Multi-dimensional security situation real-time display method and system suitable for network security

Abstract

The invention provides a multi-dimensional security situation real-time display method and system suitable for network security, and the method comprises the steps: selecting a security test case of at least one dimension based on a test instruction to generate a target test set, and generating a corresponding target log set according to the target test set; running each security test case in the target test set to generate a monitoring log set; determining a difference log set according to the target log set and the monitoring log set; acquiring a first processing path set corresponding to the target log set, and determining a second processing path set according to the target log set and the monitoring log set; comparing each monitoring node in the monitoring processing path with each processing node in the second sub-processing path to obtain a test processing time period, and enhancing training node and test processing efficiency; and outputting and displaying the difference log event, the test processing time period, the enhanced training node and the test processing efficiency corresponding to the difference log set in real time.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to a method and system for real-time presentation of multi-dimensional security conditions suitable for network security. Background technique [0002] In recent years, with the increasing number of cyber attacks, how to ensure the timely response of the key information infrastructure of the group company in the event of cyber security incidents, improve cyber security situational awareness, event analysis, traceability, and rapid recovery capabilities after attacks, effectively Responding to high-intelligence attacks and providing key guarantees and support for group companies are the top priorities in the protection of critical information infrastructure. Especially in major security activities such as network security drills, the speed and quality of emergency response determine whether a major security incident can be successfully dealt with and losses can be recovered. ...

AI Technical Summary

Problems solved by technology

Although the network security risk control room has centralized management of the above systems and equipment, during the analysis and disposal process, each equipment generates a large amount of alarm information every day (according to a survey of large organizations, the average weekly alarm events exceed 170,000). Problems such as low processing efficiency lead to a large number of alarm messages being ignored, burying potential safety hazards

In addition, the update of the security incident handling process is not timely, or even rarely updated, which affects the effect of security handling

For example, when encountering system or application security vulnerabilities, it is necessary to manually monitor the platform in real time, download relevant vulnerability information after discovery and make a supervision and rectification list, issue / feedback notification through the intranet OA system, and then manually retest the closed loop , leading to difficulties in the inspection and rectification process and low work efficiency. The reason is that there is currently a lack of a rapid emergency response system for network security incidents based on AI (artificial intelligence) technology + SOAR (Security Orchestration, Automation and Response) technology to help solve vulnerability disposal, Supervision and rectification as well as various security monitoring, analysis, and disposal scenarios

Images