LeadSec Network Security Situation Awareness Platform
LeadSecNetwork Security Situation Awareness Platform
Leadsec network security situation awareness platform is based on IT assets, with the security posture of the entire network business information system as the core, driven by data, guided by user needs, starting from the four dimensions of monitoring, auditing, operation and maintenance, measurement, and having established an all-weather situational awareness support platform. The system applies the big data technology architecture, which can realize the collection and centralized storage of massive security information on the whole network. On this basis, the data is comprehensively processed and correlated, combined with intelligence, flow analysis and other related data, using multi-dimensional analysis models and machine learning technology, timely assessment, measurement, and awareness of system vulnerabilities, availability, risks, attacks, and threats. From the aspects of assets, operations, attacks, vulnerability, risks, threats, flows, and websites, the user is presented with a security posture for asset protection of the entire network to help users perceive hidden dangers and threats, and thus provide decision support for security operation and maintenance.
The Leadsec network security awareness platform integrates with various security devices, subsystems and related security data sources in the network to realize the integration of various types of multi-vendor security protection resources. Through the collection of various security factors affecting the security posture of the network environment, information such as operations, weaknesses, attacks, risks, threats, and flows covering the entire network of assets and services is obtained, and based on this, combined with the perception of the overall security situation Data fusion, association analysis and mining form a multi-view and all-encompassing situational awareness system including attack object and attack source identification, vulnerability identification, attack process identification, risk and impact analysis, and asset running status, and understand and construct partitions for a large and complex situational awareness information processing system.
Ability to output
Leadsec network security situation awareness platform provides the following capabilities:
1) 1) Comprehensive asset combing ability: Asset perception is the basis of situational awareness. The platform can help users to comprehensively sort out assets through various means, discover known and unknown assets in the intranet, and conduct full lifecycle management of assets. It provides users with the asset perception and management capabilities centered on the business system, establishes a comprehensive asset information situation, and provides strong support for the analysis and presentation of other dimensions.
2) 2) Capability of full security elements: The platform can connect various security protection system engines, system operation data, network traffic logs, etc. that may be expanded in the network and may be expanded in the future, which can fully utilize the existing security devices of the users and achieve comprehensive, flexible and open situational awareness system architecture.
3) 3) Situation-awareness big data storage capability: The platform has the ability to store, process and calculate massive amounts of information, providing database processing capabilities for structured data and unstructured data. Its architecture is the current mainstream for the Taihe product department. The distributed big data storage architecture is optimized and transformed by the security-oriented big data analysis process to form its own CupidDB architecture, which is self-controllable.
4) Advanced security situation analysis capability: The platform can comprehensively collect the security information elements, and integrate, correlate and mine data based on cognition and monitoring for the overall security situation. This includes analysis of the threats to the assets and business systems and the degree of their own risks, the attack process of the complex attacks and the analysis of the attack targets, the hazards of the attacks and the scope of the attacks, the source of attack threats, the external threat intelligence and the contrast of internal security information. etc., supporting the platform's security situation analysis with multiple analysis methods.
4) 5) Multi-dimensional situational awareness rendering capability: The platform covers all aspects of security posture through asset perception, vulnerability awareness, operational awareness, attack perception, threat perception, risk perception and situation overview to achieve all-round situational awareness.
5) 6) Early warning notice and disposal capability for safe operation and maintenance: The platform has built-in complete warning notice and disposal workflow, and has corresponding emergency response plan to help the operation and maintenance personnel realize the closed loop of safe operation and maintenance.
6) 7) Open External Threat Intelligence Interface Capabilities: The platform can interface with external open source and commercial threat intelligence information, and provides effective threat intelligence utilization and analysis tools, while supporting the production and utilization of internal intelligence.
Based on the research and development achievements and project accumulation of the safety management analysis platform for more than ten years, it has a mature open analysis platform, and the data analysis dimension is open and comprehensive. It has unified processing of equipment, data central collection and analysis, and structured & unstructured data, providing comprehensive security situational awareness of security device engine independence.