Design And Implementation Of A Large-scale Enterprise Information Security Operation Monitoring Center

With the rapid development of IT technology,the problem of information security is becoming increasingly prominent,and the situation of information security is more and more serious.At present,more and more IT security vulnerabilities are quickly discovered,and the attack methods of exploiting security vulnerabilities emerge in endlessly,and various business systems are facing increasing threats.Therefore,it is necessary to establish a safety operation monitoring platform to analyze the operation status of the monitoring system through event correlation,so as to realize the integration of safety event monitoring,analysis,response,disposal and safety management process.The research goal of this project is to collect from the network equipment,security equipment,operating system,database,middleware,security alarm log and running state information,through the event correlation analysis to data processing of log information collected and the correlation analysis,running state monitoring system,set up including event analysis,risk analysis,early warning management,strategy management and emergency disposal of the response of the integration of centralized control and safe operation of the automation support platform,and build by people,technology and management of three elements of the safe operation of the organization system,beforehand to prevent formation,tracing back matter monitoring,afterwards the safe operation of the closed loop control system.As one of the core modules,security early warning module combines people and platform closely through information collection,processing and display.Through the system to realize the management of vulnerability and risk management,security events,security policies,security configuration and security early warning,through the platform specific security situation analysis from the multidimensional evaluation of the security operation state of the business system,to provide a decision basis for the management of the dispatching command.Platform construction process synchronous drive safe operation of the safe operation of the system construction,team construction and safe operation of the capacity building,for the safe operation of the link between systematic implementation,management,technology integration,build a real "safe operation ability","safe operation mechanism","safe operation level" the safe operation of the monitoring center.