Safety operations center

Network security status and demand analysis

Requirement 1: security status requirement

01 Viewing from technology

It does not have the ability of safety supervision and analysis covering the whole network. It is unable to achieve unified supervision and in-depth analysis of safety issues of the whole network safety equipment;

Distributed bidding and decentralized bidding lead to the lowest level of overall integration. At the same time, each safety equipment is mutually exclusive and forms isolated safety measures, which cannot be coordinated and linked as a whole; 2) lack of comprehensive information collection means; 3) massive historical data accumulated and large amount of new data generated in real time are all "dead data";

02 from an operational perspective

The safety operation process system is not established, which can’t ensure the timely and efficient handling of safety incidents;

"emphasis on technology and light management", "emphasis on products and light on services", placing safety on products and technology;

2) pay attention to the technical process of finding safety problems, while ignore the process of dealing with safety problems;

03 From the perspective of security personnel

The number of network security technical personnel is small, the division of labor is not reasonable, the ability level is uneven, unable to effectively deal with complex network security problems;

the number of security personnel is small, and most of them are part-time;

2)highly overlapping division of labor, mismatch consumption of human resources and low service efficiency;

3) technical personnel are not competent for complex security issues.

Requirement 2: regulatory and policy requirements

1. Strengthen network security situational awareness

“General secretary Xi Jinping on April 19, "network security and informatization work symposium speech," clearly pointed out that "all-weather and all-round perception of network security situation. Know yourself and your enemy, and you will win a hundred battles. “

“The “13th five-year plan” calls for "strengthening network security situational awareness, monitoring and early warning and emergency response capacity building. “

2. Strengthen the construction of network security operation and management

The cyber security law of the People's Republic of China clearly stipulates that "monitoring, defending and dealing with cyber security risks and threats from inside and outside the People's Republic of China, and protecting critical information infrastructure from attack, intrusion, interference and damage".

The newly released Hierarchy Protection 2.0, the "security operations" and "safety management center" put forward the higher request, the protective ideas are also changed to "to the security management center for support, security operations to ensure the safety of the protective architecture", especially for loopholes and risk management, security incident disposal, emergency plan management and so on several aspects, concerning which specific requirements are put forward.

3. Strengthen the construction of network security personnel

As early as 2016, general secretary Xi Jinping proposed that "competition in cyberspace is ultimately competition for talents".

The newly released Hierarchy Protection 2.0 clearly requires that "a certain number of system administrators, audit administrators and security administrators shall be provided; there should be a full-time security administrator, not concurrently; key business positions should be jointly managed by multiple people".

Demand 3: technology development trends

The development of cloud computing, big data, Internet of things and other new technologies has not only brought technological convenience, but also brought new security problems. It also provides new means for safe operation.

APT attack, 0day vulnerability and other advanced threats continue to appear, and they have become the difficulties in current security work due to their characteristics of unpredictability and concealment.

The development of technology and threats promotes the development of new products, such as situational awareness and advanced threat protection products launched by combining threat intelligence and big data analysis. Such products require higher requirements on the ability of users.

01 safe operation is developing towards intensive development

02 situational awareness technology is developing towards intelligent and dynamic state

03 personnel training is developing towards actual combat development

II Safe operation solution ideas

What is safe operation?

People:

Safety operation team building

Personnel ability training and promotion mechanism

Technology:

The emphasis is on the construction of situational awareness platform

Supporting infrastructure

Supporting services

Operation:

Safe operation and operation contents

Safe operation procedure

Build safety operation center

Security operation center, to achieve 7*24 hours of professional security operation services, to build a full-time network space security capability delivery and output center, improve the ability to detect and respond to hazardous events, strengthen the monitoring and investigation of potential attacks, so as to form a network security operation closed loop.