Intranet threat situation visualization solution
Along with the rapid development of the Internet, the importance of network and its impact on the society is growing while the network security problem is becoming more salient; potential threats are everywhere in the network and intrusion and attack behavior has developed into three-dimensional threat that is distributed, large-scale and complicated. Though enterprises have been continuously investing in security equipment and services according to the compliance requirements in terms of traditional security construction, they usually find themselves vulnerable in front of all sorts of attacks of hackers.
We know that traditional network security solutions cannot cover all problems. A new technology that can carry out security situation monitoring of large-scale network is in urgent need. The security threat situation visualization monitors network situation in real time, identifying potential, malicious network behavior before it becomes uncontrollable and making preventions by giving corresponding suggestions and strategies.
Gartner security defense structure system
Design idea of ABT security threat situation visualization platform
The situation awareness in our mind is first, seeing, understanding and seeing through challenges confronting security; second, helping users to understand their own networks and risks by knowing security threats in yesterday, today or tomorrow fully, fast and exactly.
Based on the existing informatization and data construction results, the ABT security threat situation visualization platform collects information of network traffic and security events first with broad data collection means, then analyzes data with advanced data models, machine learning and correlation matching technique; finally it uses big data analysis technology to carry out real-time monitoring on and overall security threat situation awareness of the network on the basis of user’s respective business conditions.
Security threat situation visualization platform
Based on the basic network framework and traditional security defense system, the ABT security threat situation visualization platform solution deploys data collection probers that collect all kinds of traffics in the network at network key nodes. Then it summarizes event logs and traffic information. Therefore, security capability on the three layers of basic policy layer, traffic layer and security threat capability superimposed layer is achieved:
Security domain infrastructure visualization
Automatic extraction and analysis of security policy information of network equipment like firewalls, routers and switches are realized, including routing information, access control policies, NAT policies. Visualization technology is used to carry out visualization demonstration of network security domain infrastructure.
Security compliance path visualization
On the basis of the status quo of customer industry and the enterprise’s business flow, application structure and data structure, compliance baseline policy of core service systems’ critical data to realize layer query of the security domain infrastructure, demonstrate compliance path based on service, forecast network risks and carry out visualization analysis of the core service threat level.
Security baseline matrix visualization
By analyzing enterprise intranet security policy system and service system, security policy matrix between security domains, systems and users and the systems are established to visualize security policy compliance matrix. Violation of policy baseline behavior is automatically warned visually through sustained monitoring on baseline.
Security policy management visualization
Manage and change visualization of whole network security policy, analyze redundancy, conflicts and invalid strategies of related equipment as well as help users get rid of user configuration risks. Based on workflow and user permission, the whole flow of policy change application, analysis and examination is visualized.
Traffic security visualization
DPI in-depth identification and big data technology identifies multi-dimensional service types, e.g. user, network, application, protocol and server, monitoring network indicators such as specified service traffic, dialogue, delay, success rate, length of packets and access region, counting service indicator baseline, warning indicators that surpass the baseline and carrying out historical information retrospective analysis.
Visualization of security capability superimposition and threats
The capability of rapid retrieval and mining of massive data at any period and effective superimposition of different security inspection and defense makes it possible to carry out data association based on the big data technology, screening, filtering, mining, analyzing and realizing visualization of integrated network security situation including security path, service traffic security issue and threat information.
Security threat situation visualization solution value
Allow users to understand and see through their own networks;
Provide visualized analysis for users’ core services and basis for users to shrink network system attack surface;
Know real-time user network service quality and business service quality;
Find network abnormal traffic and generates precaution information in time;
Prevent and forecast unknown threats and risks in the network;