Threat awareness system based on attack chain

 

With the diversification of network threats in the form of

and complex APT attacks and facing the challenges of a new generation of threat not only spread faster, the attack surface is more and more broad, can cover the mobile, desktop, network, web and a variety of applications, such as social networks, the new state often rely solely on traditional NIPS/NIDS equipment to provide the user information has been unable to meet the needs of customers at this stage, professional, systematic, intelligent increasingly is particularly critical; especially with the development of the Internet, the user experience demand, need more threats to the network behavior through big data analysis, intuitive display of the dynamic attack to the customer process.

in order to meet the needs of customers, to simplify the customer equipment operating process, improve customer intuitive feel attack process, perception changes under the new normal threat for the dimensions of the traditional NIPS; to do the new rules loophole adjustment, combined with a complete solution, get rid of the state statistical situation of traditional NIPS devices to a single event display single customer alarm. According to the rules according to vulnerability attacks chain division, combined with the analysis of the data processing center of the new classification rules of alarm log, from big data analysis using trend analysis module of intelligent angle phase (scan, penetration attack, compromised invasion, five stages of installation tool and malicious behavior) give customers the whole process of attack.

speaking of the new normal, what is the new normal? The new normal is "Xi" hot words". "New" is "different from the old quality"; "normal" is the inherent state; the new normal is different from the past, trend, irreversible development. What is the new normal network security threats? Is based on large-scale data security intelligence system and professional, intelligent analysis module integration, make full use of data driven security, achieve "human cloud" all-weather, all-round, multi dimension network security threat perception and three-dimensional solutions.

traditional equipment alarm problem

alarm log is equipment on detecting intrusions, intuitive alarm information to the user first hand shows the level of access network equipment based on the different alarm log number is different, the difference will be several orders of magnitude. In order to improve the overall effect of perceived threat, need to enhance the transformation, forms of network threat space form, realize the extension from the virtual to the real, from local to the overall grasp; through the alarm log analysis focus on global scope of the threat situation, a new paradigm of start threat perception, then analysis the alarm log is very important the alarm includes log analysis, classification of the alarm log, the classification dimensions directly affect the identification and judgment of the customer to alarm log, which will affect the rendering of the threat perception.

traditional device vulnerability rules category

currently has up to thousands of rules, rules, categories, and policies

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>