面向核心业务监控的安全管理平台方案研究

发布时间：2018-03-08 00:12

本文选题：安全管理平台　切入点：业务流程　出处：《北京邮电大学》2014年硕士论文　论文类型：学位论文

【摘要】：如今,网络信息化水平的要求逐渐提高,许多单位和组织对企业信息和业务的安全性更加重视,开始逐渐的部署了许多大型的安全管理设备,例如防火墙、IDS、网关等设备,但是这些设备的独立运行存在许多的安全隐患以及管理缺陷,所以国内外都逐渐提出了SOC(安全管理平台)的概念。安全管理平台主要是将现有的安全设备集合到一起,实现各个设备之间协调工作,信息共享。但是传统的安全管理平台仅仅注重资产安全,没有和实际环境的企业业务和业务监控的重要性相结合,使得传统的安管平台有着许多的不足。本文针对现有安全管理平台的缺陷,在现有安全管理平台项目实施的基础上,着重从业务视角出发提出了一种面向核心业务监控的安全管理平台的方案。旨在从业务监控的角度,集中对设备安全事件进行监控分析,对业务运转流程集中处理,将以监控为手段,结合业务流程,通过平台监控和终端监控等多方面业务监控,以及预警,报警,监控响应等措施来达到实时关注整个平台的运行状况,保障业务的正常运行。平台监控从自动报警和人工响应处理两个方面监控,通过设定预警等级,系统将根据安全事件等级做出预警和告警响应,从数据采集层集中收集和统计事件信息,通过关联分析处理对事件进行归并处理,分析事件属性信息,自动分析和响应。同时,将管理员分成不同的角色,人工参与事件的分析处理,根据统计结果和趋势图、态势图等图形信息统计分析,发现安全隐患和及时定位,两者共同结合达到实时业务监控的目的。最终文章提出了相应问题的解决方案,通过不同环境对设计方法进行实现和验证,完成设计方案的预期效果,并指出了面向核心业务监控的安全管理平台的发展趋势。
[Abstract]:Nowadays, the requirement of network information level is gradually raised, many units and organizations pay more attention to the security of enterprise information and business, and begin to gradually deploy many large-scale security management equipment, such as firewall, IDS, gateway and so on. However, there are many safety risks and management defects in the independent operation of these devices, so the concept of SOC (Security Management platform) has been gradually put forward at home and abroad. The main purpose of the security management platform is to assemble the existing security devices together. The traditional security management platform only pays attention to the security of assets, and does not combine with the importance of business and business monitoring in the actual environment. Make the traditional safety management platform has a lot of shortcomings. This paper aims at the defects of the existing security management platform, and based on the implementation of the existing security management platform project, This paper puts forward a scheme of security management platform oriented to core business monitoring from the point of view of business, aiming at centralized monitoring and analysis of equipment security events and centralized handling of business operation flow from the point of view of business monitoring. By means of monitoring and control, combining business processes, the platform monitoring and terminal monitoring and other business monitoring, as well as early warning, alarm, monitoring response and other measures to achieve real-time attention to the operation of the entire platform. To ensure the normal operation of the business. Platform monitoring from the automatic alarm and manual response processing two aspects of monitoring, by setting an early warning level, the system will be based on the level of security incidents early warning and alarm response, The event information is collected and counted from the data collection layer, the event is merged and processed by association analysis, the attribute information of the event is analyzed, the automatic analysis and response are made. At the same time, the administrator is divided into different roles. Artificial participation in the analysis and processing of events, according to the statistical results and trend map, situation map and other graphic information statistical analysis, find security risks and timely positioning, the two combined to achieve the purpose of real-time business monitoring. Finally, the paper puts forward the solution of the corresponding problems, realizes and verifies the design method through different environments, and completes the expected effect of the design scheme, and points out the development trend of the security management platform oriented to the core business monitoring.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】