Data Collection Layer (Data Acquisition Method Based on Customization)
Given the scenario of the user's situational awareness, the solution can combine the users’ actual business needs, customize the entire collection scheme, rely on different data collection objects and content, define different analysis scenarios and modeling.
The objects of the collection include, but is not limited to, data exchange equipment, network security equipment, server and other host equipment, mobile terminal equipment, etc.
Data collected provides the information required for situational awareness analysis includes but is not limited to:
●security device configuration information
●threat intelligence information
●abnormal traffic information
●known event library information
●unknown behaviour detection information and other information
Analysis Layer (Situational Awareness Based on Big Data Platform)
The solution is based entirely on Big Data development, using massive information collection and processing methods to provide users with a paradigm of hierarchical security information, collection, storage, centralized analysis and comprehensive situational capability presentation of hierarchical and massive security information. Situational awareness analysis can be performed either in online, offline and on-premise modes.
The solution provides users with tracking and management of traffic identification, protocol analysis, file restoration, flow traction and other data, use different techniques and methods like machine learning, artificial intelligence, behaviour modelling, scene construction.
The monitored data will go through a process to sort and classify, streamlined filtering, comparative statistics, essential identification, trend induction, correlation analysis, mining and prediction to help users with a dynamic and up to date overview of the security situation and risks.
Presentation Layer (Situational Awareness Closed Loop based on Adaptive Management)
The base solution includes standard components of situational awareness analysis. Optional modules can be added as required, such as threat intelligence service, advanced analysis, equipment operation and maintenance management, asset management, configuration verification, traffic anomaly analysis, and website monitoring. At the same time, the presentation layer can provide user with expert analytic to assist security professionals to track various types of security threats.
Presentation layer can be customized to provide a dashboard to integrate information from the situational awareness analysis module, incident notification and grading warning, threat intelligence service, security operation and maintenance service, etc. This helps to meet and adapt to users requirements and realize the situational awareness closed-loop, situational decision-making, situation prediction and other capacity build-up.