A container-based intelligent network security function management method and system

Abstract

The invention discloses a container-based intelligent network security function management method and system. The method includes: completing the cold start of intelligent network security function management through an initial configuration process; when facing potential security risks, upgrading the security level Carry out coordinated protection; when no potential safety risks are found for a long time, the safety level will be lifted. The present invention supports dynamic updating of security capabilities, rapid deployment, global coordination, and cost-controllable design patterns and implementation systems. The effective cooperation and connection of risk and security awareness, security awareness and security decision-making, security decision-making and security response, etc., realize the leap of security software and hardware equipment capabilities from single-point defense, partial defense to overall defense, and maximize the effectiveness of security resources.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a container-based intelligent network security function management method and system. Background technique [0002] Cyberspace has infiltrated into the political, economic and cultural fields of the country in all aspects, as well as the operation and life of society and the public. Since cyberspace contains huge energy and benefits, it has also become a key target of attackers in the new era. Attackers' malicious means are varied, updated rapidly, and destructive, posing a great threat to networks, computers, and information systems. Traditional security mechanisms such as firewalls, intrusion detection, and security audits have been difficult to guarantee the security of cyberspace. the reason is: [0003] One is the static solidification of network security defense capabilities. The security protection capabilities of information systems come from the security soft...

AI Technical Summary

Problems solved by technology

Usually, due to network isolation, complex configuration, policy conflicts, self-protection and other reasons, the deployed security software and hardware cannot be continuously upgraded and maintained with security policies. Therefore, the functions remain as they were at the time of initial deployment, and it is difficult to resist the increasingly abundant technical means. cyber attack

[0004] Second, local security functions are disconnected from overall security capabilities

A single security device usually has a single function and can only achieve single-point protection in the network. Different software and hardware methods are responsible for threat detection, traffic filtering, policy judgment, behavior management, data encryption and other functions. They lack connection and coordination with each other, making it difficult to To realize a complete protection process from discovery, identification, decision-making to disposal, there is a big disconnect between local security functions and overall security capabilities, and even a "1+1<2" protection capability conflict phenomenon

[0005] Third, the speed of detection and response cannot meet the requirements for safe disposal

In the current "edge-center" security architecture, the security software and hardware devices deployed in the user network are weak in data association analysis and attack depth mining capabilities, so security events are usually reported to the cloud for analysis and then received by the cloud. The judgment and control of the security policy complete the response to the issued security policy, but due to a certain delay in communication and processing, it is difficult to meet the response speed requirements under the conditions of high throughput and real-time processing requirements

Images