Bluedon Security Operation Center(SOC)
Bluedon Security Operation Center(SOC) based on practical needs of users, help users to manage the security device and event centrally and configure the security strategy uniformly and improve the risk management level, etc. In this way, Bluedon SOC make users’ network safe and reliable. It consists of “four centers and six functional modules”, which implement information collection, analysis and processing, response management, risk assessment, process specifications, integrated display and all the functions that network security management need to have.
Bluedon Security Operation Center will fully satisfy the demand of large high-end customer groups in the financial, telecommunications, government, education and so on, also can design product that meet the needs of mid-sized network organizations in an on-demand way.
Comprehensively managing and controlling the ways that cause host information leakage in order to realize Overall security design principles.
Setting and responding the linkage strategy that make effective early warning, analysis and enhancement for various irregularities, and allows users to customize enhancements, the system can automatically handle security information event.
SOC comply with the relevant international standards, national standards and industry standards to reach requirements of high-level protection of national security; enables the deployment of multi-mode, cross-platform and operating system deployment.
Deployment of the system adopts B / S architecture as a whole, which simplifies the loads of client computer, reducing the cost and effort of system maintenance and upgrade, reduce the overall cost of users; system interface is simple and structured to simplify operations.
According to administrator-defined parameters and strategies, system timing to synchronize client automatically, greatly reducing the workload of administrators; system supports automatic upgrades.
The system follows principle of scalability when design, can be deployed to extend well in multistage and equivalent way, realizing module subdivision and combination, can be flexibly customized information according to the user network and security requirements.
Dispatch and command. With the incident recording and submitting, monitor the emergency process according to the demands to dispatch experts and supplies.
Hackers Tracking. Monitoring the abnormal in key equipment and network segments, dynamically discover illegal invasion type security event, extract and analyze system logs, registry, processes, network connections, access to records, user accounts, shared resources and other data that hacking traces left in the invaded host.
Emergency response module. According to the event type, level and level security protection technology, providing a set of three-dimensional emergency solution which cover points, lines and surfaces for the unexpected events.
Features and Performance
The system provides control mechanisms for the authorization of log data source; log analyze centralized, supporting log reception of standard Syslog format, SNMP and Trap format; various log management functions can convert different log format into unified log format, and ensure that do not cause the field lose when formatting.
System is based on user group access control mechanisms, access control refine to a single function operation; provide remote install and uninstall the terminal software and software patch functions, and can specify the remote terminal to install or uninstall the specified software or software patches; support remote upgrade automatically.
SOC should have a perfect asset management function, which can reassess and assign the information assets regularly or irregularly, and provide a display of intuitive security information for manager.
Asset management primarily consider about risk management and vulnerability management, combined with the value, vulnerability and threat of asset to make solution to reduce risk in accordance with the relevant standards of risk analyzing and changing.
SOC provides enterprise flexible strategy configuration. It can simultaneously backup and issued the device configuration information and policy information; users can customize the device status and action strategy triggered by the incident.
System can show the image of network events, SOC system audit, SOC system work orders, SOC system assets, network risk, and seven types of network vulnerability report with more than 40 sheets through graphs, pie charts and bar charts.
Users can customize the personal system workstation, which can set to show the most concerned information during login.
Work Order Management
Work Order Management is a unified management process for equipment assets was found which need to repair, the specific features include: Fault reporting, repair to be acceptance, repair confirmation and other operation process, through work order management functions can track the whole process of asset repair.
Knowledge Library Management
Including safety knowledge articles, vulnerability database, patch library, security incident cases library, etc.
The system preset a lot of safety knowledge articles, including safety knowledge, safety notices, and the establishment of a standard vulnerability database that preset a patch repository of operating system. Users can adopt normal security expert knowledge when dealing with security incidents and entry the knowledge into the system so that the system can generate auxiliary decision.
Provide various flexible interface, including user interface requirements, and communication interface requirements.
SOC adds embedding level protection assessment module, classify the information system and give it construction, management and supervision according to the standard.
System has an embedded test database vulnerability scanning feature, greatly improve the detection efficiency.