摘要
安全威胁响应与处置作为网络与信息安全防御体系的核心环节,需要具备高危风险聚焦、全面主动防御、威胁快速处置的一体化防御能力,并具备对于新型威胁的快速响应与处置能力。本文基于业内发展和技术演进路线,提出基于安全编排与自动化响应(SecurityOrchestration,AutomationandResponse,SOAR)的新一代智能安全防御与工作流响应体系,对于安全事件的可视化编排、工作流处理、全流程闭环、新型威胁处置办法进行阐述,在假定企业具备标准安全防护能力的基础上,提出可行性建议。
As the core link of network and information security defense system,security threat response and disposal need to have the integrated defense ability of high-risk risk focus,comprehensive active defense and rapid threat disposal,as well as the ability of rapid response and disposal of new threats.Based on the industry development and technology evolution route,this paper puts forward a new generation of intelligent security defense and workflow response system based on soar,expounds the visual arrangement of security events,workflow processing,whole process closed-loop and new threat disposal methods,and puts forward feasible suggestions on the basis of assuming that the enterprise has standard security protection ability.
作者
刘鑫元
LIU Xinyuan(China Mobile Tietong Qinghai Branch,Xining Qinghai 810007,China)
出处
《信息与电脑》
2021年第16期186-189,共4页
Information & Computer
关键词
SOAR
安全能力编排
威胁情报
安全剧本
SOAR
security capability arrangement
threat intelligence
security script
