Shulou(Shulou.com)06/01 Report--

As we all know, Rong Teng network shunt is an important basic equipment of network monitoring front-end in the field of network security! It plays a vital and irreplaceable role in the security of the whole network. However, what category of network security products do devices such as the network shunt TAP belong to? There are certain cognitive differences in the industry, today we talk about the classification of network security products!

Cassette 48 10GATCA14 slots 480x 10G and 76 x 100G Mobile signaling acquisition equipment 160x 10G and 48x 100G

The first part is an overview

Let's first take a look at the categories that IDC has used for many years.

Security is divided into products and services, and products are divided into software and hardware. IDC's market research is also based on this framework. In recent years, the network security industry has developed rapidly. At present, there are many subdivided areas of network security, the product characteristics also overlap, and the product form will evolve dynamically with the development of technology and application scenarios, so the classification of network security products is still a challenge. This article pays attention to the classification of network security products and does not consider services for the time being. Network security products are divided into six first-level categories: "endpoint security", "network security", "application security", "data security", "identity and access management" and "security management". Several second-level classifications are defined under each first-level classification, and the second-level classification is subordinate to the first-level classification. In recent years, "big things move" has a certain impact on the shape, characteristics and application scenarios of network security products. Rong Teng Network believes that this impact will be more sustained and profound in the coming years. Based on this, four first-level scenarios of "cloud", "big data", "Internet of things" and "mobile" are defined. There are several second-level scenes under each scene, and the second-level scenes are subordinate to the first-level scenes.

The second part is the classified introduction.

Let's first take a look at the first-level classification.

"Endpoint Security" includes three secondary categories, namely "malware Protection", "Terminal Security Management" and "other". Each second-level classification contains several third-level classifications, and the third-level classification belongs to the second-level classification, which is the same below. What this part of the three-level classification needs to explain is Terminal Detection and response (Endpoint detection and response), which is popular in foreign markets and has a tendency to replace antivirus products. At present, there are few such programs in China, of course, it may be that my understanding is limited.

Endpoint security consists of three secondary categories, namely "malware protection", "terminal security management" and "other". Each second-level classification contains several third-level classifications, and the third-level classification belongs to the second-level classification, the same below. "Network security" includes four second-level categories, namely, "Security Gateway", "Detection and Defense", "Network Monitoring and Audit" and "other". This is a big category, and this part has the largest market share. There are three points that need to be explained in the three-level classification of this part: 1. × × is temporarily classified into security gateways because almost all firewall products have × × functions. Although independent × × products have also developed some proprietary features, such as authentication and rights management, application virtualization and so on. two。 Advanced threat Detection (APT) products are mainly aimed at "0 day" vulnerability exploitations. although they combine features such as behavioral analysis, threat intelligence and sandboxing, they are essentially detection behaviors, so they are classified as * detection and defense categories. 3. In China, online behavior management is also a large category, which is classified into behavior management and audit because the application for sales license is generally tested in accordance with the network communication audit standards.

"Application security" includes three secondary categories, namely "WEB security", "database security" and "email security". This part is relatively clear, three-level classification of everyone can look at the picture, do not repeat one by one.

"data security" includes three secondary categories, namely, "data governance", "file management and encryption" and "data backup and recovery". In the era of big data, data is the core asset for countries, enterprises and individuals, and data security is particularly important. Data governance mainly includes: data discovery, data classification and data control. DLP products can solve the problems of data control. Xianer believes that the difficulty of data security lies in the evaluation of data value, and the level of security protection should match the value of data. If anyone has any research on data value evaluation, I want to learn from my teacher.

Identity and access Management includes two secondary categories, namely, Authentication and Rights Management and Advanced Authentication. This part is an important part of security and basically revolves around three questions. "who are you?" It's a certification question, "what can you do?" It's a question of authority. "what have you done?" It's the audit.

"Security Management" consists of three secondary categories, namely "Security Operations and incident response", "vulnerability Assessment and Management" and "Governance, risk and Compliance". Let's start with the differences between log audit LA, security information and event management SIEM and Security Operations Center SOC. The data source of LA is log, and the main process is collection and processing, analysis and display. In addition to log, the data source of SIEM should also have flow, dpi, full packet, registry, process and so on. The amount of data is larger, the ability of collection, processing and analysis is stronger, and the display content is more rich and complete than LA. SOC is to add workflow to SIEM, and of course the latest features are Security Automation and collaboration (Security automation and orchestration). In China, the data collection dimension of such products is relatively single (mainly log), and there is room for further improvement in data processing and analysis capabilities, safety automation and collaboration. Let's talk about vulnerability scanning and patch management. Some time ago, wannacry is an N day exploit, as long as it is patched in time, nothing will happen. For ordinary users, the security risk will be greatly reduced by timely security updates. If it's worth using a 0 day vulnerability to * you, you need to consider a higher level of security.

With DPI and quintuple filtering function, inner and outer layer peeling off

Part III other scenarios | Network shunt

Let's take a look at Cloud first.

The "cloud" scenario consists of two secondary scenarios, namely "cloud security" and "secure cloud". Instead of playing with words, there is a difference between the two. Let's start with cloud security. Cloud security refers to the problem of IaaS, whether it's private or public. Generally speaking, after the data center is in the cloud, the original box-shaped network security products can not be deployed, and cloud security products emerge as the times require. It can be understood as the software of security products originally applied to the data center, which solves some cloud security problems on the basis of adapting to the cloud platform, such as host security, tenant isolation, east-west traffic, application protection and so on. Let's talk about the security cloud, which can be understood as a SaaS service. It turns out that you buy an anti-DDoS device and deploy it locally (On-premise) to protect the server from denial of service. Buy an account from the SaaS service provider and direct the traffic to the service provider, who is responsible for detecting and cleaning the traffic so that legitimate traffic can access your server. At present, the common secure cloud services are Cloud Anti-D, Cloud WAF, Cloud identity Authentication IDaaS, website Cloud Monitoring and scanning, and so on.

The "big data" scene includes two second-level scenarios, namely, "big data Security" and "the Application of big data Technology in the Security Field". Big data is the most important resource in the future, and the problems he is facing are relatively clear: first, how to ensure the security of resources by resource owners; second, legal collection and rational use of big data resources. At present, the applications of big data technology in the field of security include situation awareness, threat intelligence, anti-fraud, risk control and anti-money laundering.

The "Internet of things" scenario includes two second-level scenarios, namely, "industrial control security" and "intelligent devices". The safety products applied to the industrial control field have certain requirements for hardware, such as wide temperature, wide humidity, wide pressure and so on. The software can protect the industrial control system (Scada, DCS, PLC). With the popularity of smart devices, the security problems we face will gradually increase, which is the big market for security in the future.

The last scene is "moving". We can hardly do without mobile phones now, and mobile security is also a big problem. For mobile devices, personal privacy protection is important. Many app requests to access location, address book, information, phone records, photos and other private data. Once allowed, what data does app access? Is there any collection of personal privacy? The user doesn't know. For mobile applications, the security problem of client-side App is mainly tampering. Installing a tampered App is equivalent to installing * * on the phone. The security problem of the server is similar to the application security, more specifically, Web security, because the client-server communication uses the HTTP/HTTPS protocol.

Signaling acquisition devices support IPV4 and IPV6, and 99% of the user association success rates support 10G and 100G interfaces!

Through the above, we can have a clear understanding of the classification of network security products!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.