基于多源事件融合的分布式SOC技术体系

Distributed SOC Technology System based on Multi-Source Events Fusion

安全运营中心(SOC)作为运营方的安全核心,对整个业务网络的安全运营起着关键作用。鉴于目前国内已有SOC产品的局限性,论文提出了一种基于网络事件流的SOC产品解决方案。该方案通过相互协作的分布式安全部件从杂乱无章的海量运营事件中挖掘出安全事件,经汇聚以及关联分析后,评估其对信息资产CIA的已有(或将有)影响度,并依据安全策略标准自动启动安全域与业务域安全部件协同,积极防御。

As the security core, Security Operation Center（SOC） is very important for the security operation of business network, In this paper, a new solution based on network event flows is proposed for overcoming the limitation exist in SOC product. Its idea is that mining security events from a large numbers of operation events by cooperative distributed security components, make effect evaluation to the CIA of information assets, then, realize automatically the cooperate between security domain and business domain according to security policy standard.