The electric power industry is a technology-intensive and equipment-intensive industry. Its unique production and management methods determine its information development model. Due to the uniqueness of the industry, the power industry puts forward requirements of high security, high reliability, and high stability for IT equipment. Various power companies have accelerated their own informatization process, office automation (OA), MIS systems, power market and marketing systems, EMS, DMS, Call Center, and electricity Automated management systems have been applied to varying degrees. However, the difference between the electric power industry and other industries is that each province and city plans and operates independently. Therefore, the construction of IT systems for power companies in various provinces and cities faces diversity and complexity.
Therefore, in order to ensure the normal work of power companies and the safe and efficient operation of key businesses, how to ensure the availability and security of the aforementioned business applications is a major issue for power companies in network management and operation and maintenance.
With the increasing reliance on IT systems and the growing cyber threats, today's power company network managers and operators are faced with a severe challenge and challenge. They are how to ensure networks in virtually all kinds of threats. Safe and efficient operation. In general, the following issues and challenges are commonly faced by power companies in the area of ​​network security management:
1. Outdated cyber threat defense measures can not cope with new cyber threats The current cyber security defense system is formed by firewalls and IPSs. Under the conditions of deployment at that time, it can meet the needs of network security management, but with the network attack technology With the continuous development of firewalls and IPS, traditional signature-based security devices have been unable to defend against new types of featureless attacks. At this stage, information center IT administrators are unable to detect new security threats on the network, and take preventive measures. Second, there is no means to cope with the problem and there is no way to do it. Therefore, in the face of a new type of attack, the network security defense is in an undefended state, and there are great security risks.
2. When responding to cyber threats, the defense system responds slowly and lacks initiative. When discovering cyber attacks, managers often cannot accurately locate the problem after querying a large number of complex and messy security reports. They also need to go one floor to the next, one by one. Checking and solving problems are inefficient.
3. There is a blank point in the cyber threat prevention mechanism. According to ancient Chinese medicine, “people who are good at treating diseases are doctorsâ€, which means “being good at treating people who have no disease but have a high level of artificial disease,†emphasizing the importance of prevention. Network security management is also the same reason, and it needs a perfect threat prevention mechanism. Traditional network security devices can only protect against known threats with features. The defense against new, featureless threats has become a blank point for existing network threat prevention mechanisms.
At present, the problems commonly found in user intranets Founder management found that the following five typical problems exist in the intranet:
1. Some hosts on the intranet have been found to have network attacks, which pose serious threats to intranet information security. Attacks are mainly caused by host infections. In these attacks, ARP attacks are also harmful to information security. At its best, it will not only lead to network access failures, but it will also result in the theft of critical data. ARP attacks are a new type of cyber threat that performs precise attacks, usually with the purpose of destroying information transmission and stealing information, traditional firewalls and Security measures such as IDS/IPS/UTM do not work at all for such threats.
2. Security defenses rely too much on passive signature detection technology. There are also many new viruses and viruses with unknown characteristics that are not updated due to virus database or antivirus vendors have not released corresponding updates, resulting in existing signature-based security devices (such as : Firewalls, IPSs, etc.) Cannot be found. When a network problem is discovered, the virus has spread in the internal network. It takes a long time and costs for the network to return to normal and the network does not bring huge losses to the service.
3. It was found that some hosts have abused the network and malicious downloading behaviors. They deliberately invaded a large number of network resources, resulting in network congestion, fast and slow, and would seriously interfere with the normal network communication and the work of key business systems, especially for videoconferencing, The impact of real-time applications such as IP phones is huge, causing poor voice, video jitter, and mosaics.
4. The lack of unified management and authentication of internal network user identity, just like public security, is the first and most important step in security. Without identity management, there is no real sense of security.
5. In the absence of anomalous network behavior audits, normal Internet surfing behavior, like law-abiding citizens, will have certain patterns of behavior. Information security standards (ISO27001/ISO27002) require that: 1) Real-time monitoring of network anomalies and effective management; 2) Conduct network behavior audits, extract log records, and retain evidence.
Intranet Management Solution Founder Management is the pioneer of domestic intranet security management. Based on the security management needs of enterprises and institutions, with a strong R&D team and practical experience in safety management over the past 5 years, we have introduced the industry-leading Founder NBAD. Intranet security management system. Founder Management is committed to providing nationwide network users with advanced intranet security management solutions.
In order to solve the problems in the internal network, we recommend deploying Founder's managed NBAD intranet security management system in the internal network. The system is easy to deploy and use. It does not change the original network structure and configuration of the system and does not affect the network system. And the operational performance of the application system provides users with a powerful security management solution.
1) The Intranet Threat Detection Threat Detector is a high-performance security device based on the high-speed ASIC chip architecture that achieves network-centric identity management and attack suppression at full wire speed. The intranet threat detector is a layer 2 device working in a layer 7 network model. Its main role is to manage the resources of the network layer 2 (such as the correspondence between the MAC address and the IP address) and to defend against the attacks of the second layer. (eg ARP spoofing). In simple terms, by managing the MAC and IP addresses, the identities of the users in the network are managed, and then the two-layer attack can be effectively prevented, and it is automatically positioned and isolated from the network.
Main functions: MAC/IP address management, identity security management - Automatically learn the MAC, IP and user computer names in the network, and quickly establish a one-to-one network user database. Strengthen the identity security management of network users by network managers (hereinafter referred to as “administratorsâ€);
Bond Management - MAC and IP binding network access security policies to prevent users on the network from tampering with IP and MAC addresses, resulting in address conflicts and management problems, and avoiding conflicts between personal computers and important devices and servers. Management troubles for management personnel, while ensuring the operation of important equipment or server services;
Data Management - The system supports single MAC/IP data entry and provides management services such as importing, exporting, and clearing of the entire database, and enhances the ability of management personnel to manage MAC/IP data in the network.
Abnormality Detection Management · IP Scan Scan Detection - ARP virus usually performs an IP scan scan before the onset of the virus. Through the detection of the scan, the user is identified and isolated from the network during the test process.
· ARP anomaly detection - Even if the ARP virus does not occur and the scanning action is no longer performed, this function can still locate and isolate the problem users who are launching ARP attacks.
· DNS phishing detection - Detects whether the user's browser was hijacked due to a Trojan horse infection.
2) Intranet threat analysis The intranet threat analysis system was launched in accordance with the spirit of information security specification ISO 27001/27002. It aims to build a threat prevention and control system and behavior audit system similar to the disease prevention and control system for the intranet. Layer 3 and Layer 4 in the Layer 7 network model are mainly used to collect and analyze the data traffic of Layer 3 in the network and the ports used in Layer 4, and determine whether the network is abnormal according to the analysis result. It can also locate and isolate hosts that have abnormal traffic. In addition, the analysis system can also store a large number of online behavioral logs, which must be left behind to provide evidence for possible future crisis management.
The main function:
Traffic Analysis · User Analysis – Through a list, managers can understand the size of each user's traffic in the network and the ranking of traffic in the network to find potential threat users;
· Protocol analysis - The manager analyzes a user on the traffic leaderboard to understand which applications the user may be using to confirm that there is a risk;
Real-time analysis - Managers can analyze traffic in the network in real time to understand the latest status of traffic transmission.
Abnormality analysis • Detects abnormal network traffic and informs administrators via email.
· Ability to detect known common worms and automatically block users of problems;
• For the user to perform a superfluous analysis, perform the lockout beyond the specified flow and unlock automatically according to the blocked time setting.
3) Intranet Threat Management The intranet threat management system is a network security device manager. It is not only used for the unified management and maintenance of functional components in the NBAD intranet security management system, but also interacts with various brands of network devices. Joint defense. It manages distributed NBAD security devices through a single web page. When a threat occurs, administrators only need to review the threat reports they provide to understand what has happened on the network, rather than being busy switching between the management interfaces of multiple devices. Moreover, the system also supports automatically taking measures against threats based on pre-defined security policies and in conjunction with other network devices, so as to achieve the first-time response, reducing the possibility of risk expansion and improving efficiency.
The main function:
Centralized management · Centralized management of threats deployed in the network (Sensor), threat analyzer (Analyzer);
· View, analyze and manage cyber threat events through a single interface;
Intelligent management · Automatically process through a predetermined strategy after discovering cyber threat events;
· After the problem is solved, the host network connection is automatically restored.
Joint defense and attack source location, locate the attack source by viewing the CAM table of the switch;
• Interact with other network devices to implement joint defense measures such as port shutdown and speed limit.
Novelty, Advancement, and Practicality Analysis The NBAD LAN resource and threat management system is a set of solutions for internal network resources and information security management. It is the only internal network information security management system architecture implemented through ASIC hardware architecture. Adhering to the basic spirit of ISO27001/27002, based on the user's existing network structure, it integrates with users' previously deployed security devices to help users build a proactive and comprehensive internal network information security prevention and control system. Its main features are as follows:
• All existing security products use signature recognition technology, relying on the regular upgrade of feature databases, and will not play any role in responding to unknown (new) and non-feature threats (such as ARP attacks). These threats, especially uncharacteristic threats, are precisely the greatest security risks in intranet information security. Existing security products are inadequate when dealing with such threats. The NBAD solution is based on a completely new pattern of abnormal behavior recognition. The Intranet constructs a comprehensive intranet threat defense system that is similar to the disease prevention and control system and is particularly suitable for dealing with unknown and uncharacterized threats. Ensure healthy and efficient operation of the network.
· Centralized identity management and unified policies for IP addresses and mac addresses across the entire network have greatly improved the overall security management level of users, and solved the problem of management confusion caused by decentralized identity management implemented by switch ports in the past and improved flexibility. Sex, greatly enhance the level of information management. Accurate identity management is the first and most important step in information security.
Defensive measures are implemented in hardware at the bottom of the network or at the edge of the network. No client software needs to be installed and the performance of existing hosts and business systems is not affected. ·
· All products adopt a bypass design, which will neither change the user's existing network structure nor cause any unnecessary harm to the normal use of existing network equipment and application systems, even if the most extreme equipment crashes or loses power. Under the circumstances, it will not affect the user's network stability and the normal use of any other services.
· Through information exchange with existing equipment, it can integrate existing equipment and realize joint defense of the entire network.
· Strict and standardized management of network resources and information security, and can generate complete reports, provide scientific decision-making basis, and further enhance the level of information management.
The establishment of information security process and system architecture is the development trend of information security management. As an innovative system, NBAD LAN resource and threat management system can greatly improve the efficiency of the original equipment, and actively interfere with the abnormal behavior and automatic standardization. Changing passive defense into active management is an important and powerful complement to existing user security systems.
Identification Technology Contrast Analysis The limitations of signature recognition techniques:
Reliance on signature-by-article-by-packet comparisons of signature databases, huge computational burden, slow system response, and limited processing capabilities;
· Reliance on the regular upgrade of the signature database, if the upgrade is not timely, it will completely lose its defense capabilities;
· It is suitable for deploying at the gateway. It is not suitable for deployment in the intranet with huge data volume. It is not easy to upgrade the virus database in the internal network.
Can only passively identify existing viruses and attacks in the signature database. It is impossible to identify new and emerging threats and future threats.
• There is no defense against attack behavior without any virus signatures (such as ARP and NDS fishing).
Behavioral discrimination technology features:
No need for packet inspection, only audit and management of abnormal network behavior, simple and efficient;
· No need to upgrade the virus database, easy to use, no maintenance;
Strong data processing capabilities, suitable for deployment across the entire network, greatly improving the security of the entire network;
· Actively perform abnormal monitoring and isolation management across the entire network, starting from the bottom of the network to actively respond to existing and future threats;
· Particularly suitable for identifying various types of uncharacterized attack behavior.
to sum up:
Drugs lag behind the virus forever. SARS, avian flu and current swine flu have repeatedly proved the huge security gap in passive virus identification. On the contrary, in the face of these new types of viruses, active detection and active prevention of disease prevention and control systems have become the most important safeguard for public health and safety. The same is true for information security. It is crucial to build an active threat prevention and control system. In this system, behavior identification technology plays a similar role as temperature-sensing recognition in the disease prevention and control system, providing early warning for quickly discovering threats and isolating threats.
After the user revenue analysis network system deploys the Founder NBAD intranet security management solution, the system functions and user benefits that can be achieved are as follows:
· Founder NBAD Sensor is an effective supplement to existing traditional security devices (such as firewalls and IPSs). It judges based on unique attack behavior identification technology, completely eliminates various attack problems that cannot be solved before, and can be proactively and timely released. The hidden dangers of major leakage accidents ensure the safety and stability of the intranet;
· At the same time, it can effectively and automatically isolate new viruses and computers that use new types of attack software to prevent them from affecting the operation of the entire network. Through the maintenance of IP/MAC resources, the management of internal users is strengthened.
· Founder NBAD Analyzer effectively detects and isolates abnormal traffic bandwidth on the network to prevent traffic accidents caused by network congestion caused by improper use of a small number of people. It also provides active intervention and automatic normalization of abnormal behavior and can generate customizable solutions. Report forms for auditing purposes when inventorying issues;
· Founder NBAD Manager single platform to effectively monitor the entire network, work 24 hours a day, can be combined with the original deployment of firewalls, IPS and other devices for joint defense, detection, blocking, recovery automation, network security management becomes passive Actively, cyber security equals double insurance.
The entire line of Founder NBAD solutions is based on network bypass design, which will neither change the user's existing network structure nor cause any unnecessary harm to the normal use of existing network equipment and application systems, even at the most extreme. If a device crashes or loses power, it will not affect the user's network stability and normal use of any other services.
Conclusion By adding the Founder NBAD intranet threat management system to the existing network security system, it can effectively detect and defend against new types of threats, ensure the healthy and efficient operation of the network, and improve and guarantee the quality of service of the overall network application. It is a firewall deployed before. The effective supplement of security devices such as IPS and IPS will eventually provide active, intelligent, and visual LAN security management services for users in the network, allowing network administrators to easily prevent and defend against threats in the network and ensure their own network. Operational efficiency provides a powerful weapon for LAN security management, and achieves the overall goal of security management with strong prevention capability, comprehensive defense, and fast response.
© Zhuhai Jisen Electric Appliance Co., Ltd.
Therefore, in order to ensure the normal work of power companies and the safe and efficient operation of key businesses, how to ensure the availability and security of the aforementioned business applications is a major issue for power companies in network management and operation and maintenance.
With the increasing reliance on IT systems and the growing cyber threats, today's power company network managers and operators are faced with a severe challenge and challenge. They are how to ensure networks in virtually all kinds of threats. Safe and efficient operation. In general, the following issues and challenges are commonly faced by power companies in the area of ​​network security management:
1. Outdated cyber threat defense measures can not cope with new cyber threats The current cyber security defense system is formed by firewalls and IPSs. Under the conditions of deployment at that time, it can meet the needs of network security management, but with the network attack technology With the continuous development of firewalls and IPS, traditional signature-based security devices have been unable to defend against new types of featureless attacks. At this stage, information center IT administrators are unable to detect new security threats on the network, and take preventive measures. Second, there is no means to cope with the problem and there is no way to do it. Therefore, in the face of a new type of attack, the network security defense is in an undefended state, and there are great security risks.
2. When responding to cyber threats, the defense system responds slowly and lacks initiative. When discovering cyber attacks, managers often cannot accurately locate the problem after querying a large number of complex and messy security reports. They also need to go one floor to the next, one by one. Checking and solving problems are inefficient.
3. There is a blank point in the cyber threat prevention mechanism. According to ancient Chinese medicine, “people who are good at treating diseases are doctorsâ€, which means “being good at treating people who have no disease but have a high level of artificial disease,†emphasizing the importance of prevention. Network security management is also the same reason, and it needs a perfect threat prevention mechanism. Traditional network security devices can only protect against known threats with features. The defense against new, featureless threats has become a blank point for existing network threat prevention mechanisms.
At present, the problems commonly found in user intranets Founder management found that the following five typical problems exist in the intranet:
1. Some hosts on the intranet have been found to have network attacks, which pose serious threats to intranet information security. Attacks are mainly caused by host infections. In these attacks, ARP attacks are also harmful to information security. At its best, it will not only lead to network access failures, but it will also result in the theft of critical data. ARP attacks are a new type of cyber threat that performs precise attacks, usually with the purpose of destroying information transmission and stealing information, traditional firewalls and Security measures such as IDS/IPS/UTM do not work at all for such threats.
2. Security defenses rely too much on passive signature detection technology. There are also many new viruses and viruses with unknown characteristics that are not updated due to virus database or antivirus vendors have not released corresponding updates, resulting in existing signature-based security devices (such as : Firewalls, IPSs, etc.) Cannot be found. When a network problem is discovered, the virus has spread in the internal network. It takes a long time and costs for the network to return to normal and the network does not bring huge losses to the service.
3. It was found that some hosts have abused the network and malicious downloading behaviors. They deliberately invaded a large number of network resources, resulting in network congestion, fast and slow, and would seriously interfere with the normal network communication and the work of key business systems, especially for videoconferencing, The impact of real-time applications such as IP phones is huge, causing poor voice, video jitter, and mosaics.
4. The lack of unified management and authentication of internal network user identity, just like public security, is the first and most important step in security. Without identity management, there is no real sense of security.
5. In the absence of anomalous network behavior audits, normal Internet surfing behavior, like law-abiding citizens, will have certain patterns of behavior. Information security standards (ISO27001/ISO27002) require that: 1) Real-time monitoring of network anomalies and effective management; 2) Conduct network behavior audits, extract log records, and retain evidence.
Intranet Management Solution Founder Management is the pioneer of domestic intranet security management. Based on the security management needs of enterprises and institutions, with a strong R&D team and practical experience in safety management over the past 5 years, we have introduced the industry-leading Founder NBAD. Intranet security management system. Founder Management is committed to providing nationwide network users with advanced intranet security management solutions.
In order to solve the problems in the internal network, we recommend deploying Founder's managed NBAD intranet security management system in the internal network. The system is easy to deploy and use. It does not change the original network structure and configuration of the system and does not affect the network system. And the operational performance of the application system provides users with a powerful security management solution.
1) The Intranet Threat Detection Threat Detector is a high-performance security device based on the high-speed ASIC chip architecture that achieves network-centric identity management and attack suppression at full wire speed. The intranet threat detector is a layer 2 device working in a layer 7 network model. Its main role is to manage the resources of the network layer 2 (such as the correspondence between the MAC address and the IP address) and to defend against the attacks of the second layer. (eg ARP spoofing). In simple terms, by managing the MAC and IP addresses, the identities of the users in the network are managed, and then the two-layer attack can be effectively prevented, and it is automatically positioned and isolated from the network.
Main functions: MAC/IP address management, identity security management - Automatically learn the MAC, IP and user computer names in the network, and quickly establish a one-to-one network user database. Strengthen the identity security management of network users by network managers (hereinafter referred to as “administratorsâ€);
Bond Management - MAC and IP binding network access security policies to prevent users on the network from tampering with IP and MAC addresses, resulting in address conflicts and management problems, and avoiding conflicts between personal computers and important devices and servers. Management troubles for management personnel, while ensuring the operation of important equipment or server services;
Data Management - The system supports single MAC/IP data entry and provides management services such as importing, exporting, and clearing of the entire database, and enhances the ability of management personnel to manage MAC/IP data in the network.
Abnormality Detection Management · IP Scan Scan Detection - ARP virus usually performs an IP scan scan before the onset of the virus. Through the detection of the scan, the user is identified and isolated from the network during the test process.
· ARP anomaly detection - Even if the ARP virus does not occur and the scanning action is no longer performed, this function can still locate and isolate the problem users who are launching ARP attacks.
· DNS phishing detection - Detects whether the user's browser was hijacked due to a Trojan horse infection.
2) Intranet threat analysis The intranet threat analysis system was launched in accordance with the spirit of information security specification ISO 27001/27002. It aims to build a threat prevention and control system and behavior audit system similar to the disease prevention and control system for the intranet. Layer 3 and Layer 4 in the Layer 7 network model are mainly used to collect and analyze the data traffic of Layer 3 in the network and the ports used in Layer 4, and determine whether the network is abnormal according to the analysis result. It can also locate and isolate hosts that have abnormal traffic. In addition, the analysis system can also store a large number of online behavioral logs, which must be left behind to provide evidence for possible future crisis management.
The main function:
Traffic Analysis · User Analysis – Through a list, managers can understand the size of each user's traffic in the network and the ranking of traffic in the network to find potential threat users;
· Protocol analysis - The manager analyzes a user on the traffic leaderboard to understand which applications the user may be using to confirm that there is a risk;
Real-time analysis - Managers can analyze traffic in the network in real time to understand the latest status of traffic transmission.
Abnormality analysis • Detects abnormal network traffic and informs administrators via email.
· Ability to detect known common worms and automatically block users of problems;
• For the user to perform a superfluous analysis, perform the lockout beyond the specified flow and unlock automatically according to the blocked time setting.
3) Intranet Threat Management The intranet threat management system is a network security device manager. It is not only used for the unified management and maintenance of functional components in the NBAD intranet security management system, but also interacts with various brands of network devices. Joint defense. It manages distributed NBAD security devices through a single web page. When a threat occurs, administrators only need to review the threat reports they provide to understand what has happened on the network, rather than being busy switching between the management interfaces of multiple devices. Moreover, the system also supports automatically taking measures against threats based on pre-defined security policies and in conjunction with other network devices, so as to achieve the first-time response, reducing the possibility of risk expansion and improving efficiency.
The main function:
Centralized management · Centralized management of threats deployed in the network (Sensor), threat analyzer (Analyzer);
· View, analyze and manage cyber threat events through a single interface;
Intelligent management · Automatically process through a predetermined strategy after discovering cyber threat events;
· After the problem is solved, the host network connection is automatically restored.
Joint defense and attack source location, locate the attack source by viewing the CAM table of the switch;
• Interact with other network devices to implement joint defense measures such as port shutdown and speed limit.
Novelty, Advancement, and Practicality Analysis The NBAD LAN resource and threat management system is a set of solutions for internal network resources and information security management. It is the only internal network information security management system architecture implemented through ASIC hardware architecture. Adhering to the basic spirit of ISO27001/27002, based on the user's existing network structure, it integrates with users' previously deployed security devices to help users build a proactive and comprehensive internal network information security prevention and control system. Its main features are as follows:
• All existing security products use signature recognition technology, relying on the regular upgrade of feature databases, and will not play any role in responding to unknown (new) and non-feature threats (such as ARP attacks). These threats, especially uncharacteristic threats, are precisely the greatest security risks in intranet information security. Existing security products are inadequate when dealing with such threats. The NBAD solution is based on a completely new pattern of abnormal behavior recognition. The Intranet constructs a comprehensive intranet threat defense system that is similar to the disease prevention and control system and is particularly suitable for dealing with unknown and uncharacterized threats. Ensure healthy and efficient operation of the network.
· Centralized identity management and unified policies for IP addresses and mac addresses across the entire network have greatly improved the overall security management level of users, and solved the problem of management confusion caused by decentralized identity management implemented by switch ports in the past and improved flexibility. Sex, greatly enhance the level of information management. Accurate identity management is the first and most important step in information security.
Defensive measures are implemented in hardware at the bottom of the network or at the edge of the network. No client software needs to be installed and the performance of existing hosts and business systems is not affected. ·
· All products adopt a bypass design, which will neither change the user's existing network structure nor cause any unnecessary harm to the normal use of existing network equipment and application systems, even if the most extreme equipment crashes or loses power. Under the circumstances, it will not affect the user's network stability and the normal use of any other services.
· Through information exchange with existing equipment, it can integrate existing equipment and realize joint defense of the entire network.
· Strict and standardized management of network resources and information security, and can generate complete reports, provide scientific decision-making basis, and further enhance the level of information management.
The establishment of information security process and system architecture is the development trend of information security management. As an innovative system, NBAD LAN resource and threat management system can greatly improve the efficiency of the original equipment, and actively interfere with the abnormal behavior and automatic standardization. Changing passive defense into active management is an important and powerful complement to existing user security systems.
Identification Technology Contrast Analysis The limitations of signature recognition techniques:
Reliance on signature-by-article-by-packet comparisons of signature databases, huge computational burden, slow system response, and limited processing capabilities;
· Reliance on the regular upgrade of the signature database, if the upgrade is not timely, it will completely lose its defense capabilities;
· It is suitable for deploying at the gateway. It is not suitable for deployment in the intranet with huge data volume. It is not easy to upgrade the virus database in the internal network.
Can only passively identify existing viruses and attacks in the signature database. It is impossible to identify new and emerging threats and future threats.
• There is no defense against attack behavior without any virus signatures (such as ARP and NDS fishing).
Behavioral discrimination technology features:
No need for packet inspection, only audit and management of abnormal network behavior, simple and efficient;
· No need to upgrade the virus database, easy to use, no maintenance;
Strong data processing capabilities, suitable for deployment across the entire network, greatly improving the security of the entire network;
· Actively perform abnormal monitoring and isolation management across the entire network, starting from the bottom of the network to actively respond to existing and future threats;
· Particularly suitable for identifying various types of uncharacterized attack behavior.
to sum up:
Drugs lag behind the virus forever. SARS, avian flu and current swine flu have repeatedly proved the huge security gap in passive virus identification. On the contrary, in the face of these new types of viruses, active detection and active prevention of disease prevention and control systems have become the most important safeguard for public health and safety. The same is true for information security. It is crucial to build an active threat prevention and control system. In this system, behavior identification technology plays a similar role as temperature-sensing recognition in the disease prevention and control system, providing early warning for quickly discovering threats and isolating threats.
After the user revenue analysis network system deploys the Founder NBAD intranet security management solution, the system functions and user benefits that can be achieved are as follows:
· Founder NBAD Sensor is an effective supplement to existing traditional security devices (such as firewalls and IPSs). It judges based on unique attack behavior identification technology, completely eliminates various attack problems that cannot be solved before, and can be proactively and timely released. The hidden dangers of major leakage accidents ensure the safety and stability of the intranet;
· At the same time, it can effectively and automatically isolate new viruses and computers that use new types of attack software to prevent them from affecting the operation of the entire network. Through the maintenance of IP/MAC resources, the management of internal users is strengthened.
· Founder NBAD Analyzer effectively detects and isolates abnormal traffic bandwidth on the network to prevent traffic accidents caused by network congestion caused by improper use of a small number of people. It also provides active intervention and automatic normalization of abnormal behavior and can generate customizable solutions. Report forms for auditing purposes when inventorying issues;
· Founder NBAD Manager single platform to effectively monitor the entire network, work 24 hours a day, can be combined with the original deployment of firewalls, IPS and other devices for joint defense, detection, blocking, recovery automation, network security management becomes passive Actively, cyber security equals double insurance.
The entire line of Founder NBAD solutions is based on network bypass design, which will neither change the user's existing network structure nor cause any unnecessary harm to the normal use of existing network equipment and application systems, even at the most extreme. If a device crashes or loses power, it will not affect the user's network stability and normal use of any other services.
Conclusion By adding the Founder NBAD intranet threat management system to the existing network security system, it can effectively detect and defend against new types of threats, ensure the healthy and efficient operation of the network, and improve and guarantee the quality of service of the overall network application. It is a firewall deployed before. The effective supplement of security devices such as IPS and IPS will eventually provide active, intelligent, and visual LAN security management services for users in the network, allowing network administrators to easily prevent and defend against threats in the network and ensure their own network. Operational efficiency provides a powerful weapon for LAN security management, and achieves the overall goal of security management with strong prevention capability, comprehensive defense, and fast response.
© Zhuhai Jisen Electric Appliance Co., Ltd.