It is the routine work or even all work for office personnel to edit files and send emails with computers. From the perspective of technology, these office needs can be met under the command line environment (such as DOS, Linux etc); however, no one will give up Windows, simply because Windows is simpler. Simplicity and visualization are very important features of IT products, sometimes more important than other functional features.

 Difficulties in intrusion detection

Intrusion Detection System (IDS) has almost 20 years of application. In the previous technological transformations, intrusion technology has made tremendous development from initial pattern matching techniques to later detention technology combining protocol analysis; from the protocol identification technology in line with RFC standards to protocol fingerprints technology-based dynamic protocol identification technology; from the intrusion signatures based detention technology to intrusion principles based detention technology. Large numbers of researchers have focused their efforts on how to make the detection more accurate and comprehensive, while invested insufficiently into how to help users accurately read and understand IDS. The most common scenario is that all data analysis results are displayed on the interface for only display of data. Under such situation, user’s complaints are inevitable that IDS is not convenient and they do not understand alert information of IDS.

Whether to solve this issues and how to solve this problems have become the key to influence intrusion detection products. Where should the intrusion detection data display develop?

Visualized intrusion detection system

As the leader in domestic intrusion detection market, in the aim of how to better use IDS, Venustech has conducted large quantity of users’ research to accumulate information collection and feedback, leading to a gradually clear concept – visualization.

The launch of visualization concept demonstrates the coming of intrusion detection new era when intrusion detection technology gets nearly perfect. And now it is the turn for users to experience.

As the enterprises internet security equipment, instruction detection users could be roughly divided into two categories: operation maintenance personnel and management personnel. The problems plaguing operation maintenance personnel include not knowing what to do when facing incidents flood, inability to judge whether it really happened, not knowing how to effectively handle security incidents and management on large-scale cross-region deployment. However, management personnel are subject to being plagued with redundant information and inability to get threat status directly.

As for operation maintenance personnel, the normal working procedure is as follows: identify which incidents that they should pay attention to first (important and attention-worthy), rule out interference information to directly focus on priorities, analyze whether there is false positive, handle those confirmed security incidents, as well as adjust detection policy. All data and information could also be regarded as supplement to decide what incidents to focus, which is the close circuit of operation maintenance personnel.

However, management personnel shall focus on higher level of problems, including whether there exist threats in internet? Where do these threats appear? What impacts will it have? Whether could it be solved? Whether the internet will be more secure after resolution? How to evaluate whether it is more secure? Whether there will be new threats in future? These are close circuits of management personnel.

The purpose of these two close circuits are to solve the problems that maintenance personnel could operate and management personnel could make decision, which is the visualization process of intrusion detection system and the development direction of intrusion detection products.

Intrusion detection, which used to be regarded as the security products to find hackers and worms, will acquire a brand new definition after the launch of visualization concept: the security management tool to help internet administrators timely and accurately find various intrusion behaviors on internet and internet abnormal behavior, perform real time alerts, follow-up and positioning; display internet overall security status through monitoring and analysis of threats facing internet. Visualized intrusion detection system that focuses more on user’s experience is a leap-forward advancement of customer values of intrusion detection system and will surely promote the coming of era with popularizing intrusion detection system.