Situation analysis and security operation system

Product Service

Special Topics in Security

Security Research

About Us

About Topsec

China's leading cyber security, big data and cloud service provider

Learn about Topsec

Company Profile

Contact Us

Zero Trust

Build a dual system security framework of zero trust inference and trusted inference.

Background

With the rapid development of cloud computing, big data, IoT, mobile Internet, artificial intelligence and other technologies, more and more enterprises and organizations are providing services based on these new technologies, which have intensified the risk for them to be attacked by domestic and foreign hacker organizations, despite the conveniences. Given the growing information security risks, and the increasing difficulties and time required to detect attacks, it's essential to set up professional security operation teams and platforms, to gather the security data of enterprises and organizations, implement in-depth analysis, and achieve fast processing, so as to address the growing risks.

Activity & Announcement

Hot products Next Generation Firewall
Typical cases CNCC security construction project

Situation Awareness System Overview

Topsec Situation Awareness System (TopSA) is designed based on big data architecture, and is combined with multiple probe devices, to collect multi-source heterogeneous security data by applying active and passive collection. The system can implement the in-depth analysis of massive security data by search, investigation, scenario, and correlation analysis, and can also be intensively configured and linked fast to various security devices. In addition, the system can also provide comprehensive threat intelligence database, and dock with the external threat intelligence, analyze and display the situation comprehensively from the dimension of assets, loopholes, attacks, threats, and disposals, etc.

Advantages

Multi-dimensional situation supports decision-making

The dimensions of situation analysis include network-wide situation, threat situation, security map, security disposal, asset situation, attack situation, vulnerability situation, website monitoring, malicious program situation, three-screen situation and other situations, assisting decision makers to achieve overall control, which can satisfy the goals of real-time situational awareness in different industries, accurate security monitoring, timely emergency response and disposal, and thus enhance the risk identification efficiency and rapid disposal capabilities.

All-round centralized management and control

It centrally manages all types of security products such as firewall, TVD, EDR, vulnerability scanner, and realizes centralized configuration backup, policy management, and status monitoring. Device configuration backup supports automated backup and difference comparison. Device policy management supports acquiring, editing and issuing device policies to improve security operation efficiency. Device status monitoring supports real-time monitoring to dynamically learn about the security device's state of health.

Automated response scheduling

Response orchestration can automatically drive the protection equipment to perform attack blocking operations according to the set policy rules, which reduces the difficulty of security operations and improves efficiency when facing multiple threat attacks. The system adopts intelligent correlation analysis technology to extract security logs from massive data, and the security logs serves as the basic data to support scenario analysis and policy scheduling. The system supports combined scenario scheduling through alarm logs, threat intelligence, vulnerabilities and other related data. Different scenarios quickly correlate control strategies and execution devices to realize automated threat disposal capabilities, greatly enhancing the efficiency of threat disposal.

Flexible access for multi-vendor probes

The system utilizes syslog, snmp and other active or passive collection methods to realize multi-source heterogeneous security data collection. It supports the docking of Topsec's own equipment and the flexible access of non-Topsec's equipment, and the types of access equipment include but are not limited to anti-DDOS, EDR, network/database auditing, firewall, IDS, IPS, unified threat management, WAF and other types of security protection equipment.

Application

Scenario

Topsec Situation Awareness System (TopSA) is designed to detect, track, and predict the network-wide security situation, and sound corresponding alarms. It can master the cybersecurity situation, timely handle cybersecurity threats, risks and potential hazards, dynamically monitor loopholes, virus and Trojans, as well as network attacks, discover clues of cybersecurity incidents fast, warn and report key cybersecurity threats accurately, so as to achieve real-time cybersecurity management, accurate security monitoring, timely emergency disposal, and other objectives, and finally enhance the capacity to identify and solve cybersecurity risks, and manage overall cybersecurity intelligently.

Issues Resolved

Network-wide security risks are intensively collected, monitored and analyzed.
A full-life-cycle security operation management is established, covering incident detection, discovery, analysis, identification and disposal.
Cybersecurity governance is normalized and standardized.

Scenario

By following the national supervisory requirements, the system adopts the horizontal design of data aggregation and processing subsystem, data center, analysis and disposal subsystem, and situation display system from bottom to top in combination with the vertical construction of security protection and operation maintenance, to build a network-wide supervision platform architecture, and enhance the real-time monitoring, intelligent supervision, notification and early warning, as well as other corresponding security protection against network-wide transmission disclosures, attacks and theft, as well as illegal actions.

Issues Resolved

Multi-source heterogeneous logs are uniformly collected, unified and analyzed, solving security islands and log dispersion problems.
Big data architecture model and second response of massive data improve the efficiency of investigation, evidence collection, and tracking.
Flexible modeling analysis and visible dragging mode make security analysis much easier.
Multi-dimensional display and comprehensive security portraits ensure comprehensive network-wide security analysis.

Value to Customers

Solution to security islands, intensive log management

The system can collect, manage, search, and analyze all sorts of security device logs uniformly throughout the network, break through the restrictions of security device data islands and single analysis, and then build a network-wide coordinated defense-in-depth system.

Fast disposal response, unified commanding and decision-making

The system can summarize and analyze all security log data by intensively managing alarms, incidents, loopholes and other potential security hazards, and then display network-wide security trends on the big screen from different dimensions, to enhance the capacity of security detection, fast response, and tracking.

Comprehensive security supervision, intelligent dispatch response

Based on advanced and mature big data technologies, the system is designed to build a comprehensive, intelligent and visible security supervision framework, and set up a corresponding supervision center, to identify risks on a continuous basis, master the current situation of security control comprehensively.

Relevant Recommendations

Product Recommendation

Special Recommendation

News Recommendation