Design And Implementation Of Network Security Operation Center Of XX Group

With the rapid development of big data and cloud computing in the Internet era,the geometric growth rate of information assets,massive logs and various network security problems have exploded,which have a far-reaching impact on a large area.To the development of the Internet and security environment has brought huge hidden dangers and pressure.Individuals and organizations are also increasingly aware of network security,and various security devices on the market today play a vital role in network defense.Even so,today's network security is still not enough to withstand attacks.The main reason lies in the formation of "information islands" in each security equipment,and the consciousness of valuing technology over comprehensive management in log analysis.In this paper,the network safe operation management present situation and the related technology has carried on the detailed analysis and research,designed a set of detection,protection,monitoring,early warning and response for the integration of the safety of the operation service platform,the computer system,network system and the information infrastructure to provide a safe,effective and powerful guarantee.According to the safety management system within the original log collection,Fan Shihua,through correlation analysis,scene rules,the alarm rules,such as the analysis of the data model,combining with the system of assets,it is concluded that the current system of the risk of the threat of provides professional,authoritative,can reflect the overall security situation analysis,and aims at making industry safety standards.To serve important industry users and ensure the security of important information systems.The main work of this paper includes putting forward requirements from the perspective of users,and designing and implementing an integrated security operation service platform that integrates detection,protection,monitoring,early warning and response.The network security operation system designed in this paper collects the original logs output by all kinds of network equipment through the collector node of the system,then normalizes and normalizes these original logs according to specific rules,and merges the massive logs in the first step to form visual security logs.Security logs node after event correlation analysis,the system forecast scenario analysis node,node real-time analysis,warning analysis will be split between each other a lot of safety information for the second step of the analysis of the merge,forming the alarm events,from massive logs to the analysis of the alarm event generation process in real-time network and balance condition of the system as a whole to make risk assessment and the alarm response.Take active security analysis and real-time situational awareness to quickly identify and control threats.Security operations center after the layers of analysis on security incident analysis combined with the vulnerability of assets under management system,management of operations center network within the network attacks,data leakage,botnet infection status,viruses,trojans and other malicious software and leaks and other safety monitoring,found that network security threats from external,achieve the goal of comprehensive early warning,for network security risk prevention provide a high level of professional service,continuous monitoring for the entire network security analysis and tracking,accurate positioning the source.On the one hand,the vulnerability library,malicious address library and malicious URL library that the background of the security operation center system relies on are based on the accumulation of users in their own operation process;on the other hand,they need to be updated in real time from the official national resource library to cope with the rapid changes of attacks.The main problem to be solved in this paper is to assist network security operation and maintenance personnel to use the operation center system to provide information security management support for users from the perspectives of security incident monitoring and tracking,security risk discovery,alarm response and disposal through interface visualization.Effectively resist external intrusion and attacks,comprehensively detect network security incidents,and establish a trackable risk control mechanism.Enable users to network security events can be known,visible,controllable,can be prevented.In terms of structure,firstly,the analysis of background and current situation is taken as the entry point,and then the design and implementation of the system are described in detail according to the requirements.Finally,the test and verification are carried out to prove that the system can meet the requirements of network security operation center system in terms of function and performance.