Platform
Network Defense Cloud Security Management Platform
Network Defense Cloud Security Management Platform
Platform introduction
The platform architecture is shown in the figure below:
一、 Construction plan
The security resource pool is loosely coupled with the cloud platform business resource pool, that is,two resource pools are deployed independently, with interfaces opened at the management platform level for necessary information sharing. It facilitates the establishment of a clear interface of operation and maintenance responsibilities between the security service provider and the cloud service provider, and facilitates the security service provider to perform its duty of supervising and auditing the cloud service provider vested by the end user, so as to ensure the interests of the end user.
The security resource pool is divided into 3 types of resource pool: serial protection, bypass detection and service management
The deployment of serial protection resource pool:
It consists of north-south serial protection resource pool and east-west serial protection resource pool.
l North-south serial protection resource pool
Lead the flow between intranet and extranet to the north-south serial protection resource pool, complete the cleaning and protection through service choreography, and reject the clean flow to the business resource pool.
l East-west serial protection resource pool
Lead the flow between different domains in the intranet to the east-west serial protection resource pool, complete the cleaning and protection through service choreography, and reject the clean flow to the business resource pool.
The deployment of bypass detection resource pool:
It consists of service chain data reproduction, switch port mirroring, virtual machine diversion, plugin diversion, etc. It is used to detect and process the mirroring flow diverted from the tenant resource pool, without rejecting the detected flow to the tenant resource pool.
Divide a virtual machine from the host machine to deploy diversion virtual machine software, capture flow from the bottom layer of virtual environment, and filter the flow according to the security strategy at the protocol level based on quintuple.
Plugin diversion:
Install diversion plugins on the business virtual machine inside the business resource pool, capture flow on the virtual machine and convey it to the security network element inside the security resource pool through a tunneling mode. The network element has a built-in function of releasing tunnel encapsulation, completing the follow-up processing of mirroring flow. It currently supports the plugin diversion mode of database audit, etc.
Deployment of service resource pool: The security service resource pool does not need to receive and process the original business flow or mirroring business flow in the tenant network, provided the network between the tenant is accessible. It is used to perform vulnerability scanning, configuration check, multi-log audit, centralized security management for the tenant resource pool.
Ability to output
Through the management, deployment and arrangement of various security resources, cloud security management platform enables the security ability of a range of software, hardware and virtual forms to comprehensively adapt to the cloud environment, and conducts continuity management and evaluation for a number of security risks facing the cloud environment.
The platform can not only output security ability at product level, but also the security ability at the overall solution level.
Security ability at product level:
l Security product ability for protection
For example, firewall, WEB application protection, intrusion prevention, etc.
l Security product ability for detection
Intrusion detection, hyper-convergence detection, advanced persistent threat detection, database audit, etc.
l Security product ability for management
Baseline check, vulnerability scanning, operation and maintenance audit, etc
Security ability at solution level:
l Compliance security ability
Cloud security solution ability meeting the requirement of hierarchy protection of 2.0
l Information security ability
Solution ability meeting regulation requirements for sensitive information protection
l Security value-added ability
Make the security ability pool-oriented, served and operated, provide security value-added service for government and enterprise dedicated line, traditional IT environment, cloud IT environment, and output security value-added solution ability
l Industrial control security ability
Virtualize the industrial control security products, and adapt them to industrial control business scenario through security service choreography to protect the industrial cloud, and output industrial control security solution ability
Expert service
The following expert services are provided:
l Technical support;
l Consulting and planning;
l Program customization.
Service hotline:
400-810-7766 (24H)
E-mail:
shfw@leadsec.com.cn
Address:
Zhongguancun, 8 dongbeiwang west road, haidian district, BeijingSoftware park 21