Details about Alibaba Cloud Situational Awareness Service:
Alibaba Cloud Situational Awareness Service Tutorial
(Situational Awareness is a big data security analysis platform that can alert all assets on your cloud, and use machine learning to discover potential intrusions and highly stealthy attacks, retrospect the attack history, and predict upcoming security incidents.)
Product Overview
Situational awareness collects 20 kinds of original logs and cyberspace hacker entity threat intelligence, and uses machine learning to restore attacks that have occurred and predict attacks that have not occurred.
Help customers solve problems
- After the business is migrated to the cloud, the centralized management of security events
- Expand security visibility and monitor in real time
- Meet security compliance, 180 days of log storage and retrieval
Application scenarios
- Monitor the overall security on the cloud in real time, alert more than 40 types of security events, calculate security scores, and receive security daily reports by email
- Regularly conduct vulnerability scans on cloud websites, monitor and repair vulnerabilities
- Trace back the intrusion events that occurred in ECS, such as backdoor shell, malware, encrypted and ransomware of core data, etc., to find out the reason of the intrusion and the whole process of the intrusion
- Retrieve web access logs, investigate the number of visits, count and analyze the original log information of various dimensions
- For AK leaks, monitor network intrusion events, monitor DDoS attack events, monitor ECS for malicious behavior, and monitor ECS open ports in real time
Before building a cloud security system
:
Weakness analysis, asset situation monitoring, asset dependency sorting, regular vulnerability scanning, security configuration monitoring
Prevention: Vulnerability patching, asset vulnerability alerts During
the event:
intrusion detection, attack identification, anomaly detection, and real-time discovery of the web layer , host layer attack, real-time detection of intrusion events through network-wide threat intelligence and big data analysis
Blocking: attack blocking, intrusion prevention
after the event:
retrospective: retrospect and investigate security events, and provide full original log retrieval function, Conduct custom investigations into impact of attack events and posture of system defense effectiveness
The core idea of cyberspace situational awareness is
different from traditional IDC and SIEM (which only correlates identified alarm events), analyzes information from massive raw data, and completes the complete restoration of the security event process through machine learning models. At the same time, situational awareness focuses on the "enemy and enemy situation", and conducts long-term threat intelligence monitoring and action point technical means observation of enemy entities (hackers themselves, hacker organizations), and conducts real-time perception of our weak links, which is important for security decision-making. reference.
Product Architecture
Cloud Shield Situational Awareness provides a SaaS service, that is, in a large-scale cloud computing environment, it can comprehensively, quickly and accurately capture and analyze those elements that can cause changes in the network security situation. Then, the current security threats encountered by customers are correlated with past threats and big data analysis is carried out to finally produce the threat risk of security incidents that may occur in the future, and provide a systematic security solution.
More excellent courses:
Getting Started with Cloud Storage Object Storage OSS
Load Balancing Getting Started and Product Usage Guide
Alibaba Cloud University Official Website (Alibaba Cloud University - Official Website, Innovative Talent Workshop under the Cloud Ecosystem )