• 介绍

  • solution

  • Program advantage

  • In reality, security operation faces many challenges

介绍

Taishan Network security operation platform is a comprehensive security control and operation platform integrating SOC and security services, providing security control and aggregation capabilities for cities, regions, industries and enterprises to maximize security service delivery, unified management and unified command。Based on the security big data center and security brain, quickly build a three-dimensional, intelligent, active, dynamic security operation and management system。Provide the dual capabilities of security protection and security operation in cyberspace。It adopts a large-scale, intensive, networked, systematic, data-oriented, and intelligent aggregated service model to introduce national information security resources, gather industrial information security capabilities, and protect national critical infrastructure and important information systems by means of big data, artificial intelligence, and cloud computing platforms。Provide management, operation and decision support for security early warning, effective monitoring, effective traceability, effective disposal, and security governance, realize the transformation from passive security protection to active security management and control, and form a new model of sustainable development of security infrastructure construction。

solution

Taishan Shield security operation platform is based on security big data center and security brain,Realize data collection, intelligent analysis, perception identification, real-time monitoring, intelligent prediction, response and disposal, early warning notification and security governance, and realize security operations such as asset management, situation awareness, system defense, command and dispatch, offensive and defensive drills, network security, business security and data security,Service transaction, security community, service provider management platform, operation and maintenance operation platform and security operation management platform service operation based on the security trading platform scenario,Form a security management platform with security service transaction, comprehensive data management and comprehensive security incident management capabilities。The platform utilizes a variety of threat detection technologies, big data association analysis and machine learning techniques,In conjunction with the National Threat Intelligence Data Service,Comprehensive mapping, risk detection and attack tracing of its important and critical information infrastructure,It deeply describes the data situation of people, things, places, things and related relationships at the level of network security。It has realized the pre-warning, discovery in the incident, backtracking, early warning notification and so on。Build a closed loop of network security management from a global perspective。

Program advantage
System characteristics
  • 01

    Open architecture Layered and decoupled technology architecture adapted to multiple scenarios

    The platform decouples data collection function, data storage analysis function and business system function, and builds an open technology architecture based on IaaS, PaaS, DaaS and SaaS, which can be compatible with and adapt to users' existing diversified IT environments such as cloud computing and big data。

  • 02

    Multi-source heterogeneous data acquisition capability

    Fully support different brands of different types of security data acquisition equipment and different sources of different structures of data,Adopt a variety of data docking methods such as active acquisition, active acquisition and passive reception,Based on data center data visualization, intelligent governance,To form an all-round security data collection and analysis capability of all elements in cyberspace。

  • 03

    The supervision of geographic information in cyberspace can be seen

    The visualization technology based on network geographic map information integrates network security events and cyberspace asset data to enrich the visual expression from the dimensions of geography, assets and events, comprehensively display and describe the distribution and attributes of cyberspace resources, and realize the visual expression of cyberspace elements。Events are used as trigger conditions,Quickly concatenate events, assets, and geographic elements through graphics,Clarify the interaction between the various elements,To form a set of dynamic, real-time, reliable and effective cyberspace operational command map,Make the asset base more clear, incident discovery more accurate, threat positioning more accurate, threat analysis more intelligent, threat tracing more automatic;Improve the capabilities and efficiency of business units in incident discovery, forensic location, and traceability,Make the work of functional departments more intelligent, automatic and visual。

  • 04

    Closed-loop early warning notification process based on industry supervision scenarios

    The platform supports mobile apps, Dingding, wechat mini programs, SMS and other notification methods to achieve second-level notification and feedback of important security events and threats, thus forming a complete network security supervision business closed loop with zero loss of regulatory data。

  • 05

    7X24 hours online experts on duty, security warning zero false alarms

    The platform establishes forensic research and judgment to ensure zero false positives in the monitored vulnerabilities, assists users in customizing special notifications and provides 7×24 hours emergency response, escorting the safety of the user system。

  • 06

    Professional experts and service team

    The company has a huge security analysis experts and security service team, to provide the "cloud + platform + service" operation model, to provide users with timely and effective security services, to provide security for the uninterrupted and stable operation of the business。

In reality, security operation faces many challenges
  • With the increasing size of traditional security systems, enterprises often face the following security challenges in the process of security operations:

  • In order to improve safety, safety equipment is constantly piled up, and the increase in the number of equipment increases the difficulty of operation and maintenance.

  • All kinds of security equipment are relatively dispersed and isolated, forming security islands;

  • Massive security logs contain various false positives, which makes manual analysis difficult.

  • Traditional safety equipment can only analyze past or present problems without predicting future risks.

  • Traditional security equipment can not store the original data information, security events, traceability is difficult;

  • Lack of security operation personnel and insufficient analysis and processing of data。

  • The industry's thinking on security threat detection and defense has changed dramatically, recognizing the need for a single device, a single method, and a focus from the past

  • Threat single-stage, real-time detection evolves to the establishment of a defense system in depth, from passive to active, looking at the problem from the whole threat attack chain, and building a situational awareness system based on big data analysis is the most effective means of response。

Shandong Yuntian Safety Technology Co., LTD. All rights reserved Lu ICP No. 17007379-1

Lu public network Anbei 37010202002190