Separation and Combination

Others 2020-02-17 07:51:56 views: null

Saturday, January 4, 2020

6:13 PM

 

WHEN

From early access to the SDN controller ( https://www.cnblogs.com/pmyewei/p/6262441.html onwards), I have been thinking about how good centralized management of distributed systems to be split into a bunch of failures increase node, originally distributed controller system have to put forward a unified management of up to become incompatible with each other.

Imagine such a distributed system,

  1. Each node in the same standard design, different manufacturers, different specifications of the devices can all communicate via the same protocol.
  2. The system provides the ability for the upper standard service, the service layer is no need to consider what the underlying device manufacturers use.
  3. Add new nodes seamlessly total capacity expansion.
  4. Failure of any one node, after a short period of convergence can be restored.

 It appears to be very magical, but it is a traditional switch network. Silently forward data through two and three standard protocols between network devices. The disadvantage of such a system is also very clear:

  1. Each device determined in accordance with its own rules forwarding policy, does not reflect the will of managers (black box), senior business strategy can not be converted to network design and configuration.
  2. Business performance throughout the system is not on, you can not execute commands dynamically modified to block malicious traffic or traffic priority to ensure that services are available.
  3. Each node managed separately, can not be automated by programmatically on the existing infrastructure.

The purpose of the SDN centralized controller appears to solve these problems.

WHAT

The content now appears as ignorant, thinking that time seemed a bit "lower." However, after entering the security industry, this problem came out again and that bothers me.

Firewall desperately to prove how strong processing performance, how good analytical ability. Antivirus report directly face rejection, to prove how high detection rate, false alarm rate is very low. SOC showcase a variety of powerful analysis capabilities. Yet still the star out of the portfolio "to your life 3000" and accidents. What's the problem?

 

WHY

In this process, I have basic knowledge about security and gradually form:

1, security threats faster than the rate of change in defensive speed.

     Or rely on a signature feature of all is the understanding of the way the defense of the old world, waiting for the outbreak, when we create a new awareness has suffered heavy losses.

2, a single safety of ability can not be protection.

     Firewall of ability there is really nothing 0day exploits, host protection is never too high not guard SQL injection, waf worse then there is really nothing to learn from lateral movement. Martial arts no matter how high are also afraid of knives.

3, security for business services.

     House collapsed, the door intact standing there, It's a bit funny. Solutions segment comic to say it drowned their sorrows.

 

HOW

Based on these three cognitive, I once again began looking for an ideal security centralized management system, the difference is that this time is to find a problem, then start looking for the starting system. The whole system is trying to solve the unknown threat of response to it.

The problem with this centralized management system should be addressed include:

1, and have the ability to self-blood transfusion

     Self Hematopoietic: dependence but updated signature database, to discover unknown threats, unknown threats blocked by existing capacity.

     Blood transfusion: the ability to support external intelligence input their own body's immune system to build unknown threats. The antibody capable of (intelligence) self-generated shared out.

2, with the overall threat analysis and response capability

     IPS may have the ability to analyze, the ability to analyze the WAF, EDR can have the ability to analyze, but limited to a single point position themselves, they can not know the true colors.

     Firewall can block the ability of anti-virus can block the ability to have access to the terminal blocking ability, but blocks on a single point, they can not cover all the way.

3, for the state of the asset have enough knowledge.

     Security policy can not exist independently from the business. Business have been completely unavailable, and security policy but no output, that means there have been significant deviation security policy, security capabilities did not play a protective role on the assets, and to avoid this situation should be found as soon as possible.

 

WHO

The final answer is given by a set of threat intelligence-driven security automation system , which may require the construction of multiple systems, multiple sets of protocols, as well as a large number of the transformation of existing capacity.

It is resolved:

1, based on the existing security capabilities on a continuous self-evolution of the immune system security

2, more automated and comprehensive event processing flow

3, asset risk in line with the principles of CARTA continuous monitoring and evaluation system

It can not solve:

1, for blocking the attack. The ability to block attacks or dependent basis.

2, qualitative analysis of serious incidents. Participation in decision-security analysts, is essential.

 

The final landing certainly difficulties, difficulties that may face include but are not limited to: 1, the lack of goals, the final objective to be achieved is not clear. Before a consensus is certainly flourishing, eventually most of them seek muffler trace in history. 2, the lack of strong leadership, there is not only related to traditional security team, but also includes business team, Friends of the industry. 3, the establishment of standards, among a large number of systems need to interact with content are dependent uniform standard, if the lack of support the standard, even if built will eventually become a "ghost town." However, the most likely first floor of similar systems or cloud vendors.

Cloud has a unique advantage:

1, self-contained, no thankless job fit

Characteristics of the various components of the protection system which is to be expected, and capable of supporting the development. According to the optimal use of the effect can be to design the best user experience. Not consider the integration of a plurality of manufacturers, the minimum set of capabilities regardless of the various manufacturers.

2, a high degree of protection system of the software, the ability to smooth iteration

High degree of variety of software protection, or to add new features into a unified management system easier.

Guess you like

Origin www.cnblogs.com/pmyewei/p/12319792.html
Recommended
Ranking
A quick primer on numpy basics
Two sister tease python project
Java | Multiple keywords in the replacement content are returned to the front end in red style
C ++: references
The string leetcood 1018 is a binary prefix divisible by 5
Flutter 布局组件
Java combat spingboot-redis
PMP pre-exam sprint and wrong questions sorting
ActiveMq C# Message Features: Delayed and Timed Message Delivery
DSP28377S_ copy a program from the RAM to FLASH portion DETAILS
Daily
More
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)

Code World

© 2018 codetd.com