Intranet threat Perception and * * * traceability system

I. Current situation and problems

? ? ? ? With the "Cyber Security Law" formally becoming a law and regulations, level protection series of policy updates, "security" for most enterprises has become a "mandatory." However, the security situation of cyberspace is increasingly complex and grim. The worldwide outbreak of ransomware virus has a huge impact on the normal work of enterprises. Advanced Persistent threats (apt***), Harpoon * * *, internal staff, and outsourced personnel are also constantly threatening the core data security of the enterprise.

? ? ? ? Threats persist, but enterprise security managers do not have the appropriate technical means and tools to identify problems, positioning the source.

Second, the solution

? ? ? ? In view of the above problems, the enterprise network security Thinking to change, enterprise network security should not only have excellent defense ability, but also have active security traceability and emergency response ability. In the face of the border network security equipment can not guarantee the 100% network security status, can help enterprises to accurately identify threats, quickly locate threats, effectively control the threat proliferation of tools more and more important.

? ? ? ? Wuhan Titanium Security Technology Network threat Perception and * * * traceability system, through the "virtual simulation" technology, in * * * must pass the road layout traps, lure, can achieve the apt*** event, worm virus (ransomware virus) transmission, abnormal operation of the precise positioning of events. Solve the Internal network * * * behavior is difficult to identify, difficult to locate, difficult to trace the three major problems, to give the intranet a new initiative against the ability. Combined with the log Big Data traceability module, the traffic Big Data traceability module, helps enterprises to trace the identity and * * * * * * * *, realize the whole network security situation awareness.

Third, the system function

1. Virtual Simulation

? ? ? ? 1) The system can achieve a variety of system applications (ssh,telnet), database applications (MySQL, Oracle), Business applications (HTTP, HTTPS) high simulation, through the deployment of high simulation application "traps" in the enterprise intranet, confusing * * * * * * * * * * * * * * * * * * * * * Isolate the sandbox system, identify * * * behavior, slow down the process, and notify administrators in a variety of ways.

? ? ? ? 2) Camouflage agent, through the real core server in the enterprise intranet deployment of "camouflage agent", can let "traps" throughout the intranet, will * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

? ? ? ? 3) Decoy files, the system based on the Web "bug" work, can be forged "sensitive files" insert "tracking" code, let spy infected Administrator design "* * * virus", to help managers quickly locate spy people.

2.*** Identification and Intranet threat intelligence

? ? ? ? 1) Known * * * recognition, the system built-in detection module, can accurately identify all the simulation application for the source IP and known * * * * * * * * * * * * *.

? ? ? ? 2) Unknown * * * identification, the system detailed record for the simulation application of the various * * * behavior log, based on behavioral analysis mode, the use of big data on unknown * * * * * * * * * * * * * * * * * * * * * * * * * * *

? ? ? ? 3) Intranet threat Intelligence, the system in the identification and record * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

3.*** Traceability

? ? ? ? Using the intranet Threat intelligence information, the log Big Data traceability module and the traffic Big Data traceability module can further determine the * * * source (virus source) internal network core assets of the behavior, to help operators to quickly trace the behavior, determine the scope, a comprehensive understanding of intranet security posture.

4. Centralized management and traceability display

? ? ? ? The system supports multi-node hierarchical management, and can be organized in the form of time flow through data association analysis, and visualize the process of security event. The threat intelligence intelligence dashboard provides threat intelligence awareness reporting.

Intranet threat Perception and * * * traceability system