The Analysis and Implementation of Security Operations Center
|School||Beijing University of Posts and Telecommunications|
|Keywords||JMX Security incident correlation analysis STRUTS Risk Management Security Operations Center|
In recent years, with the increase of the network security products, the topological and structure of network became more complex, network security management becomes necessary. To solve these problems, the security vendors proposed different safety management solutions from different aspects, produce certain effect. Yet these solutions in a certain extent, solve the technical problems of safety, but could not fundamentally all kinds of safety management issues.Security Operations Center, is the development of safety management field in a new direction. It is defined as the core, with assets of safety management for the key processes, events by security domain of thoughts and the establishment of a real assets, assist the manager to risk model analysis, risk analysis, event management and emergency response warning with concentrated safety management system..Firstly, the paper researches the problems the current network safe protection system facing, and discusses the necessity of network security management, and on this basis, gives a SOC of the whole system design and implementation. Finally, the paper discusses the market prospect of the platform, and puts forward some ideas for future development trends.This research mainly include1) SOC positioningAlthough in domestic has been SOC were introduced, but for many years. No one is always accurate positioning. This essay traces the origin of SOC, and based on the origin, put forward the accurate location. Point out Asset management, Security incident correlation analysis and business, should be the main direction and the elements of SOC2) Struts and JMX frameworkThis paper introduces the Struts and JMX frame. And based on this, puts forward based on Struts and JMX framework implementation of universal realization of SOC.Specific to JMX framework, we on the basis of JMX specification,treat each module of SOC as JMX management member. Treat MBean Server as regist component into each module The centralized management system, JMX as the functional modules. Realize the modular, component structure.Specifically, we research into Struts framework. Discuss the method of haw to use Struts framework In the WEB application system in SOC based on MVC, and use LazyValidatorForm realized quick development.3) The whole system design of SOCThis paper analyzes the needs of SOC, according to the needs, proposed the performance index and Given a SOC of the whole system framework, include assets module, risk analysis module, event analyze module, intelligent alarm module, monitoring module, and mark each module and equipment, users, and external systems and the interface relations.4) main functional modulesDue to the relatively large complex SOC system, this paper mainly describe the enforce of analyzing module, monitoring module, alarm module. In analysis module the graph is given by means of three function modules together use of public interface design, and emphatically describes the calendar In the history of event analyze, In monitor module as there are too much targets, only gives the realization of equipment room monitor, In alarm module describes the detailed realization of rule management module.