日志智能分析在银行业IT安全运维管理中的应用

The application of log intelligent analysis in bank information security operation

随着黑客攻击手段越来越丰富,目前的银行业防护体系面临着严峻的挑战,各类IT设备的日志是实现威胁定位分析的重要手段,由于传统分析工具效果不佳,迫切需要新一代的日志分析平台。介绍了基于大数据的日志智能分析平台的优势、架构与功能,结合行为分析、威胁情报、攻击链模型,对其在运维工作中的几个典型使用场景及实践案例进行了分析。

As hackers means become more and more various,the current banking protection system is facing serious challenges,and the log in all kinds of IT equipment is the important means to realize threat positioning analysis. Due to the poor effect of traditional analysis tools,there is urgent need of a new generation of log analysis platform. The advantage,architecture and function of big data logs intelligent analysis platform are introduced,and combining with behavior analysis,threat intelligence and attack chain model,its work in operations of several typical usage scenarios and practical case are analyzed.