Locally Deployed Software-Defined Security Operation Platform,The cybersecurity intelligent response platform centrally integrates and visually displays network-wide asset information, application information, etc. It realizes full-lifecycle management of network asset vulnerabilities, reduces the need for manual inventory, and improves asset security management capabilities and operational efficiency. The platform enables centralized collection and storage of security event logs from different types of devices of multiple vendors. Through parsing, filtering, merging and noise reduction of massive logs, it automatically analyzes and issues early arnings using orchestration rules, and implements blocking of IPv4 and IPv6 addresses including source addresses and source proxy addresses of high-risk incidents.
Locally Deployed Software-Defined Security Operation Platform
The cybersecurity intelligent response platform centrally integrates and visually displays network-wide asset information, application information, etc. It realizes full-lifecycle management of network asset vulnerabilities, reduces the need for manual inventory, and improves asset security management capabilities and operational efficiency. The platform enables centralized collection and storage of security event logs from different types of devices of multiple vendors. Through parsing, filtering, merging and noise reduction of massive logs, it automatically analyzes and issues early warnings using orchestration rules, and implements blocking of IPv4 and IPv6 addresses including source addresses and source proxy addresses of high-risk incidents.
(The user shall provide virtual machine or physical server resources for operating the platform with specifications no less than: 16-core CPU with performance ≥ 2.0GHz, 32GB memory, 1TB hard disk, and offer SSL VPN or zero-trust access authorization via account and password.)
1.1 Preparations
Deployment and collection of security capabilities
Asset entry
1.2 Standardized Data Collection and Linkage Debugging
Normalization of security events
Linked response of security devices
1.3 Regular Security Operations
Conduct vulnerability security testing before service launch, and provide vulnerability reports based on test results.
Quickly trace attack behaviors and analyze the scope of affected assets and risks based on the platform’s log retrieval capabilities.
Provide 5×8 security event detection and early warning, and push confirmed threat alerts in real time via WeChat, email, Feishu, DingTalk, alarm devices, etc. (An interface with the OA system can be developed as required to realize automatic linkage of event early warning and notification.)
For high-risk security incidents, security operation experts shall provide incident analysis and investigation.
Manually filter and reduce noise from logs in case of false positives occurring within the network.
Deliver regular operation service outputs, including monthly and annual reports of security operation services.
Locally Deployed Software-Defined Security Operation Platform
The cybersecurity intelligent response platform centrally integrates and visually displays network-wide asset information, application information, etc. It realizes full-lifecycle management of network asset vulnerabilities, reduces the need for manual inventory, and improves asset security management capabilities and operational efficiency. The platform enables centralized collection and storage of security event logs from different types of devices of multiple vendors. Through parsing, filtering, merging and noise reduction of massive logs, it automatically analyzes and issues early warnings using orchestration rules, and implements blocking of IPv4 and IPv6 addresses including source addresses and source proxy addresses of high-risk incidents.
(The user shall provide virtual machine or physical server resources for operating the platform with specifications no less than: 16-core CPU with performance ≥ 2.0GHz, 32GB memory, 1TB hard disk, and offer SSL VPN or zero-trust access authorization via account and password.)
1.1 Preparations
Deployment and collection of security capabilities
Asset entry
1.2 Standardized Data Collection and Linkage Debugging
Normalization of security events
Linked response of security devices
1.3 Regular Security Operations
Conduct vulnerability security testing before service launch, and provide vulnerability reports based on test results.
Quickly trace attack behaviors and analyze the scope of affected assets and risks based on the platform’s log retrieval capabilities.
Provide 5×8 security event detection and early warning, and push confirmed threat alerts in real time via WeChat, email, Feishu, DingTalk, alarm devices, etc. (An interface with the OA system can be developed as required to realize automatic linkage of event early warning and notification.)
For high-risk security incidents, security operation experts shall provide incident analysis and investigation.
Manually filter and reduce noise from logs in case of false positives occurring within the network.
Deliver regular operation service outputs, including monthly and annual reports of security operation services.
