Safety operations center
Network security status and demand analysis
Requirement 1: security status requirement
01 Viewing from technology
It does not have the ability of safety supervision and analysis covering the whole network. It is unable to achieve unified supervision and in-depth analysis of safety issues of the whole network safety equipment;
Distributed bidding and decentralized bidding lead to the lowest level of overall integration. At the same time, each safety equipment is mutually exclusive and forms isolated safety measures, which cannot be coordinated and linked as a whole; 2) lack of comprehensive information collection means; 3) massive historical data accumulated and large amount of new data generated in real time are all "dead data";
02 from an operational perspective
The safety operation process system is not established, which can’t ensure the timely and efficient handling of safety incidents;
"emphasis on technology and light management", "emphasis on products and light on services", placing safety on products and technology;
2) pay attention to the technical process of finding safety problems, while ignore the process of dealing with safety problems;
03 From the perspective of security personnel
The number of network security technical personnel is small, the division of labor is not reasonable, the ability level is uneven, unable to effectively deal with complex network security problems;
the number of security personnel is small, and most of them are part-time;
2)highly overlapping division of labor, mismatch consumption of human resources and low service efficiency;
3) technical personnel are not competent for complex security issues.
Requirement 2: regulatory and policy requirements
1. Strengthen network security situational awareness
“General secretary Xi Jinping on April 19, "network security and informatization work symposium speech," clearly pointed out that "all-weather and all-round perception of network security situation. Know yourself and your enemy, and you will win a hundred battles. “
“The “13th five-year plan” calls for "strengthening network security situational awareness, monitoring and early warning and emergency response capacity building. “
2. Strengthen the construction of network security operation and management
The cyber security law of the People's Republic of China clearly stipulates that "monitoring, defending and dealing with cyber security risks and threats from inside and outside the People's Republic of China, and protecting critical information infrastructure from attack, intrusion, interference and damage".
The newly released Hierarchy Protection 2.0, the "security operations" and "safety management center" put forward the higher request, the protective ideas are also changed to "to the security management center for support, security operations to ensure the safety of the protective architecture", especially for loopholes and risk management, security incident disposal, emergency plan management and so on several aspects, concerning which specific requirements are put forward.
3. Strengthen the construction of network security personnel
As early as 2016, general secretary Xi Jinping proposed that "competition in cyberspace is ultimately competition for talents".
The newly released Hierarchy Protection 2.0 clearly requires that "a certain number of system administrators, audit administrators and security administrators shall be provided; there should be a full-time security administrator, not concurrently; key business positions should be jointly managed by multiple people".
Demand 3: technology development trends
The development of cloud computing, big data, Internet of things and other new technologies has not only brought technological convenience, but also brought new security problems. It also provides new means for safe operation.
APT attack, 0day vulnerability and other advanced threats continue to appear, and they have become the difficulties in current security work due to their characteristics of unpredictability and concealment.
The development of technology and threats promotes the development of new products, such as situational awareness and advanced threat protection products launched by combining threat intelligence and big data analysis. Such products require higher requirements on the ability of users.
01 safe operation is developing towards intensive development
02 situational awareness technology is developing towards intelligent and dynamic state
03 personnel training is developing towards actual combat development
II Safe operation solution ideas
What is safe operation?
Safety operation team building
Personnel ability training and promotion mechanism
The emphasis is on the construction of situational awareness platform
Safe operation and operation contents
Safe operation procedure
Build safety operation center
Security operation center, to achieve 7*24 hours of professional security operation services, to build a full-time network space security capability delivery and output center, improve the ability to detect and respond to hazardous events, strengthen the monitoring and investigation of potential attacks, so as to form a network security operation closed loop.