The “Big Flaw“ in Protection is Made Disappeared by One-Stop Security Capability Solution

The sudden epidemic outbreak disrupted the normal pace of the office, and various telecommuting solutions came into being. However, these solutions generally ignored the key points constantly stressed in compliance requirements, which inevitably makes people feel upset for "big flaw".

Starting from integrity and compliance, Venustech abstracted and summarized the six parts of telecommuting from the perspective of construction before the event, during the event and after the event, and constructed a new main line of remote office security protection, namely, one-stop telecommuting sustainable security capability solution.

The solution covered the suspicious asset inspection, daily business management, abnormal threat visibility, operation behavior traceability, security emergency response, hosted services around the security management platform with7 * 24 protection for users' critical information assets.

From the Perspective of Before-the-Event

Asset Management AEM

▸  Key Objectives

Remotely monitor shadow asset exposure and perceive asset security

▸  Core Values

Perceive assets security, grasp asset status, and find out the asset risk through remote monitoring of shadow assets exposure.

1. Asset discovery: The active-passive combination and other multiple methods is adopted to quickly identify the discovered assets, detect the online equipment and system components in the network, and collect the general property and security property;

2. Monitoring and early warning: Identify the suspicious assets such as shadow assets and invalid assets, realize the asset closed-loop process, and integrate problem discovery, notification, rectification, verification and archive;

3. Compliance analysis: Based on the baseline and vulnerability management technology, analyze the security of assets in an all-round way.

Security Configuration Verification CVS

▸  Key Objectives

Remotely discover unsafe configuration and verify work environment security

▸  Core Values

Through the deployment of security configuration verification system, on the one hand, improve the overall security level of all equipment in the work environment, especially avoid the unsafe configuration of key information infrastructure; on the other hand, combined with the verification of the unsafe configuration of work environment assets, give reinforcement suggestions to help improve the level of safety and compliance.

1. Provide a variety of verification methods and protocols, the requirements for online and offline inspection are effectively covered;

2. Collect configuration information of host, database, network equipment, security equipment, big data, virtualization, cloud computing, etc. and provide reinforcement suggestions for non-compliance items;

3. Provide complete analysis report, displaying device security configuration in a multi-dimensional way, and provide intelligent reinforcement suggestions.

From the Perspective of During-the-Event

Log Audit SLA

▸  Key Objectives

Record remote operation event, and provide audit for compliance needs

▸  Core Values

Collect and analyze log from the remote workenvironment, grasp the whole network dynamic status to discoverabnormal events, and provide traceability and investigation.

1. Provide log data collection and normalization;

2. Provide real-time log query, statistics and analysis;

3. Provide real-time and historical correlation analysis to discover abnormal events;

4. Provide rich statistical analysis report;

5. Integrate big data technology to provide high-performance log analysis capability.

Business Support Monitoring BSM

▸ Key Objectives

Remotely monitor the hidden danger in equipment performance, construct the environmental safety of equipment

▸ Core Values

Monitor device operation status, and find out the abnormal hidden danger in time.

1. With all-round performance monitoring capabilities, monitor the fine-grained operation status of whole network equipment in real time;

2. Topology visibility display device link status, and graphically show the monitoring capability of virtual topology and multi-level virtual environment;

3. In-depth control and maintenance capability, including equipment management, IP address management, configuration backup, intelligent inspection and ticket, etc.;

4. Monitor and analyze the operation status and security status from the perspective of business;

5. Powerful log collection and analysis capability, providing policy based security event analysis and intelligent correlation analysis.

Situational Awareness NTA

▸  Key Objectives

Identify the flow threatening the remote work and trace attack.

▸  Core Values

Through the deployment of situational awareness NTA (enterprise version), users can grasp the threat situation of the work environment and find out the potential risk.

1. Provide real-time monitoring and fine-grained analysis of network traffic;

2. Sort out compliance and illegal access behaviors;

3. Identify flow threats to user's critical business systems;

4. Record historical flow connection information and network communication information for tracing and investigation, especially high-risk overseas flows, DDOS attack detection, sniffing analysis, DNS exception analysis, etc..

From the Perspective of After-the-Event

Remote Analysis Service

▸  Key Objectives

Threat closed-loop, remote hosting of MSS services.

▸  Core Values

Around the MSS services hosted by security management platforms such as SIEM and situational awareness.

1. Provide a long-term security risk governance solution with business risk governance as the core, "security event management" as the guide, "security risk resolution" as the demand, and "network security support" as the goal;

2. Provide 7 * 24managed service with full platform for customers, including but not limited to in-depth analysis service of security incidents, centralized monitoring service of situation, emergency response service of incidents, expert service of products and other professional services. Meanwhile, help users to collect and analyze logs, model security threat scenarios and verify the validity, trace and record evidence of attack behaviors, guarantee key project effects and emergency response of security events etc.

The one-stop "telecommuting" sustainable security capability solution of Venustech can solve the problem of insufficient security capability construction of users in remote work, improve the integrity of the solution and meet the compliance, solve the common hidden dangers in the remote environment, and guarantee the remote security.