intelligent Management
Automatically handles network threat events based on predefined policies;
After the problem is solved, the network connection of the blocked host is automatically restored.
Joint Defense
Locate the attack source. view the cam table of the vswitch to locate the attack source;
Interacts with other network devices to implement joint defense measures such as port shutdown and speed limit.
Novelty, advancement, and practicality Analysis
Nbad lan resources and Threat Management System is a complete set of solutions for intranet resources and information security management. It is currently the only Intranet Information Security Management System Architecture in China that is implemented through the ASIC hardware architecture, adhering to the basic spirit of ISO27001/27002, based on the existing network structure of the user, integrated with the security devices previously deployed by the user, helps the user build an active and complete intranet information security prevention and control system. Its main features are as follows:
All existing security products use the pattern recognition technology, which relies on frequent upgrades of the feature library and does not play any role in coping with unknown (new) and non-feature threats (such as ARP attacks. These threats, especially non-characteristic threats, are the biggest security risks of intranet information security. Existing security products cannot cope with such threats. Based on the brand new abnormal behavior Recognition Model, the NBAD solution constructs a comprehensive internal network threat defense system similar to the disease prevention and control system, which is especially suitable for dealing with unknown and non-characteristic threats. Ensure that the network runs properly and efficiently.
Through centralized identity management and unified policies for IP addresses and mac addresses across the network, the overall security management level of users is greatly improved, in addition, it solves the problem of chaotic management caused by scattered identity management implemented by switch ports in the past, improves flexibility and greatly improves the level of information management. Accurate identity management is the first and most important step in information security.
All defense measures are implemented by hardware at the bottom of the network or at the edge of the network. No client software is required and the performance of the existing host and business system is not affected.
All products adopt the bypass design, which neither changes the user's existing network structure nor causes any unnecessary harm to the normal use of existing network devices and application systems, even if the most extreme device crashes or powers down, the user's network stability and the normal use of any other services will not be affected.
By interacting with existing devices, you can integrate existing devices to achieve joint defense across the network.
Strictly manage network resources and information security, generate comprehensive reports, provide scientific decision-making basis, and further improve the level of information management.
Establishing Information Security Processes and system architecture is the development trend of Information Security Management. nbad lan resources and Threat Management System, as an innovative system, can greatly improve the efficiency of original equipment, active intervention and automatic standardization of abnormal behaviors, and change passive defense to active management are important and powerful supplements to users' existing security systems.
Comparative Analysis of Behavior Identification Technology and Pattern Recognition Technology
Limitations of pattern recognition technology:
Dependent on the packet-by-packet comparison of the signature library, the calculation workload is huge, the system response speed is slow, and the processing capability is limited;
It depends on regular upgrades of the feature library. If the upgrade is not timely, the defense capability will be completely lost;
It is suitable for deployment at the gateway, not suitable for deployment in the Intranet with a large amount of data, and it is not easy to upgrade the virus database in the Intranet;
Only viruses and attacks in the feature library can be passively identified. New viruses and potential threats in the future cannot be identified, making them more difficult to defend against;
No defense capability for attacks without any virus characteristics (such as ARP and NDS Phishing.
Features of Behavior Identification Technology:
No package-by-package check is required, and only abnormal network behaviors are audited and managed, which is simple and efficient;
No need to upgrade the virus database, which is easy to use and does not require maintenance;
Powerful data processing capabilities, suitable for network-wide deployment, greatly improving network-wide security;
Actively monitors and isolates network-wide exceptions, starting from the bottom layer of the network to actively respond to existing and future threats;
It is particularly suitable for identifying all kinds of attacks without features.
Intranet threats are important modules in Intranet security. Every enterprise should pay great attention to them. I hope you can understand the above solution.