The future big data security to watch a lot, which enterprise is more tough

When the data is more and more and the network is more and more common, the traditional security protection mode of setting boundaries is more and more powerless. With large data technology for security analysis, that is, large data security analysis methods, gradually into the mainstream.

IDC predicts that by 2020, cloud security, Internet security and large data security will be the three pillars of the information security market, and that large data security is the key to ensuring enterprise security in the future. As early as two years ago, Gartner had predicted that the boundaries of security would become increasingly blurred and that big data would be the key to solving security problems. And Gartner's data show that companies in the past have invested 90% of their security budget in defence, and that the next 60% of the security budget will be used to detect and respond.

So, now some old information security enterprises to accelerate the direction of large data security, cloud security and internet security, while some new security companies have emerged, in the application of large data security has been fruitful. In the future, there is a lot of data security.

One aspect: Enterprise proprietary large data security analysis products

For the current intense enterprise competition, the big data becomes the business leaders ' most concerned direction.

According to Anxin, it is the most effective way for the industry to resist new external attacks (APT) and internal personnel to steal core data by storing and analyzing enterprise's system, application and user access behavior data based on large data frame, and using machine learning and algorithm to detect abnormal behavior. Can maximize the protection of enterprise information assets security. Based on such a concept, John Hansight launched the next generation of large data security analysis platform for Enterprise.

Hansight Enterprise is a toll platform for large enterprise users with three advantages: first, data acquisition. Anxin's own log collector can obtain network and security device logs, operating system logs, application logs, database logs, or any timestamp data source. At the same time, Anxin also supports the acquisition of network streams (NetFlow).

Second, data storage and correlation analysis. The Anxin solution can provide real-time or long-term correlation analysis for the Analytics module. The hardware requirements of the system are not high, can run directly on the general x86 hardware devices, and have very high throughput, data compression rate and persistent large-scale data storage capability. The system provides event-related analysis capabilities spanning multiple data sources and systems, whether in real time association analysis or historical data based correlation analysis.

Third, security intelligence analysis. Security analysis is the soul of anxin, which detects abnormal behavior patterns and hidden threats by machine learning and algorithmic analysis of a great deal of historical log information, whether it is external apt attack or insider leak. Lucidity security threats by filtering and analyzing large and complex datasets.

Comment on: International well-known security company's big data security products have FIREEYE,HP ArcSight and Splunk Enterprise, the Anxin hansight features and positioning of a similar, Are the entire flow of the enterprise monitoring and security analysis, more or less involved in Third-party security log, network flow, Third-party application log traffic analysis. Dong Xin, the co-founder and chief operating officer of Anxin, said that Anxin's data volumes, the ability to detect external threats, and the detection of internal anomalies were better than those of well-known international companies.

Of course, just because of his own rhetoric does not prove the strength of its large data security analysis capabilities, the 1-year product will need more applications to prove that, as the company set up less than 2 years of future development track How will also need time to prove the same. However, at present, a bank of China's online banking system using Hansight Enterprise, found a lot of previous users did not find internal and external attacks.

Two points: A large data security analysis platform for full network detection

For the current intense enterprise competition, the big data becomes the business leaders ' most concerned direction.

In the field of network security for many years to know Chuang Yu, there are two major data security analysis products: Zoomeye and accelerated music.

Zoomeye is a proactive search for network space, including web pages and host ports, to see if there are vulnerabilities. The goal is to find the risk earlier than the hacker and feed back to the user. And through the Zoomeye, know that the creation of a security incident can also be affected by the scope of the location and the tracking of the bug repair process, than other security companies earlier to grasp the real situation of security incidents.

The accelerated cloud defense platform is mainly used to track and locate the hacker's attacking behavior in large data direction. Know the creation of Vice President Cosine said that at present, through the Accelerated music platform analysis of nearly 2 billion data, of which about more than 100 million attacks data, from these attack data, security researchers can analyze the hacker attack site, the use of methods, types of vulnerabilities, etc., to achieve positive defensive effect. As a free-use defense platform, the accelerator attracts more than 500 companies to join each day. The more enterprises joined, the more analysis data obtained by the accelerated music, the more accurate the trajectory of the hacker action captured.

Comments: Know Chuang Yu focus on network security, analysis of the flow is mainly HTTP traffic, the face of security services to the site, rather than the overall security of the enterprise. and Hansight Enterprise, fireeye,hp arcsight,splunk Enterprise Security is different, know that the large data safety analysis platform for the analysis of HTTP traffic, positioning is not apt detection, but defense. It is also suitable for use in the public cloud environment for network Security defense services.

Three: Large data security analysis products embedded in hardware platform

For the current intense enterprise competition, the big data becomes the business leaders ' most concerned direction.

Qiming stars Large data security analysis platform TSOC-BDSAP and hansight enterprise similar, but also in the customer's heterogeneous mass data such as events, network raw traffic, documents and other information, combined with association analysis, machine learning, real-time analysis, historical analysis and human-computer interaction and other analysis methods, Discover security attacks and threats that traditional security products cannot detect, such as apt attacks.

Venus Chen, general manager of Yepong Products headquarters said, Tsoc-bdsap mainly for large enterprise-level market, especially the financial, energy, power, operator industry. The second is to face the government industry, especially the large data security analysis under the cloud environment. The choice of large enterprise market is because this kind of unit basically realizes the large concentration of the business and network, and has the real day quantity security data need to be processed and analyzed, there is high apt risk. These customers need new technical tools to improve the level of existing security and security confrontation. Choose the Government cloud environment, because in the government cloud environment security has the significant big data analysis demand and the condition, some classical big data security analysis scene may obtain the actual application.

At present, TSOC-BDSAP has been testing, trial and pilot in several enterprise customers, and has won two big data security projects for government cloud.

However, Yepong also pointed out that the current domestic application of large data security analysis platform is basically in the research and pilot stage, has not yet been large-scale application, but with the whole large data ecological integrity, as well as the network and information security demands increasingly urgent, this market will soon usher in the outbreak period.

Comment on: Venus Chen is the domestic information security leading enterprise, in the security solution has the hardware platform, also has the software platform, but also has a large number of enterprise Client resources. These customer information is in the transition to the private cloud phase, Venus Chen in this transition opportunity to launch a private cloud security soft and hard scheme, and the scheme will naturally embed Venus Chen's own tsoc-bdsap,tsoc-bdsap in the promotion of relatively easier.