A large domestic financial institution, has built a relatively complete security management system and security technology system, and basically realized real-time and quasi-real-time in security defense, detection and analysis, but when security alarms occur, they are still followed up and disposed of by means of work orders; it is hoped that a security automation operation system can be built to speed up the response speed and reduce the loss caused by security events.
The product receives a large number of security alerts every day, requiring a lot of human and material resources to respond. Security alerts are screened by humans, and a large number of valuable security alerts may be ignored. Security capabilities cannot be quickly converted into productivity. The use of hard-coded way to develop security disposal process is time-consuming, inflexible and difficult to reuse.
HoneyGuide intelligent risk decision-making system integrates security orchestration capabilities with the existing security automation operation platform, basically realizing the architecture of security defense, security detection, security analysis, and security response in real time and quasi-real time.
The security response process was launched quickly, from 2-3 days to 20-30 minutes. Automatic response to common security incidents, saving human resources and improving system processing efficiency. Build a security automation operation system, realize the whole process from automatic protection,automatic detection,automatic analysis,automatic response .
A provincial unit of a domestic mobile operator, in order to better implement major event protection, security protection network exercises and industry compliance, builds an intelligent network security attack and defense strategy library, linking various security protection resources to form a three-dimensional network security attack and defense system.
very year, we undertake several major event security tasks, which require a lot of human and material resources and a lot of repetitive work. Safety emergency drills require the participation of a large number of personnel and systems, resulting in long cycles and unsatisfactory results. The safety department manages many brands and types of safety equipment, and the disposal of safety events requires the participation of many people and teams, and the processing timeframe cannot be guaranteed.
HoneyGuide intelligent risk decision-making system for major security, emergency response and other important work to provide intuitive, dynamic visual effects to support the convenience of security personnel from a macroscopic and rapid judgment of the situation to match resources, HoneyGuide system as the core to achieve the security monitoring center, attack and defense command center, attack and defense disposal center and other three centers.
Major event security strategy is realized according to the event level with one key switch. Realize real security protection drills through virtual war room, fast, real, automatic recording of the process, and automatic output of reports upon completion of the drills. Integrate security protection resources into a whole, unified choreography, unified scheduling, and build three-dimensional security defense capability.
The top-ranked domestic e-commerce company with hundreds of millions of registered users suffers from tens of thousands of cyber attacks every day and needs to deal with more than 500 security incidents; the security department has built more than 15 sets of security tools and platforms.
The large number of security events generated every day leads to security analysts being overwhelmed, while a large backlog of security events leads to security events being ignored, security risks cannot be disposed of in a timely manner, and serious security risks exist. Security event processing needs to switch back and forth between various systems, and the event processing efficiency is low. Security policies are often adjusted, and the lack of comprehensive verification of policies leads to policy conflicts and impaired protection effects.
1、Through the security orchestration function, more than 20 systems that need to be accessed during the disposal of the security department are connected to the HoneyGuide system, scripting the process of security events handled by security engineers on a daily basis, creating more than 30 scripts of various types, realizing the automated processing of security events. 2、Security engineers can operate more than 20 systems through a single virtual war room, triggering over 3、For important security policies, the security policy is regularly verified by means of scripts to avoid the risks brought by security policy adjustment.
Major event security strategy is realized according to the event level with one key switch. Realize real security protection drills through virtual war room, fast, real, automatic recording of the process, and automatic output of reports upon completion of the drills. Integrate security protection resources into a whole, unified choreography, unified scheduling, and build three-dimensional security defense capability.
"Security attack and defense" is one of the most concerned points in the network security industry, in order to pre-discover possible major risks to the country's critical information infrastructure and carry out timely repair and protection. As China attaches importance to network security, the units involved continue to expand more and more, network security confrontation exercises are getting closer to the actual situation, and organizations treat network security needs from passive construction, upgraded to business security just need.
1. Lack of guidance for network protection planning: How should enterprises prepare before participating in the network protection action? How to defend in the event? How to analyze after the fact? The tasks and planning matters involved in each stage are very complex and require the support of security expert services.
2. Lack of tools for network protection management: The entire process of traditional network protection lacks digital tools for management, and the process is difficult to record, analyze, and precipitate.
3. Inefficiency of network protection response: The traditional protection network completes the IP address ban by hand or some playbooks, which is extremely inefficient and difficult to guarantee the quality.
Build a one-stop actual combat attack and defense solution for people, tools and capabilities, and solve security attack and defense problems in three stages package, which is convenient for the security team to quickly carry out network protection planning;
2. Provide special risk management playbooks: weak password rectification, closed-loop management of high- and medium-risk vulnerability repair, etc.;
3. Pre-war security emergency plan drills are playbook and online Digital management scheduling.
Actual combat stage:
1. Management of offensive and defensive personnel in actual combat, arranging and signing in;
2. Providing a human-machine collaborative operation room;
3. Rapid integration and disposal Ability to build a one-click arsenal;
4. Provide out-of-the-box automatic analysis and disposal playbooks for alarm events.
Summary stage:
1. Automatically generate incident handling reports and experience accumulation;
2. Provide data support for the whole process of actual attack and defense summary.
1. Lack of guidance for network protection planning: How should enterprises prepare before participating in the network protection action? How to defend in the event? How to analyze after the fact? The tasks and planning matters involved in each stage are very complex and require the support of security expert services.
2. Lack of tools for network protection management: The entire process of traditional network protection lacks digital tools for management, and the process is difficult to record, analyze, and precipitate.
3. Inefficiency of network protection response: The traditional protection network completes the IP address ban by hand or some playbooks, which is extremely inefficient and difficult to guarantee the quality.
ICP备案号: 沪ICP备19034207号-1 沪公网安备 31011202011640号
