Hacking Book | Free Online Hacking Learning


the era of soc3.0 with data as the core comes

Posted by patinella at 2020-03-25

Most of the enterprises and organizations have entered the stage of overall optimization from the local construction of safety. At present, customers pay more attention to the overall security of the whole network, and emphasize to manage security more actively from the perspective of business information system security risk, rather than from the perspective of a single security threat and defense mechanism. To do a good job in safety management, we need a set of corresponding safety management system. In this system, in addition to organizational support and process support, a very important point is technical support. Safety management platform is a set of technical support platform to cooperate with enterprises and organizations to build safety management system.

Generally speaking, the security management platform refers to a centralized security management system which takes assets as the core, security event management as the key process, uses the idea of security domain division, establishes a real-time asset risk model, and assists administrators in event analysis, risk analysis, early warning management and emergency response processing.

The existing safety management platform faces new challenges

At present, the field of network and information security is facing new challenges. On the one hand, with the advent of the era of big data and cloud computing, the security problem is becoming a big data problem. The network and information system of enterprises and organizations are generating a large number of security data every day, and the speed is faster and faster. On the other hand, the security situation of cyberspace faced by the state, enterprises and organizations is severe, and the threats and threats that need to be dealt with are becoming increasingly complex. These threats have the characteristics of strong concealment, long incubation period and strong sustainability.

In the face of these new challenges, the limitations of the existing security management platform are obvious, mainly reflected in the following three aspects:

Data processing capacity is limited, and lack of effective architecture support: the current analysis tools are effective in small data volume, difficult to continue in large data volume, massive heterogeneous high-dimensional data fusion, storage and management difficulties;

The ability of threat identification is limited and lack of security intelligence: security analysis is mainly based on rule-based association analysis, which can only identify the known and described, difficult to identify the complex and unknown;

The ability of safety prediction is limited and lacks the ability of confrontation: the safety operation is mainly based on passive emergency response, so it is difficult to evaluate and judge the risk in advance, and it is always tired of fire fighting.

Soc3.0 era coming

How to deal with these new challenges? How to break through the limitations of the existing safety management platform? With the advent of the era of big data and cloud computing, security problem is also becoming a big data problem. In order to meet the new challenges brought by security big data, we need to use big data technology to solve them. Only by fully integrating big data analysis technology into the existing security management platform technology architecture can the traditional security management platform be renewed. Soc3.0 came into being.

Soc3.0, supported by big data analysis architecture and guided by business security, builds a security management system with data as the core, emphasizing more active and intelligent management and operation of network security of enterprises and organizations.

In the DT era, the core elements of soc3.0 are: business, initiative, intelligence and big data.

The business system of business users is the ultimate guarantee object of security. The security with business as the core is to guarantee business security from the four business elements (supporting environment, process, data and people), and to measure the security effect by establishing index system.

Actively emphasize the construction of active security mechanism, proactive security defense, including integrated vulnerability management, configuration verification, and the introduction of external threat intelligence, active security early warning and active operation and maintenance.

Intelligence emphasizes the establishment of intelligent security analysis capability, which not only keeps the existing rule-based association analysis, but also uses more abundant situational data (loopholes, intelligence, identity, assets and other information) for situational Association, and also uses such technologies as behavior analysis, machine learning, data mining and so on to know what is unknown.

The security management in the era of big data and big data must be data-driven. It must be supported by big data architecture, and reconstruct the security management capabilities such as information collection, data fusion, event storage, advanced security analysis, situation awareness and visualization based on big data technology.


I have been working in SoC related fields, and it's time to redefine SOC. Around 2009, I put forward the concept of soc2.0, so upgrade to soc3.0 this time. When big data analysis meets the security management platform, soc3.0 comes.

Next generation security management platform (soc2.0) technical white paper v1

Research and application of security management platform technology based on big data analysis [excerpt]