当前位置:网站首页>Case ① | host security construction: best practice of 3 levels and 11 capabilities
Case ① | host security construction: best practice of 3 levels and 11 capabilities
2022-07-06 20:05:00 【InfoQ】
Security challenges facing the government industry
Government industry host security maturity
- The host found : It can automatically discover hosts , For different network conditions , Provide a variety of exploration methods .
- Application inventory : Automate the inventory process 、 port 、 account number 、 middleware 、 database 、 Big data components 、Web application 、 Web frame 、Web More than ten categories of security assets such as sites .
- Asset search : Provide key assets ( host 、 account number 、 Process, etc ) System wide Correlation , Joint search across multiple assets .
- It can update and respond to new vulnerabilities in real time .
- Ability to set scanning preferences .
- Reduce host resource consumption , Be able to adapt to a specific host 、 Specific circumstances .
- Vulnerability scanning can be integrated with existing patch management systems .
- Support for all operating systems .
- Support to judge the impact of vulnerability repair .
- It's easy to operate , Convenient operation and maintenance in the later stage .
- Minimum system occupancy , Can adapt to a variety of systems .
- Be able to record events correctly , And send intrusion warning messages to the security administrator
- Be able to conduct effective intrusion analysis 、 Incident handling and evidence collection .
- Easy to access and view logs , Provide log filtering function , Easy to operate and search .
- It can realize one key automatic detection , And provide repair suggestions according to the test results , Meet the compliance requirements .
- Support custom baseline , Make self-examination and rectification in advance by formulating strategies , Flexible response to various strength Standards .
- Based on domestic and foreign baseline Standards , Such as waiting for insurance 2.0、CIS The benchmark , Build rich Checklist The knowledge base .
- It can adapt to different operating system environments , Support scanning operating system 、 database 、 Middleware etc. .
- Integrate multiple influential virus detection engines , And regularly update the detection Library .
- Fit common usage scenarios and ISO requirements .
- Actively block and isolate the confirmed virus .
- Quickly verify the virus found , And analyze its intrusion path .
- It can restore the content of the host that has been maliciously modified .
- The ability to establish file integrity monitoring for files or directories that are commonly used or have compliance requirements .
- Be able to detect unexpected file changes .
- Provide customization of monitoring rules , Reduce reporting noise , And alert and notify the file change events that need special attention .
- Can detect memory Webshell、 Process memory injection 、 Malicious DLL loading and other common memory horses .
- Memory backdoor detection should not affect the operation of the main business program .
- Can find malicious code running in the process memory , And send an alarm to the user in time .
- Provide analysis and description of the characteristics of malicious code .
- Use the ability of accurate detection to verify the repair results of the memory backdoor .
- Set honeypots to confuse attackers , Collect real data on actual attacks and other unauthorized activities .
- By deploying honeypot files , Monitor the operation behavior of files in real time , Lure hackers to attack , Avoid disclosure of real business documents .
- Monitor suspicious port scanning behavior in real time and record , Analyze the purpose and motivation of hackers , Timely fix system security vulnerabilities , Avoid real attacks .
- Zero trust : Realize the access between networks based on the concept of zero trust , Only after the administrator grants credit can you access , Block the access of non credit machines in time , Stifle potential threats .
- visualization : The access between networks is visual to users , When illegal or malicious access occurs , Can distinguish legal and illegal access through different colors .
- The adaptive : Network access policy adaptation . Policies should automatically adapt to changes in the network environment , Timely distribute and implement the latest strategies .
- Continuous monitoring : Abnormal or illegal access behaviors that may occur in the network should be monitored in real time and continuously .
- The person in charge of supply chain network security should cooperate with the relevant teams in the product development cycle , Fully consider the employees of suppliers and developers 、 technological process 、 Safety problems in tools, etc .
- Maintain and manage your own SBOM, Be able to accurately identify key information . At the same time, it needs to support asset information in the cloud native environment .
- Government agencies using cloud native technology , Should be based on DevSecOps idea , Adopt an integrated approach that extends from the development phase to runtime protection , Realize the safety of the whole software life cycle .
- Judge whether the behavior is normal or abnormal : Summarize laws from the behavior of government agencies , Generate relevant models , And regularly check whether there is any behavior that breaks the original law , Effectively identify normal and abnormal behaviors .
- Understand the organization's high-value goals : You need to know the target of the attacker , Sort out all high-value goals of government agencies .
- Data association analysis : Connect several kinds of raw data , Global analysis , Relational query , Find abnormal behavior , Realize the timely discovery of unknown threats and the path traceability of known threats .
- Predict how to be attacked : Attackers exploit weaknesses in organizational structures and data flows , Try to get valuable data without being noticed .
Host security construction cases in the government industry
- Rapid deployment with automated operation and maintenance tools , Quickly realize the security guarantee ability of servers in the decentralized industry LAN .
- Ivy vine has been deployed on the two core business systems of the Seismological Bureau business network and the station network center network Agent, Through model analysis and calculation , Discover risks and threats in real time .
- Through expert remote online consultation 、 On site support services to achieve in-depth analysis of security strategy risks 、 track 、 Handle 、 close , Form a closed loop of safety management .
summary
边栏推荐
- [play with Linux] [docker] MySQL installation and configuration
- Chic Lang: attributeerror: partially initialized module 'CV2' has no attribute 'GAPI_ wip_ gst_ GStreamerPipe
- 新一代垃圾回收器—ZGC
- 5. 无线体内纳米网:十大“可行吗?”问题
- In simple terms, interview surprise Edition
- Guangzhou's first data security summit will open in Baiyun District
- PowerPivot——DAX(初识)
- Groovy basic syntax collation
- 颜色(color)转换为三刺激值(r/g/b)(干股)
- 121. The best time to buy and sell stocks
猜你喜欢
腾讯Android面试必问,10年Android开发经验
An East SMS login resurrection installation and deployment tutorial
腾讯T3手把手教你,真的太香了
Pay attention to the partners on the recruitment website of fishing! The monitoring system may have set you as "high risk of leaving"
信息系统项目管理师---第八章 项目质量管理
PowerPivot - DAX (first time)
rt-thread i2c 使用教程
腾讯架构师首发,2022Android面试笔试总结
Analysis of rainwater connection
Selenium advanced operations
随机推荐
Test Li hi
After solving 2961 user feedback, I made such a change
Tencent T3 teaches you hand in hand. It's really delicious
腾讯T4架构师,android面试基础
Cf960g - bandit Blues (type I Stirling number +ogf)
Wonderful coding [hexadecimal conversion]
Oceanbase Community Edition OBD mode deployment mode stand-alone installation
350. Intersection of two arrays II
Synchronization of data create trigger synchronization table for each site
HMS Core 机器学习服务打造同传翻译新“声”态,AI让国际交流更顺畅
Interpretation of Dagan paper
AddressSanitizer 技术初体验
某东短信登录复活 安装部署教程
Understand yolov1 Part II non maximum suppression (NMS) in prediction stage
【云小课】EI第47课 MRS离线数据分析-通过Flink作业处理OBS数据
redisson bug分析
腾讯字节等大厂面试真题汇总,网易架构师深入讲解Android开发
【GET-4】
POJ 3207 Ikki's Story IV – Panda's Trick (2-SAT)
腾讯T3大牛手把手教你,大厂内部资料