After public bidding and multiple rounds of performance comparison tests, Ruijie Network RG-BDS big data security platform, with excellent security analysis performance, undertook the construction of Qinghai Tax Bureau security situation awareness core platform. Based on various types of traffic and log data analysis, using big data, artificial intelligence/machine learning/deep learning and other advanced security analysis technologies, combined with a large number of black and white samples, The machine automatically learns the attack method of hackers and automatically outputs the detection model; Machine learning is used to counter the ever-escalating hacker attack means, and the key attack chain links such as phishing email/supply chain attack penetration, hacker remote control communication (including WebShell backdoor communication), hacking attacks and internal violations of employees, covert channel leakage are comprehensively covered. Let the Qinghai Provincial Tax Bureau Information Center business security monitoring ability has been comprehensively improved! Really do the whole network, the whole network can see!
Through the actual operation after the launch of the platform, RG-BDS helps users to further improve the efficiency of security management, specifically as follows:
1. Second-level query: Understandable security logs
In accordance with the principle of "sufficient collection", collect the network and related logs of the tax system first. Traditional network devices, such as network devices, security devices, and terminal devices, are connected first. Standardized log formats are used to add logs.
Figure 1 Schematic diagram of optional fields for RG-BDS log standardization
In addition, when the amount of logs reaches a large number, how to query becomes an unavoidable problem for managers. The query and pursuit based on date, asset name and specific IP become the starting point of users' daily work. The underlying architecture of big data and the log-query method adopted by RG-BDS can not only conduct the query in the clear architecture logic, but also make the speed of information retrieval reach the "level of seconds".
Ii. DBS+BDS: Break through the database audit dilemma
The overall structure of Qinghai Tax Bureau adopts the concept of heterogeneous security defense in depth, and combines the database audit equipment of security manufacturers in the database audit level. However, in the actual application, it is found that the audit data cannot be recorded for some databases, such as redis, oracle 9 and other types of databases. When redis related data reaches the database audit equipment, The relevant data cannot be identified from the device, let alone meet the requirements of the audit content required by the customer.
To solve this problem, the Information Center of Qinghai Provincial Tax Bureau adopted Ruijie Network RG-DBS database audit equipment. After the equipment went online, the audit data of redis database was completely restored, the database that could not be audited before was unified sorted out, and the audit rules were improved according to customer requirements. At the same time, RG-DBS and RG-BDS interwork to input audit data into RG-BDS in a unified manner, realizing the joint monitoring of DBS and BDS.
Figure 2 Interworking between RG-BDS and RG-DBS
Third, the whole network cooperation to make safe, controllable and visible
Log collection is only the first step. Discovering all kinds of security events through log collection is the core demand of network security log retention of tax information system. Through the security analysis function of BDS based on big data log, through the collection of multi-dimensional security attack perception information of basic network, middleware, business system, terminal, security equipment and other aspects, combined with the key technologies such as deep analysis and machine learning, the timely discovery and accurate positioning of the attack behaviors in the user network can be realized. And through the attack source tracing, merge alarm and other ways of visual presentation, so that there is no hiding in the network attack behavior. It has built a security network protection system with four features: discoverable, cooperative, predictable and measurable.
Figure 3 RG-BDS situational awareness page
Customer revenue
Deploying security devices alone does not mean improving security capabilities. Crossing the gap between security equipment and real security, and realizing the organic combination and efficient collaboration of "people + platform + equipment", is to provide real security for customers.
Through the mechanism of cloud intelligent analysis system, security knowledge base system, security expert consultation and work order tracking closed-loop of BDS big data security platform, Qinghai Tax Bureau Information Center builds a multi-linkage three-dimensional active defense security system, realizing the gap from security equipment to real security.
Today, the IT environment is increasingly complex and the system scale is rapidly expanding. In order to provide solid logistics support and technical support for tax work, Ruijie Network RG-BDS will further build a security situation awareness platform for the whole network, and escort the tax informatization work of Qinghai Province!
