Security network access control system
Private network security management and control platform = centralized monitoring alarm system + big data log collection and analysis system + security event management system
The private network security control platform is to help users to manage network security in a systematic and platform-based way. Through the construction of an information work platform for security management, as well as various security monitoring and protection technology means, supporting security management system, operation and maintenance, response and disposal, assessment and evaluation means, it integrates "security management, security technology, and security operation". The five elements of security management, "assets, risks, events, personnel and processes", are organically integrated, and security is taken as an important business to grasp, so as to achieve the overall management of security.
The development of network security to the current stage, is no longer a simple stack of devices can be done, there must be an overall control idea. Because of the following problems, it is necessary to build a platform to manage:
1, safety management has no work grasp, the management system can not be landed, so it is necessary to build an information work platform for safety management. Just like the office needs an OA system.
2. I used to buy a bunch of safety equipment, but no one went to see it every day, and the equipment actually didn't work very well. Security management needs the support of technical means, and security technology needs management means.
3, the traditional firewall, intrusion detection, intrusion prevention, WAF and other security equipment, mostly based on traffic detection, mainly to protect against external attacks, the internal network anomaly, violation monitoring ability is insufficient, the "human" behavior monitoring is not enough, the risk can not be associated with people, is not conducive to distinguish responsibility and effective disposal.
For example, our platform is to manage the virtual network as an entity, and to manage the network with the idea of "epidemic prevention and control". Management of people, management of assets, management of behavior, management of risk, management of disposal.
Build a set of private network security management and control platform to deliver three major systems:
The first is the centralized monitoring alarm system, which is a set of visual large-screen display system in the form of "digital cockpit", which is used to show the assets, risks, disposal and overall security situation of the whole network, and is the "external portal" of the platform.
The second is the big data log collection and analysis system, which is a set of management support means platform, responsible for gathering all kinds of data, associated summary analysis, and is also the "command center" of the entire platform. According to the security goal, the corresponding security technical capability means can be built. Including but not limited to asset discovery, access control, border control, terminal control, data use control, media management, advanced threat detection, log audit, fortress machine, database protection, vulnerability scanning, server security reinforcement, etc., the original unit has built security protection means, can be reused as the platform's security technical capability support means. Capacity building is a long-term and gradual process, which can be continuously increased, upgraded and improved according to the budget, management requirements and product development, which are the "sentinel guards" of the platform.
The third is the security incident management system, which is a set of emergency coordination and linkage system for risk and incident response and disposal, to achieve seamless connection and disposal of platform risks, events and processes, and to meet the needs of docking with superior units and regulatory authorities, and is the "external department" of the platform.
All units with overall network security management and cascading needs need (suitable) to build platforms.
1. Industries with their own independent non-secret private networks, such as public security, courts, etc., have the strictest control requirements.
2. In the industry with independent VPN in the external government network, such as human resources, transportation, health and health commission, tax, market supervision, etc., the control requirements are second.
3. Other government industries, enterprise users, control requirements again.
After the construction of the platform, several major achievements are "asset clarity, risk visualization, and management informatization", and the expected goals of "asset clarity, boundary integrity, risk brightness, data control, and efficient disposal" are realized.
Asset clarity: All hardware and software assets in the network are clarified through asset discovery, registration, registration and other means, and assets are related to personnel, laying the foundation for the next step of security control.
Risk visualization: can discover security risks through various regulatory means, and can summarize and display the security risks found by various means, and can intuitively see what the security risks of the whole network are and where the shortcomings are.
Management informatization: It can provide an informationized work platform for safety management, realize the management functions of upper and lower cascade, incident disposal, assessment and evaluation, and take the responsibility to people in the first time for security risks, and provide the first time response and disposal support.
The construction of the platform does not have to be based on the private network, but the control requirements of the private network will be higher. The management needs for people, assets, risks, events, and process disposal are common, and as long as the unit has assets, local area networks, security risks, and management needs, it can be managed through the construction platform.
The original security products and the platform are not in conflict, and can be accessed as part of the platform capabilities. If you want to achieve systematic safety management and control, there is no information work platform for safety management, there is no effective association between assets, risks and personnel, and there is no effective risk disposal response mechanism, it is recommended to build a platform.
The platform is mainly composed of platform + various technical support means. It can be flexibly combined according to the needs of control, early-stage construction investment, and budget. According to the previous experience of other industries, the city level is generally 1 million to 2 million, and the district and county level are generally 500 million to 1.2 million.
Can be built step by step, urgent need to build first. The platform itself is a combination of platform + capability. The platform and some urgently needed control means are built first, and various security control capacity building can be gradually implemented.
If the overall management and control needs are more urgent, but the funds are temporarily difficult, it can also be built by means of service fees, and the upper and lower technology will provide product deployment first, and the annual payment will be made by means of service fees.
Anhui Shangxia Technology carried out the "Pilot construction of private network security management and control platform" in a city Public security Bureau, making full use of the existing servers, security equipment and network equipment built by customers, connecting to their log data correlation analysis, visualizing customer assets, personnel, risks and events, and building a digital large-screen monitoring and alarm with centralized security monitoring and alarm as the "command center". In the later stage, the "security sentinel" of the security control platform was gradually improved according to the actual needs, and a security incident management system was deployed to seamlessly connect and handle the risks, events and processes of the security centralized monitoring and alarm platform, and meet the needs of connecting with superior units and regulatory departments, and informatization the security incident and security approval management.
1. Experience advantage: Shangxia Technology has undertaken security equipment operation and maintenance projects of public security departments in many provinces, and successfully helped customers discover hacking incidents for many times, providing powerful clues for the public security system. Have mature experience in security operation and maintenance construction, understand the pain points of customer security control, and can really bring value to the security products that customers have built.
2. Product advantages: It connects a number of products in management, data, strategy, process and other levels, forming a complete set of product support required by the management and control platform, which is not available to other manufacturers.
3. Advantages of control and disposal: Based on years of experience in safety operation and maintenance construction, Shangxia Technology has independently developed safety incident and safety approval system, and fully utilized information platform to solve customer operation and maintenance problems.
Network security is a systems engineering. Platform construction is to improve users' network security management and control ability from a systematic and integrated level. For example, just like the human body, it can improve the immunity and improve the overall health level through systematic conditioning, strengthening exercise, daily monitoring, etc., can not say that it is not sick at all, but it can be done "usually less disease, early detection of illness, and not serious illness".