? The rapid development of Internet technology continues to change our lives, and the "Internet +" of the proposed, so that through the data to change the business, driving business development has become a trend, the security industry is the same.
In a large network, the security operations and management personnel are the main responsible person of the network security related work. and security work in addition to basic access control, intrusion detection and identity identification, and other means, with the progress and development of technology has gradually begun to include more content. It is one of the most timely to perceive abnormal events in the network and to understand the overall security posture. For security OPS personnel, from thousands of security incidents and logs, cobwebs find the most valuable, most urgent need to address and solve the security issues, so that the security of the network is a must to solve the problem. For security managers and even senior managers, how to describe the overall situation of the current network security, and to determine the trend of forecasting risk development, the guidance of the next security construction and planning, is also a problem.
As Dickens said, this is the worst of times, this is the best of times. The development of technology will also bring positive side. The advent of cloud-based security services has led to a gradual shift in the security approach from the early Warning Center to the information center. Security infrastructure components can respond to each other, extracting intelligence from the interrelated activity analysis. The maturity and application of big Data technology make the network security have a new development direction. Its unique features of mass storage, parallel computing and efficient query bring new opportunities for network security in the sense, early warning, analysis and so on.
How to find an effective and reasonable model for this opportunity has become a top priority.
A well-known security company Security Dog gives its own answer, "product"-"platform"-"content" of the new model.
Security products mainly collect or provide security basic information, and perform analysis of the platform after analysis of the disposition Action (action), which is generally divided into from the network layer, terminal (including the server) to execute action. The platform mainly contains data storage, sharing, while the analysis platform provides API interface, and traditional security products for "interaction." The main platform is to ensure performance, stability and so on. The content is generated by correlation, analytics, inspect and comes with an action.
Security dogs have the hard-to-reach users of other companies in the industry-protecting more than 2 million (cloud) servers, with daily attacks exceeding hundreds of billions of times a day, which makes their data more real-time, offensive, and feature-rich.
In turn, through its cloud-based platform last year, the storage analysis of these large volumes of data, including IP black and white list, rules, viruses, behavior, and other cloud library, and can be linked to security data analysis, rapid detection of security incidents and accurate judgment, Thus can better provide users with timely and effective alarm information and attack analysis, to achieve the analysis of alarm and other content services.
It is worth mentioning that, according to the analysis of the maturity Model presented by Thomas da Venport, the process of data analysis should be from standard reports, special reports, alarms, statistical analysis, forensics, prediction-by-layer progression, that is, to persuade the cloud platform to achieve alarm is only the beginning, the ultimate realization of risk prediction, with big data driven security is the key.
This manuscript contains text, pictures and audio and video materials, copyright belongs to the Qilu Evening News, any media, websites or individuals without authorization shall not be reproduced, offenders will be held responsible for the law.
"Product + platform" security dog with big data-driven security