当前位置:网站首页>Rock vocal | completes the safety operation, is not so difficult as you think

Rock vocal | completes the safety operation, is not so difficult as you think

2022-08-06 07:54:01Hillstone Network Section

技术变化快,Into uncontrollable?

Attacking side update,Offensive and defensive right, etc?


Rock network division security operating system

Make safety operational challenges solved

近年来,The boom of global security services market is higher,Industry growth rate is far higher than the overall level of security industry.究其原因, 首先是ITInfrastructure changes in the driving security service system for the construction of the.Along with the enterprise business move on to the cloud,Network security is becoming more serious,新型ITEnvironment security service system become the focus of the enterprise security support for the construction of;The second is policy compliance, service development, promote security.《网络安全法》、《数据安全法》、《个人信息保护法》、等级保护2.0等法律法规的相继出台,In order to promote the domestic enterprise user security service demand increases the power.近期,工信部印发的《“十四五”软件和信息技术服务业发展规划》也指出,Around the software industry chain,加速“补短板、锻长板、优服务”,Increase information technology services supply,提升软件产业链现代化水平.

In the context of this industry,Safe operation in its service delivery platform interface、Intensive service ability construction、Professional characteristics such as echelon expert resources,Is gradually explore the cohesion between customers and security vendors better service delivery models.Safe operation is proposedStrengthen the network security service ability、The optimization of network security service level、Lowering the cost of network security serviceThe safety of the service innovation development new path. 

To fully understand security operations,Need to answer the following question.

01 Why need to safety operation?

Safe operation needs comes from within、External factors.

从大环境看,Along with the network security situation at home and abroad of continuous change,Prompted the government to、Enterprises and industry organizations need to push the further iteration of work safety.National level by issuing policies and regulations to promote to enhance compliance control requirements,Strengthen the network security construction of baseline standard,The ability to raise enough to deal with normalized confrontation;Industry organization by publishing industry construction and the evaluation standard、Promote the industry qualification,Promoting industry regulation and industry self-discipline.

From the perspective of enterprises within its own drive,随着数字化转型的深入,More strategic business in the digital after exposed to the environment more risky connections,Strategic business safety has become the necessary basis for the development of enterprise,Then each unit is generally carried out safety construction:Purchase a large number of security equipment、Additional security posts、Set up a security department, etc.But the cost is too high、Security personnel gap big、Factors such as lack of expertise has been plagued by enterprise units.Management and safety for people to get to know,Only good security operation can manifest the value of security equipment、Improve security tools effect、降低安全投入成本,Fully effective operation of the safety system.

Look from the enterprise internal demands,Mainly has the following several problems:

 图注:The challenge for the safe operation and the core driving force enterprise

1) 技术变化快,Into uncontrollable

Network security technology high speed change,High cost of traditional construction method.

图注:A new generation of information technology rapid development

As the global digital transformation of continuous advance,以云计算、大数据、物联网、移动互联网等为代表的新一代信息技术蓬勃发展,Our country also launched a series of digital transformation of the state of the union construction engineering,Promote the development and application of the national information technology.Digital economy become pull the outbreak period an important engine of global growth.With the rapid development of digital technology for enterprises to develop into the strong power,但同时,Also make the enterprise faced with the plight of uncontrollable cost.

In the face of rapid attack technology and means,Safety protection technology and method also needs continuous development and evolution,Relying on traditional purchase equipment to enhance safety protection way is becoming increasingly unrealistic.After learning that the security technology evolution rule and rough calculation after input and output than,Many companies fall into one side is to increase the safety of the construction cost dynamic,On one side is a security risk does not necessarily happen fluky psychology the contradiction of the gaming situation.

2) Attacking side update,Offensive and defensive right, etc

Network security problem increasingly serious,Traditional security means less.

图注:Attacking side upgrade leads to the change of

The new technology environment,Escalating side technology and attack methods,呈现出规模大、Harm is strong、更难发现、More difficult to control等特点.The field of network security、Target and so on all with the development of information technology and customer focus shift changes have taken place in,But enterprise instead of coping mechanisms often relative lag,The traditional reliance on a single product ability and the practice of pile co-action,难以为继.Due to the ability to attack and defense both sides unequal,Lead to enterprise business often under threat at risk.

3) 人才缺口大,维护成本高

The plight of the talent training,Need professional people do professional thing.

图注:The ledge talent gap is big

In addition to purchasing equipment and buying services into,Enterprise demand for security professionals also increased year by year.The current our country network security personnel in the serious shortage of state,According to statistics, gap could be as high as50-100万,And our country network security related professional graduates each year only2万人,Shortage of talent pool in the short term I'm afraid it is difficult to solve.And with the government and enterprises for safety requirements gradually improve,The demand for talent ability have increased,Whether talent“好用”Is the focus of enterprises focus on.

How to make enterprises can focus more on its main business,Reduce the anxiety in security,Is one of the most concerned topic in recent years, enterprises.

02 安全运营的“解题思路”?

Safe operation embodies the systematic safety construction thought:Closely combining with the characteristics of customer business、Enhance the capacity of fusion security、Capacity to deliver、The steps of optimization to provide services to achieve security goals.For customers to reduce costs、Increase service access efficiency、保障业务安全、The pursuit of improving use experience such as systematic solution ability.Through self-built or managed security operating system,Can help enterprises to reduce the safety construction and operation of human、Financial aspects of into,Let the enterprise will be more energy to focus on their core business in the development of,For enterprise development to create real value.

The concept of security operations can in narrow、The generalized two aspects to illustrate:

 图注: “安全运营”的定义

The safety of the special operations to“安全运营中心”As the actual carrier,Based on a set of security operation platform(SOC),Implementation of risk、事件、问题、Vulnerability of several major elements such as centralized safety management.Safe operation in general,Safe operation is no longer a pure technical concept,Technology and platform is a kind of safe operation only externalization form,Its core idea is firstEnterprise security strategy as the core,Secondly, through a systematic integration of security capabilities or resources,Continue to escort for the enterprise's core business,Reduce operating difficulty enterprise security.

Beyond the narrow and broad,Security operation works usually overview for:通过发现、梳理、The way such as refactoring will gradually、工具、Process integration to form standardized、模块化、Flexible call resources,Through to these resources digitization again、智能化处理,Integrating security capabilities in the unified platform,Demand for customers through different scenarios,Rapid formation of a more realistic safety capacity,通过数字化、流程化、Standardization system platform ability formationCan efficiently obtain、低成本投入、Security services continuous iterative optimization ability.

03 The core concept of safety operation

The core concept of safety operation profile can be as three core elementsPPP(People人, Product工具,Process流程)As well as the mutual promotion between the three elements of、Interactional relationship.

图注:The three elements of safety operation core


• 组织:服务组织、管理组织、运营组织、Research and development organization, etc

• 人员:服务人员、管理人员、Echelon expert resources and so on

• 能力:服务能力、研发能力、Quality control ability, etc


• 工具:平台工具、Intelligence tools,分析工具,Defensive tools, etc

• 技术:预测技术、分析技术、防御技术、Disposal technology, etc


• 管理流程、运营流程、服务流程、操作流程、Quality process, etc

Generalized safety operation will be core elements of safety operation is defined as、Three kinds of tools and processes:On the one hand will respectivelyAs the core resource to define,Each kind of element contains a variety of specific landing form;On the other hand in againDiscuss the relationship between the three elements of the core,Emphasizes on safety operation of the linkage between and among the core drive.

Three elements include the contents of the various and complicated.If not in safe operation as a core driver for resources to comb,These elements content is likely to be prolonged spread、无序、The state of stagnation.Personnel ability will be more to the individual as a carrier for reserves and difficult to quickly copy、传递;工具、Technology will be more to stay in the recurring event processing,Repeat made frequent phenomenon of the wheel,技术创新、Tool to optimize the lack of traction;Process is strongly depend on offline management,质量控制难度大,Process flexibility is insufficient.

04 Rock network safe operation practice of

Rock network division based on many years of experience in network security field practice,Based on the understanding of network security situation at home and abroad and in-depth study of the security business philosophy,Comb has been summarized and finally formed the one whole setSecurity operating system theory and construction.

图注:Rock network division security operating system

对内,通过对人、工具、The process of recycling carding,Will all kinds of digital resources、模块化定义,Formed in platform to cultivate ability、To platform bearing capacity and to provide abilityThe sound operation of the integrated service mode.

对外,In the city security operations center、Industry security operations center as the carrier,Practice safe landing business philosophy.Help customers develop regional and industry security professionals、Construction safety innovation research and development ability、Development of security industry chain of ecological、To provide quality and reliable security service,Ultimately achieve security digital transformation.


本文为[Hillstone Network Section]所创,转载请带上原文链接,感谢