Shulou(Shulou.com)06/01 Report--

In recent years, with the rapid development of the financial industry, the prosperity of online banking and Internet finance is eye-catching. At the same time, security risks are also accumulating, exposing many problems and causing widespread concern. This year, the government work report of the two sessions once again mentioned Internet finance, calling for vigilance against cumulative risks. In the future, the prevention of financial science and technology risks will become the top priority of the financial system reform. Many financial enterprises have taken corresponding security management measures to reduce the security risks of financial technology, and deployed a series of security devices such as firewalls, * * detection, * protection, network audit, vulnerability scanning and so on. However, with the continuous expansion of financial institutions and the continuous increase of business, the amount of information about financial security is also expanding rapidly, which makes information security practitioners in the financial industry gradually feel that it is difficult to locate and solve security problems quickly by using traditional security products, thus reducing the effect of information security protection and investment benefits.

At present, there are many hidden dangers in the deployment and implementation of information security, such as the rapid expansion of security information and the shortage of information security technicians. these problems expose the fragility of a single point of deployment and non-unified security operation and maintenance system, which is mainly manifested in the following aspects: first, All kinds of devices in the network, such as security equipment, network equipment, host server system and so on, produce a large amount of security log data, which makes it impossible for security technicians to obtain valuable information quickly, and the massive data leads to an increase in the workload of information processing. Second, the massive security log data formats generated by all kinds of devices, different models and different manufacturers are different, and it is difficult for heterogeneous security log data to share information. as a result, it is impossible to realize the centralized processing and association analysis of network security log data. Third, after the occurrence of a security incident, although a single security device can provide a certain solution, there is a lack of reasonable and detailed handling suggestions and a tracking mechanism for the event handling flow, so that the security incident can not be handled quickly and effectively, and the work efficiency of security technicians can not be measured. Fourth, the lack of a unified security knowledge sharing platform leads to the low level of security of the organization as a whole. Fifth, information security management and security technology are relatively isolated, lack of interface to connect the two, so that management and technology can only get half the result with twice the effort.

In view of the above hidden security problems, there is a first generation security management platform with information assets as the core, security events as the main process and risk management as the guidance. However, with the continuous development of network technology, cloud computing technology continues to mature, the arrival of the era of big data, the information security of network users is also being tested. While big data brings new opportunities, it also brings more network security risks. The event analysis and management capabilities of the traditional security management platform have become more and more difficult to deal with threats with unknown features such as APT***. In the face of the increasingly complex network environment, massive alarm data and difficult tracking of malicious events, the traditional single-point security operation and maintenance system is no longer enough to support the current security environment of enterprises. Enterprises need smarter solutions to deal with the increasing number of unknown security threats.

Not only that, but also from the perspective of information security risk management, big data technology should be adopted to establish a risk perception, monitoring and early warning platform at the levels of physics, network, host, application, data and further refinement. to achieve quantitative security risk management, graphical security risk positioning, interactive security incident monitoring and real-time security situation awareness. And form a series of knowledge base, rule base and other best practice results.

In the security architecture, the enterprise security platform organically integrates the information security products that pay attention to the technical details, the operation and maintenance of the incident disposal process, and the management level of the overall security situation. Therefore, the construction of enterprise security platform is not only the rapid improvement of security technology, but also the efficient improvement of management system.

Based on the massive, multi-source and heterogeneous security log data, alarm data, business data, network traffic and network operation and maintenance data of the whole network, the enterprise security platform constructs the security scenario analysis of the financial network through the centralized analysis of the data. to achieve real-time awareness of security risks and situations. Quantify the results of the operation and maintenance process of risk compliance management in advance, perceive all kinds of security alarms and abnormal behaviors in a timely manner, and the business changes and event disposal operation and maintenance processes monitored by the security platform afterwards, all summarized and unified into a risk-aware business data chain.

The application of enterprise security platform should be to apply risk visualization technology to the whole life cycle of information security risk management, from the perspective of decision-making, management and execution, as well as different dimensions before, during and after the event. Study multi-level, multi-perspective information security risk quantitative assessment model, situation assessment model, visual presentation framework and visual interaction technology Turn passive information security management into active information security management, and gradually improve the ability of accurate control, dynamic decision-making and continuous improvement of information security risks.

Finally, the platform should also provide different security business data and statistical analysis for people from different perspectives, including decision makers, managers, security operation and maintenance personnel, business unit personnel and system administrators.

To sum up, the construction of enterprise security platform solves the problem of massive data and information isolated island, and simplifies the data model of security management as a whole. Many kinds of data from all kinds of IT infrastructure in the network will be stored in a general database, and the intelligent association analysis will be carried out according to the scientific strategy. Enterprise security platform has gradually become a sharp weapon for information security technicians in the process of work, which can respond to changing security risks more effectively.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.