IoT Security Situational Awareness Platform
End to end security mechanism, the way to obtain information not only comes from the IOT platform, but also from the underlying operating system and software of IOT terminal, as well as the signaling and data bills on the pipeline side, with full tracking.
Supports IOT protocol library and malicious program feature library to identify different Internet of things protocols and extract features, compare the flow characteristics of IoT terminal with malicious program feature library and protocol library, ao as to accurately identify malicious behaviors such as remote control, SQL injection, WAF, etc.
The big data modeling technology is used to model various terminal behaviors of different IOT services, and the matching and comparison are conducted according to the characteristic behavior library to determine whether the terminal type and behavior conform to the behavior baseline.
Flexible deployment mode can provide independent deployment mode, virtual host deployment mode, virtual container deployment mode and other deployment methods.
High performance processing capacity, which can provide 1Ge, 10Ge, 40Ge and other interfaces, fully meet the needs of different users.
Provides user management, role management, organization management, menu management, log audit and other functions.
It can respond to the supervision instructions issued by the superior system, implement and track the monitoring process, and evaluate the monitoring effect according to the instruction feedback.
Supports the analysis of security situation according to the dimensions of industry, platform, vulnerability and equipment/terminal, and can display and analyze asset distribution, vulnerability distribution, industry distribution, equipment type distribution and situation of incidents.
Supports receiving the pre-alarm for security issued by the superior system. According to the emergency degree, development trend and possible harm degree of the security, it can understand the impact to its own network and system, start the corresponding emergency management plan, take emergency measures, and save the evidence and log records of alarms, so as to timely report the situation, progress and disposal results back to the superior system.
Through network traffic analysis, log analysis, and other security business system docking,the system collects, stores, analyzes, generates and submits security event logs. The security risk is determined according to the type and frequency of events and the proportion of terminals/devices with events in similar devices to provide the basis for traceability and command of incidents.
IoT terminal / device identification is a code assigned by an enterprise and can uniquely identify the IoT equipment. Generally, it adopts international and domestic common specifications or enterprise custom specifications for coding; the IOT security situation awareness platform can manage, query and trace the terminal / equipment according to the identification or IMSI number, and support the submission and query mechanism of equipment identification.
The system uses log retention, flow collection and other technical means to collect, generate and save a full amount of equipment access logs, access log reporting and query functions.
The basic resource data of the IoT includes the enterprise subject information of the IoT platform, the information of the application service provider of the IoT, the application service information and the terminal / equipment information of the IoT; the system supports the import of basic resource data from the business management platform of the Internet of things.