big data security analysis faq summary

Posted by lipsius at 2020-03-11

Reading: 6174

Big data is the hottest vocabulary of IT industry nowadays. With the development of data warehouse, data security, data analysis, data mining and so on, the utilization of large amount of business value has gradually become the profit focus of the industry.

When I communicate big data problems with users, I often encounter some problems. Now I summarize these common problems, and I hope to help you.

1. What is the core goal of big data security analysis?

Answer: in order to be able to find the security truth behind the data. There is association between the data, traditional analysis can not summarize the massive data, but big data technology can meet the analysis needs of the massive data. Through the big data base, we can mine security events such as apt attack, intranet secret channel, abnormal user behavior, etc. On this basis, it can build a decision support system for safety and provide data support for safety decision.

2. Big data security analysis enterprise level deployment scheme and successful case introduction.

Response: there have been successful cases in State Grid and operators. Through the analysis platform, the overall security situation awareness can be carried out, and the overall security situation can be controlled in a global perspective. Take the operators as an example, summarize the data of the whole network and carry out data mining, and present the results visually.

3. Introduce the development of big data security analysis at home and abroad.

Answer: at present, Cisco's open SOC is the representative of mature big data security analysis abroad. It collects network traffic, security device log, business system log, network device log by using big data technology, and mines and correlates these data, and finally finds out security events.

4. Is there a mature methodology for big data security analysis?

Answer: we need to look at this issue from two perspectives. First of all, big data is a specific technical implementation. This technology can meet the needs of traditional data mining in its applicable scenarios. The methodology of safety analysis is constantly innovating. There are still some ideas in the methodology of safety analysis that cannot be implemented, and the core problem that cannot be implemented is the lack of technical support. At present, we use big data technology not to innovate security analysis, but to implement the goals that security analysis could not achieve. Just like the concept of relational data, it was first put forward in 1970, and the landing product only had its prototype in 1976. Big data technology is actually the implementation of security analysis methodology.

5. Is there any technical standard or specification for big data security analysis support platform?

Answer: there is no technical standard or specification at present, but the country is making corresponding standards. Lvmeng technology will participate in the formulation of standards in 2016.

Big data2

6. Technical difficulties easily encountered in the process of big data security analysis projects or links requiring a large amount of investment?

Response: at present, the analysis platform is basically mature technology, and the difficulties are mainly in the two links of preliminary planning and safety analysis. In the early stage of planning, the basic information such as hardware configuration and storage capacity should be accurately estimated. In the later stage of security analysis, professionals need to conduct in-depth data mining.

7. How to achieve data driven business security from the perspective of big data security analysis?

Response: through big data analysis, we can quantify the security events in the current enterprise, and drive business development through security events, so as to achieve the goal of data-driven business security.

8. As a non IT enterprise, what are the necessary conditions to realize big data security analysis?

Response: there is a full-time it team, a full-time security team, necessary resource investment, and necessary process support.

9. What is the status quo of big data security analysis visualization technology? What are the contents, methods and forms of the exhibition?

Answer: visualization technology is always developing, and it is widely used in BI system before big data. With the maturity of big data technology, visualization technology can not only realize the traditional pie chart, line chart, scatter chart, histogram, bar chart, but also display multi-dimensional map, thermal chart, bubble chart, diagram, parallel coordinate chart, etc.

10. How to show the advantages of big data security analysis?

Answer: presentation is only the final result of security analysis. The core of the advantage of big data security analysis is the security analysis model. The advantages at the display level are completely from the definition of the security model. It is not easy to explain its advantages only from the display level. This is mainly due to the rapid development of visualization technology before big data technology.

Big data3

11. What are the most commonly used data types for big data security analysis?

Response: DDoS situation awareness, traceability model, apt attack model, asset vulnerability situation awareness, website vulnerability situation awareness, etc.

12. If big data security analysis is implemented from three dimensions of expert system, statistical analysis and machine learning, is there any corresponding algorithm or data model?

Answer: these three are different levels. Expert system is usually composed of online and offline parts. The offline part is the customer's local knowledge base, which records a lot of experience and deals with problems through historical experience. The online part is a cloud knowledge base system. Customers raise and solve problems through the cloud system, and the online system is usually 7 * 24 hours, which is handled by global experts. Statistical analysis, data filtering and results presentation through simple statistics. Usually, non professionals do simple data statistics. We can find some problems from a macro point of view, but we can not achieve in-depth data mining. In order to deal with this situation, data warehouse will be built in the business system, through which data mining can be realized. But because it is time-consuming and laborious to build data warehouse, it can only be used in the security field in large group enterprises. Machine learning, in fact, is the process of self correction to achieve the accuracy of the results. This is a relatively mature technology, and there are many mature cases in the financial field. Machine learning is mainly used in areas where it is difficult to define rules artificially, such as abnormal flow monitoring, abnormal behavior detection, etc. It is usually used in business scenarios where it is difficult to judge by rules. There are mature algorithms and applications in these three levels, and all pass the test of the actual scene.

13. Is there a mature big data based solution for apt attack and 0day attack?

Answer: apt attacks are usually carried out in the way of attack chain. The attack chain is divided into three stages: 1. Threat entering stage 2. Threat spreading stage 3. Data stealing stage.

Apt attack detection and defense focus on the first two stages, threat attempt entry and diffusion, big data analysis uses Threat Intelligence System to index, summarize, count and correlate data from network, email, security, operating system and other levels to detect threats entering the enterprise. This is the application of big data analysis in the field of apt threat detection. For the 0day vulnerability, green alliance uses the threat analysis system deployed at the network boundary to monitor in real time, and judges whether there is a threat through the static and dynamic analysis of samples. After the analysis of the sample analysis engine, we can get whether the sample utilizes the 0day vulnerability. According to the reputation information of the sample itself, such as the file signature, the back connected CNC address used by the sample, we can use the big data engine to analyze the current data and the archived historical data, and locate and trace the affected hosts, users and other information.

14. What are the implemented big data based security analysis algorithms or models for known threat patterns? (list useasae)

Response: 1) analyze the same asset according to the attack chain association, analyze according to the time of threat detection, and describe the attack chain

2) Merge statistics merge attack events of the same type, many to one statistics, one to many statistics

3) Threat Intelligence Association Analysis Based on Threat Intelligence, the current data and historical data are queried recursively to generate alarm events

4) Abnormal traffic learn normal access traffic and alarm when the traffic is abnormal

If you need to know more, you can join QQ group: 486207500 direct inquiry: 010-68438880-8669