Shulou(Shulou.com)06/01 Report--

At present, we have talked about big data on many occasions, probably in the field of security. From a personal point of view, I am used to dividing related areas and system applications according to different stages of security, mainly including:

Beforehand: system online security check (including operating system, general application loophole check, configuration check, etc.), application system experiment, security policy check

In-process: security threat situational awareness and emergency response handling, security policy update, threat intelligence synchronization

After the event: centralized security audit, the scope of the audit includes not only all security infrastructure logs, database / NoSQL databases, server / terminal operation logs, but more importantly, logs of related application systems (such as CRM, ERP, capital settlement, BLOG, etc.). For forensics, backtracking may also include pcap files, all network sessions and all kinds of application metadata (such as HTTP application headers or SMTP headers).

For centralized security audit, the general sense of SIEMS is really powerless (such as Arcsight), the important thing is that its processing power and algorithm / intelligence capabilities have been completely unable to keep up with the requirements; traditional SIEMS generally only rely on rules, and systems that meet modern security or business security requirements must include automatic and intelligent analysis modules (analysis of various behaviors). Details will be given later.

So the audit system that meets the requirements is not SIEMS or SOC in the traditional sense, nor its packaging, they are only similar in the part of collection and standardization.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.