Situational Awareness Solution

In recent years, the global-sweeping digital transformation is drastically changing user experience, business processes, products and services, and business modes. More and more enterprises run their businesses by leveraging cloud computing, big data, IoT and other emerging technologies. Their core assets are transforming from fixed assets to data assets, and data is the key to their stable business operation. In the process of digital transformation, the network security situation is also increasingly serious. Data leakage events occur frequently, even directly lead to service suspension.

The traditional passive security protection system can no longer resist the increasingly frequent network attacks. Enterprises need to reassess the traditional network security ideas, methods, technologies and systems to build a security system with comprehensive protection. H3C believes that in the face of security threats that are several times faster than our protection speed, we can effectively respond to the increasingly serious security situations only by evolving to a higher stage of security protection, continuously improving the capability of the protection system, realizing the leap from passive protection and compliance protection to active security, and establishing an active, intelligent and global security protection system. The transformation from passive security to active security and the establishment of an active security system is an inevitable option in the digital economy era.

The core of active security is situation awareness. The H3C situation awareness is a process of acquiring, understanding, evaluating, presenting and forecasting the development trend of elements that can cause network situation changes based on the security big data. It is a capability to enhance the identification, understanding, analysis and response of security threats from a global perspective. Through smart analysis and linkage response, combined with machine learning and AI, the closed-loop decision-making of "security brain" and the practice of safety capability are realized.

The H3C situation awareness collects the raw traffic data of the whole network, combines with the threat intelligence on the cloud, explores and correlates the massive security data, senses the situation of attack, threat, traffic, behavior and O&M, and generates a panoramic view of security. In this way, users can quickly and accurately know the current security situation of the network and respond collaboratively.

(1) Security situation awareness

By collecting and analyzing log information of various network devices, security devices, servers, hosts and business systems, the visualization and trend prediction of security attacks on the whole network can be achieved. In addition to attack types, attack trends, TOP analysis of attack sources and purposes, breakthroughs have been made in model analysis and data mining of secondary attacks, attack path analysis and tracing source, providing technical support for subsequent security policy generation and interactive response.

By monitoring the multidimensional real-time traffic, we can effectively identify the abnormal attack traffic in the network, the abnormal behaviors of user access, and information such as DDOS attacks and virus/worm attacks, to improve the risk control and protection capability against traffic attacks.

By analyzing and monitoring the processes of user terminals, the usage behavior of external media in terminals, the traffic access of Internet egress users, and the outbound behaviors of user hosts, the association between different behaviors is identified through algorithms such as machine learning, and potential abnormal behaviors of users are exposed and judged.

(2) Threat situation awareness

Threat situation awareness focuses on the detection of security vulnerabilities, viruses, worms, Trojan horses, and malicious code. By collecting and analyzing information from various devices such as the defense system, anti-virus gateway, web security gateway, sandbox and so on, the threat situation is presented in multiple dimensions. Analysis, judgment and early warning are conducted on unknown risks based on external information to win time for subsequent response decision-making.

(3) O&M situation awareness

O&M situation awareness focuses on status monitoring, performance monitoring, configuration baseline management, O&M warning and fault diagnosis of assets or services in association of users, assets, and businesses. Based on the analysis of big data, the operation status and safety index of assets are comprehensively perceived and monitored, and the visual presentation and simplified operation for O&M decision-making and linkage response are provided. It can also realize remote custody for users, and help the subsequent cloud security O&M value-added businesses.

The situation awareness system can detect threat risks in time, support security decision-making and emergency response, establish a global security warning system, and enhance the overall security protection capability. Firstly, through multi-dimensional analysis and visualization of known and unknown risks, users can quickly identify threats and response collaboratively to defend against them. Secondly, by analyzing the trend of security risks and predicting abnormal behaviors, users can sense risk earlier and enhance the ability of decision-making and prediction of risks. Thirdly, through the design and implementation of cloud O&M, the efficiency of global security devices can be improved, and the time of fault diagnosis and business recovery can be reduced. It can fulfill "active identification, prediction, collaborative defense and smart evolution" for security risks.