How can a big data safe boat not turn over?

The rapid expansion of the number, speed, and variety of security data has resulted in not only the integration, storage, and management of massive amounts of heterogeneous data, but has even shaken traditional security analysis systems and methods. Do you know what big data security analysis is?
1. What is the core goal of big data security analysis?
Find the security truth behind the data.
There is a correlation between the data, traditional analysis can not aggregate massive data, but big data technology can cope with the analysis needs of massive data. Through the big data foundation, security events such as APT attacks, intranet hidden channels, and abnormal user behaviors can be discovered. On this basis, it can be built as a security decision support system to provide data support for security decision-making.
2. What is the current status of big data security analysis at home and abroad?
At present, the relatively mature big data security analysis in foreign countries mainly collects network traffic, security device logs, business system logs, network device logs by using big data technology, and mines and correlates these data, and finally finds security events.
3. Is there a proven methodology for big data security analysis?
Big data is a concrete technical implementation. This technology can solve the difficult requirements of traditional data mining in its applicable scenarios. The safety analysis methodology has been constantly innovating. There are still some ideas in the safety analysis methodology that cannot be reached. The core problem that cannot be reached is the lack of technical support.
The current big data technology is not to innovate security analysis, but to put the goal that security analysis could not achieve. Just like the concept of relational data, it was first proposed in 1970, and the landing product did not have a corresponding prototype in 1976. Big data technology is actually the implementation of the security analysis methodology.
4. What are the technical difficulties or the large-scale investment that are easy to encounter in the process of big data security analysis?
The analysis platform is basically a mature technology at present, and the difficulty is mainly the two aspects of the preliminary planning and safety analysis. The preliminary planning should be able to accurately estimate the basic information such as hardware configuration and storage capacity. The later security analysis requires professionals to dig deeper into the data.
5. How to realize data-driven business security from the perspective of big data security analysis?
Through big data analysis, it is possible to quantify the security events existing in the current enterprise and drive business development through security events, thereby achieving the goal of data-driven business security.
6. As a non-IT type enterprise, what are the necessary conditions for realizing big data security analysis?
A full-time IT team, a dedicated security team, the necessary resources, and the necessary process support.
7. What is the status quo of big data security analysis visualization technology? What are the contents, methods and forms of display?
Visualization technology has been constantly evolving, and visualization technology is widely used in BI systems without big data. With the maturity of big data technology, visualization technology can not only realize traditional pie chart, line graph, scatter plot, bar graph, bar graph, but also map, heat map, bubble chart, force map, parallel graph Multidimensional display.
8. How to demonstrate the advantages of big data security analysis from the presentation level?
The presentation is just the final result of the security analysis. At the heart of the security analysis of big data is the security analysis model. The advantages at the presentation level are entirely derived from the definition of the security model, which is not well illustrated by the presentation level. This is mainly because visual display technology is also rapidly evolving without big data technology.
9. If big data security analysis is implemented from the three dimensions of expert system, statistical analysis, and machine learning, is there a corresponding algorithm or data model?
These three are different levels. There are mature algorithms and applications at all three levels, and all pass the test of the actual scene.
◎ Expert system is usually composed of two components: online and offline. The offline part is the customer's local knowledge base, which records a lot of experience and handles the problem through historical experience. The online part is the cloud knowledge base system. The customer asks questions and solves problems through the cloud system, and the online system usually takes 7*24 hours, and the global experts take care of the problem.
◎Statistical analysis, data filtering and result presentation by simple statistics. Simple data statistics are usually performed by non-professionals. I can find some problems from a macro perspective, but I can't achieve in-depth data mining. In order to cope with such actual situation, a data warehouse will be built in the business system, and data mining will be realized through the data warehouse. However, due to the time and effort required to establish a data warehouse, it will only be used in the security field in large group companies.
◎ Machine learning is actually the self-correction of the program to achieve the accuracy of the results. This is a relatively mature technology and there are many mature cases in the financial field. Machine learning is mainly used in areas where it is difficult to delineate rules, such as abnormal traffic monitoring and abnormal behavior detection. It is usually used in business scenarios where it is difficult to judge by rules.
10. What are the implemented big data-based security analysis algorithms or models for known threat patterns?
◎ Attack chain correlation analysis: The same asset is analyzed according to the time of threat detection, and the attack chain is described.
◎ merge and count the same types of attack events to merge, many-to-one statistics, one-to-many statistics.
◎ Threat Intelligence Correlation Analysis Recursively query current data and historical data based on threat intelligence to generate alarm events.
◎ Abnormal traffic learns normal access traffic and alerts when traffic is abnormal.
点击图标下载 App