Solutions for security operation and maintenance services in the era of big data
With the improvement of the construction of government enterprise informatization, almost all users of the industry have built their business systems on the basis of network applications. The convergence of Internet applications and services has brought huge efficiency improvements and sustained competitiveness to users. However, in recent years, due to Internet attacks suffered enormous economic losses, and showed an increasing trend year by year, the security problem has become one of the arch-criminal Chinese harm the healthy development of the Internet, any subtle security issues, are likely to lead to the Internet application system has been a serious threat to the government.
If in the past we have repeatedly stressed that the government and enterprise users should be prepared in the field of Internet security, here the so-called "security" is the user has not encountered major security incidents, or have been attacked or attack but they can make nothing of it then the recent "Ling mirror, incident no doubt to the world of Internet information security alarm.
If in the past we have repeatedly stressed that the government and enterprise users should be prepared in the field of Internet security, here the so-called "security" is the user has not encountered major security incidents, or have been attacked or attack but they can make nothing of it then the recent "Ling mirror, incident no doubt to the world of Internet information security alarm.
In March this year, South Korea suffered severe APT network attack, South Korean broadcasting company, cultural radio, television and other media, Yonhap Shinhan bank, Agricultural Bank and other financial institutions of the computer network that paralyzed. The attack is characterized by hackers using antivirus software patches, trust relationships between servers and other terminals, and malicious programs that cause disastrous results. From this event, Symantec AntiVirus software is not operation on the server security audit, is the main reason for the accident. Because of the strong APT attack, its attack mode has changed greatly compared with the traditional attack mode. The traditional anti-virus and intrusion detection systems are more inclined to monitor, and how to adopt new security strategies to cope with changing attacks, and we must rethink and perfect our next generation security system.
The advent of the big data era, in the security field, information systems planning, construction, investment and other decisions will increasingly be based on data and analysis to make judgments, rather than the past based on experience and intuition model. How to collect and analyze data, provide statistical reports regularly, including the type of attack, attack high risk distribution statistics, security vulnerability issue, how to directly show the real-time security situation, information systems provide data basis for safety decision-making has become the most important issue facing the government and enterprise users.
We suggest that users of government and enterprises should solve the problem of information system security from the following four aspects:
1, the establishment of information system security incident monitoring mechanism, timely discovery of information system security issues
In the operation and maintenance stage, how can we detect the abnormal behavior in time? Is this what a normal user should do? Has the user been controlled or put on a vest? For example, a server has a large number of external upload behavior, access, IP appear in a large number of unfamiliar overseas IP or CNCERT notification malicious IP.
Therefore, the user needs to establish a set of effective security event monitoring and early warning measures, can in the information system will be attacked or have been attacked, quickly and accurately detect attacks, and quickly launched the emergency mechanism and disposal. At the same time, we can make a comprehensive analysis of the security events of the information system, understand the security situation of the current overall system, and provide effective data support for the overall network and information security planning.
2, in advance to guard against, in advance to do security checks, and comprehensively enhance the active detection capability
The security of Web applications is becoming more and more important. Nearly 40% of the intrusions are caused by Web applications. In a survey published by Applied Research, more than half of the most frequent attacks on corporate feedback were directed at Web applications. Half of these attacks are on the list of the famous "OWASP ten threats". Faced with these persistent and frequent attacks, users of government and enterprise need to carry out regular security checks, and proactively discover vulnerabilities and potential threats in the information system.
3, improve the response and processing ability of security incidents
Combining the problems found in the monitoring and the understanding of the vulnerability in the security inspection, it provides the basis for the emergency response processing, and establishes the safety knowledge base according to its own and industry characteristics. In view of the majority of enterprise technical strength unit does not have independent handling security incidents, the government support units need professional security service vendors to provide security incident warning and response and the necessary technology, improve the security event information department government unit response and handling ability.
4, through strong comprehensive analysis ability, provide data reference and decision support for the information department
Should the security information system at any time of the operation and the security situation and trend, based on mass data, a comprehensive analysis of the security incidents and security situation, the law and the various macro different events interrelated rules, provide a powerful data reference and decision support for the information department.
In order to solve user problems encountered in the security operation, Topsec quanyun service using an Topsec service management system cloud service center technology platform, advanced experience and mature security operations team, relying on the national regulatory authority from the analysis of data, provide convenient and efficient secure cloud services, for enterprise units include: 7*24 hour remote security monitoring, security monitoring, security audit, security incident response, security consulting, periodic safety inspection, maintenance and other services in the local field, can help users quickly and effectively solve the security problem, effectively alleviate the users in the security system facing the operation and maintenance phase of work pressure, improve the running effect of the enterprise information security system.
As the first commercial domestic security service organization, talent service center with quanyun provide security experience for users of information system in the Beijing Olympic Games, Shanghai, World Expo, the Guangzhou Asian Games, eighteen, NPC and CPPCC important period, relying on talent of anti Laboratory (alpha -Lab) emergency treatment on opinion mining security vulnerabilities and the major security vulnerabilities, and through the experience of many years of accumulation, the feedback control to the platform to the platform, according to the feedback results through the intelligent learning to update its monitoring mechanism, establish security knowledge sharing, in order to achieve the purpose of closed-loop. Through cloud security services to help users establish monitoring, analysis, early warning and handling of the operation and maintenance mechanism, combined with inspection and emergency response, to achieve one-stop security hosting.
