Coordinated defense method and system for network defense

Abstract

A collaborative defense method and system for network protection, the system includes a decision-making and deployment layer, and a coordination and monitoring layer; the decision-making and deployment layer uses the acquired network security early warning events to The defense intention is formulated, and then the network defense strategy is generated by the decision engine, and defense tasks are deployed according to the defense strategy; the coordination and monitoring layer includes the control center and network security equipment, and realizes the collaborative task deployment between network security equipment and real-time monitoring of network defense conditions; The control center communicates with the decision-making and deployment layer and network security equipment to perform data flow control and logic control; the control center includes a collaborative defense strategy analysis module, a collaborative defense strategy subscription module, and a collaborative defense strategy distribution module. The present invention provides a collaborative defense solution centered on security awareness, collaborative protection, and centralized management, and realizes an active, comprehensive, and comprehensive dynamic security protection system.

Description

technical field [0001] The invention relates to network security protection technology, in particular to a collaborative defense method and system for network protection. Background technique [0002] With the rapid development of network services in recent years, the network security situation presents the following characteristics. The main manifestations are as follows: 1. The number of security vulnerabilities continues to grow rapidly. Due to the high complexity of network protocols, operating systems, and application software, as well as the uneven technical level of users, various security vulnerabilities inevitably exist in the network and host systems. The existence of loopholes is the main source of various security threats. The most fundamental reason why the current system security problems are intensifying is that the existence of loopholes cannot be completely avoided, and the loopholes are becoming more and more serious. the trend of. 2. The attack rhythm i...

AI Technical Summary

Problems solved by technology

2. Accelerate the attack rhythm and increase the degree of harm

3. Frequent occurrence of network security incidents

Enterprises invest a lot in equipment upgrades, but lack of attention to information interoperability, resulting in long-term problems in information systems that cannot be interoperable and interconnected. For example, their security defense equipment continuously generates a large number of security logs and events during operation. Providing data support for security operation and maintenance is not helpful for network security decision-making, asset management and real-time monitoring of equipment, forming a "so-called information island" effect

[0006] 2. Passive defense-based security status quo

[0007] 3. The security devices of the internal network of the enterprise lack coordination, and it is impossible to track and comprehensively analyze security events, and effectively utilize the protection capabilities of each security device. Since a large number of network security protection devices are deployed in the internal network of the enterprise, the network security strategy Deployment must optimize the overall configuration of security devices to ensure the overall protection capabilities of network security. For a long time, there have been a large number of security configuration conflicts and security protection gaps among network security devices; the protection capabilities of various security devices exist. Different differences, making full use of the characteristics of security equipment to do an integrated defense is an important issue facing enterprises

[0008] From the current domestic and foreign security research issues, it can be seen that the current degree of harm to network security is deepening day by day, and network penetration and intrusion techniques are emerging in an endless stream. Traditional network security equipment and defense systems have been difficult to cope with the current network security crisis. Against this background Under the current situation, the shortcomings of traditional information security protection such as information security islands, security regional shortcomings, and defense passivity (limited protection against unknown vulnerabilities) are particularly prominent. It is urgent to use an integrated collaborative defense system to make up for these shortcomings. plate

Images