Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Security event closed-loop processing method for network security management

A technology for security events and processing methods, which is applied in data exchange networks, electrical components, digital transmission systems, etc., and can solve the problems of inconsistent security event log types, low processing efficiency, and cumbersome administrator operations.

Inactive Publication Date: 2018-09-04
成都清华永新网络科技有限公司
View PDF6 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a closed-loop processing method for security events for network security management, which is used to solve the problems in the prior art that the types of security event logs generated by security devices are not uniform, resulting in cumbersome operations for administrators and low processing efficiency.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security event closed-loop processing method for network security management
  • Security event closed-loop processing method for network security management
  • Security event closed-loop processing method for network security management

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] combine figure 1 As shown, a method for closed-loop processing of security events for network security management, including:

[0061] Step S100: the event collector collects security events and early warning logs from security devices and systems, performs data cleaning / filtering, merging and normalization processing, and stores them in the database;

[0062] Step S200: The system schedules the scanner to scan the protected assets, discovers asset vulnerabilities and obtains asset information, reads the security events and early warning logs from the database, performs correlation analysis between security events and asset vulnerabilities, and analyzes the security events risk rating;

[0063] Step S300: Sending out an alarm for the safety event whose risk is classified as high risk in step S200;

[0064] Step S400: Record and process the alarm;

[0065] Step S500: collect asset vulnerabilities in security devices and systems again, and confirm that the early warnin...

Embodiment 2

[0069] On the basis of Example 1, combined with figure 1 As shown, the step S100 specifically includes:

[0070] Step S110: defining the collection scope, collection capability, data processing and data storage of security events;

[0071] Step S120: the event collector collects security events and early warning logs;

[0072] Step S130: backing up the security event and early warning log;

[0073] Step S140: Perform data standardization processing on the security event and early warning log;

[0074] Step S150: Store the standardized security events and early warning logs in the distributed file system and the distributed retrieval system.

[0075] working principle:

[0076] Centralization of data collection: clear the objects of security data collection, list the data sources for analysis, and store them in a centralized manner; data standardization: the collected raw data is cleaned and filtered, standardized, associated and completed, and data labeled to form standard...

Embodiment 3

[0081] On the basis of embodiment 2, in conjunction with the attached figure 1 As shown in the figure, the step S140 specifically includes:

[0082] Step S141: data cleaning / filtering, comparing the collected data with the matching rules, and directly discarding the logs matching the filtering rules;

[0083] Step S142: Data standardization, according to the standard library rules of each type of data, realize the standardization of fields;

[0084] Step S143: Add asset information after the standardized data, and complete the association completion;

[0085] Step S144: Add tagging information to the data after association completion to complete data tagging.

[0086] working principle:

[0087] The data filtered out in data cleaning / filtering includes: data that does not belong to the data source; duplicate data; noise data; data with incomplete or irrational data; data below the minimum level of business requirements. Take the firewall log as an example: %PIX-7-710005: U...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security event closed-loop processing method for network security management, and the method comprises the following steps: an event collector collects a security event and aprewarning log from security equipment and system, performs data cleansing / filtering, merging and standardized processing and then stores the security event and the prewarning log in a database; a system scheduling scanner scans protected asset, discovers asset vulnerabilities and acquires asset information, reads the security event and the prewarning log from the database, performing associationanalysis for the security event and the asset vulnerabilities and ranks risk of the security event; an alarm is given to the security event which is ranked as high-risk security event in the step S200; the alarm is recorded and processed; and then, the asset vulnerabilities are collected again for confirming that prewarning is cancelled. A security event closed-loop processing flow can integrateand collect various security information and gather the information together to perform uniform analysis and detection. Data is changed from being discrete to being concentrated, operations are facilitated, and working efficiency is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for closed-loop processing of security events for network security management. Background technique [0002] Due to the wide variety of security devices and the large number of early warning logs, there is a lack of information interaction between security protection devices and security scanning devices, and it is impossible to effectively integrate security resources. Each security device forms a security island and cannot maximize its due value. It is difficult for enterprise security managers to comprehensively analyze and control the network security situation in combination with network security threats and asset vulnerabilities, and it is impossible to form a process management of collection, analysis, alarm, response and rectification of various alarm events. Personnel and departments in charge of information security often cannot use their main experien...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/069H04L63/20
Inventor 于家明
Owner 成都清华永新网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com