大医之道 | 头痛疾病明星专家于生元的思与行

In recent years, digital transformation has revolutionized user experience, business processes, products and services, and business models across the globe. A growing number of enterprises have utilized emerging technologies such as cloud computing, big data, and IoT to conduct their business. As data assets become the core assets of enterprises, data become the key to stable operation of businesses. In the process of digital transformation, network security is becoming increasingly challenging, and data leaks occur frequently, even resulting in the suspension of operations.

The traditional passive security system can no longer resist the increasingly frequent network attacks, urging enterprises to upgrade their network security ideas, methods, technologies and systems and build a comprehensive security protection system. Facing security threats outpacing our protections available, H3C believes that the continuous evolution of security technologies and improvement of the protection system, the upgrade from passive security to active security, and an active, intelligent, and comprehensive security system is the only way to address the increasingly severe network security challenge. In the era of the digital economy, evolving from passive security to active security and building an active security system is the inevitable path before us.

The core of active security is situational awareness. H3C's situational awareness consists of the acquisition, analysis, evaluation, and presentation of elements that can be used to improve the network situation and predict the behavior of the network in the future based on big data. In this way, security threats can be identified, analyzed, responded to, and handled from a global perspective. Through smart analysis and interconnected response and by combining machine learning and artificial intelligence, situational awareness can enable closed-loop decision-making of the intelligent security and fulfill the security capabilities.

H3C's situational awareness collects the original traffic data of the entire network, combines the threat intelligence in the cloud, mines and analyzes the massive security data, and perceives the situation of attack, threat, traffic, behavior, and operation and maintenance. Then, it generates an overall view of network security, enabling users to quickly and accurately understand the current network security situation and respond in a collaborative manner.

(1) Security situational awareness

It collects and analyzes the log information of various network devices, security devices, servers, hosts, and business systems to visualize attacks on the entire network and predict the attack trend. Besides visualizing the TOP analysis of types, trends, sources, and objectives of attacks, the breakthroughs in model analysis of secondary attacks, data mining, attack path analysis, and tracing can provide technical support for generating subsequent security policies and collaborative responses.

By monitoring multi-dimensional real-time traffic, it can effectively identify abnormal attack traffic in the network, abnormal user access, and information such as DDoS attacks, viruses and worms to strengthen the risk control and defense against traffic attacks.

It can analyze and monitor processes of user terminals, behaviors of external media of terminals, traffic access of Internet egress users and forwarding of user hosts. It can find the correlation between different behaviors through machine learning algorithms and identify and analyze potential abnormal behaviors of users.

(2) Threat situational awareness

Threat situational awareness focuses on the detection of security vulnerabilities, viruses, worms, trojans, and malicious codes. It collects and analyzes information from intrusion prevention systems, anti-virus gateways, web security gateways, and sandboxes, and presents the threats from multiple dimensions. Based on the external intelligence information, it analyzes and judges unknown security risks and sends warnings, earning time off for subsequent response and decision-making.

(3) O&M situational awareness

It focuses on status monitoring of assets or services, performance monitoring, configuration baseline management, O&M alarms, and fault diagnosis based on the linkage between users, assets, and services. It comprehensively perceives and monitors the operational status and security index of assets using big data analysis methods, visualizing and simplifying O&M decision-making and collaborative response. In addition, it enables remote O&M of users and facilitates the subsequent operation of O&M value-added services of cloud security.

The situational awareness system can detect threat risks in a timely manner, support security decision-making and emergency response, establish a comprehensive alarm mechanism, and strengthen security protection capabilities. Users can quickly identify threats and make collaborative defense responses through multi-dimensional analysis and visualization of known and unknown risks. The trend analysis of security risks and abnormal behavior prediction enable early perception of risks, which enhances the capabilities of decision-making and prediction. The cloud-based O&M can improve the O&M efficiency of security devices and reduce the time for fault diagnosis and service recovery. It enables active discovery, prediction, collaborative defense, and intelligent evolution for resisting security risks.