1. Network security equipment
A network security device is a protective barrier composed of software and hardware devices, constructed on the interface between the internal network and the external network, and between the private network and the public network. It has different functions for different application scenarios. Common The security equipment includes firewall, situational awareness, IDS, IPS, full traffic analysis, vulnerability scanning, honeypot, secure email, EDR and so on.
2. Situational awareness
Situational awareness is an environment-based, dynamic, and holistic ability to understand security risks. It is based on security big data and a way to improve the ability to discover, identify, understand, analyze, and respond to security threats from a global perspective. Ultimately, it is for decision-making and action, and it is the implementation of security capabilities
3. Honeypot
The word honeypot was first used by hunters, yes, people who go hunting in the mountains. Hunters filled jars with honey and set up traps designed to catch bears with a sweet tooth. Later, in the field of network security, people called the bait to deceive the attacker a "honeypot".
4. Threat intelligence
Threat intelligence refers to the collection, analysis and processing of malicious activities in the field of network security to form intelligence information about network threats so that timely measures can be taken to ensure network security. Threat intelligence mainly includes intelligence information on malware, cyber attacks, and cyber crimes.
Threat intelligence can help network security personnel understand the current threat situation, discover and identify security threats in a timely manner, and take corresponding countermeasures. The sources of threat intelligence include self-collection, sharing and communication, etc., and its analysis and processing process needs to rely on various technical means, such as threat intelligence analysis tools, intelligence exchange platforms, etc. The importance of threat intelligence has gradually attracted widespread attention and has become an indispensable part of network security work.
5. Sandbox
Sandbox refers to a virtual environment used in the security testing and development process, which can simulate the real operating system and application environment for security testing, malware analysis, vulnerability mining and other operations, while not affecting the real environment. make an impact.
In the sandbox, untrusted applications and codes can be run while monitoring their behavior and impact, so that security issues can be discovered and dealt with in a timely manner. Sandboxes usually have functions such as isolation, snapshot, restoration, and debugging, which can help researchers deeply analyze the behavior and characteristics of malicious code, and discover potential vulnerabilities and security risks.
Sandboxes are widely used in malware analysis, vulnerability mining, network security testing, application development and testing, etc., which can help improve security and reliability, and reduce security risks and losses.
6. Terminal protection
Endpoint Detection and Response (EDR) is software designed to automatically protect an organization's end users, endpoint devices, and IT assets from cyber threats that breach the security defenses of antivirus software and other traditional endpoint security tools. EDR will continuously collect data from all endpoints on the network (desktops and laptops, servers, mobile devices, IoT (Internet of Things) devices, etc.). It will analyze this data in real time for evidence of known or suspected cyber threats and can respond automatically to prevent or minimize damage from identified threats.
Cyber Security Learning Path
