At present, network information construction coexists with security risks. With the continuous expansion of network scale, risks from different dimensions, such as internal security problems and access security problems, may be introduced. Network security is no longer a problem that can be solved by single virus detection or access control, but needs to give play to the collective security efficiency of equipment, fully tap the security potential of network equipment, enabling the construction of the whole network security system. Based on this, Ruijie put forward "network + security" whole network security solution.
With the significant increase in the demand for network security protection in enterprises' digital transformation, the concept of "network + security" has attracted the attention of many industry users. In order to explore the application of this concept in enterprise security management, Ruijie United Security Cattle surveyed many well-known users in government, medical and education, and released the "Network + Security" whole network security Solution Application White Paper on program completeness, technology practicality and budget implementability.
The construction of network security must be carried out simultaneously with the construction of network, and the risk warning and disposal should be carried out by means of linkage protection. Let's go back to the question itself, what value can be brought to users by mining the security potential in network equipment, and how can users realize "network + security" and "network + security" industry application?
01 Integration of network and security products improves the efficiency of network security construction
The security features and data of network equipment are combined with security equipment to form a joint force to build the security detection and defense system of the whole network, which is the core of "network + security". Can fully tapping the security potential of network equipment empower the construction of the security system of the whole network? The answer is yes.
Firstly, the effective use of the security attributes of network products can improve the deployment efficiency of network security. During new network and service planning, the security planning sometimes lags behind the network planning, which may cause security risks. Using the network traffic data in network devices and the security attributes in network devices can reduce the security risks caused by the asynchronous construction time difference. Secondly, mining security capabilities and data values in network products can save security construction costs. Finally, the linkage of network products and security products can realize the emergency treatment of each level and boundary of the network.
Network security construction is an important component of information construction, network and security products can be effectively combined, this combination will improve the efficiency and effect of network security construction.
02 Network and security products work together to build an entire network security protection system
In the actual network construction, how to realize "network + security"?
Network threats continue to escalate, under a reasonable security budget, the efficient detection of virus horizontal movement has been a difficult problem. Under the concept of "network + security", users can take full advantage of idle CPU performance of existing network switches, and combine sFlow technology and big data security platform to provide security detection capability at the network edge and reduce deployment costs.
Link the big data security platform with the access switch to detect the whole network coverage of east-west threat diffusion. Based on the analysis of the big data security platform, each sFlow access layer switch is reused as a "security micro probe" to ensure horizontal Intranet security. Using Ruijie big data security platform, users can collect data of switching, routing, gateway and wireless devices, and conduct analysis and early warning in conjunction with cloud threat intelligence, which greatly improves the security analysis ability of the whole network.
After security problems are found in time, the SDN controller or network devices are connected directly to complete intelligent cooperation, and the whole process of security problem detection, security threat analysis, accurate location of the source of infection, security policy delivery, and problem host isolation are processed in an automatic way, so as to quickly close the loop in security incident response.
03 Network and Security provides effective security support for users of various industries
Ruijie "network + security" whole network security solution has been widely used in the government, medical, education, finance and enterprise industries, to provide effective security support for users.
In the Internet exit scene of colleges and universities, Ruijie big data security platform is linked with online behavior management and authentication system to realize the security analysis of all teachers and students' online behavior data real-name system. In the scenario of high staff density, high staff turnover and high access demand in colleges and universities, the "network + security" system is implemented in the whole network to meet the needs of users to efficiently realize the security monitoring of the whole network. Hundreds of access switches are used as traffic collection points to link the big data security platform to discover a large number of risk behaviors such as horizontal spread of viruses in time.
In the universal education MAN, horizontal diffusion of the virus at the user terminal may infect any school in the area, while upward diffusion may easily infect regional nodes. In a MAN, it is difficult to accurately locate the specific user from which school the infection source is from. In such scenarios, through the linkage of the big data security platform with switches, gateways, and SDN/SDWAN controllers, the Education bureau can quickly and accurately locate the security threat source and implement timely isolation and protection.
In the Intranet, which is the core of the hospital, with the increase of business, the hospital needs to further improve the overall operation and maintenance efficiency. The linkage between the security big data platform and the IT operation and maintenance system enables one platform to complete the integrated operation and maintenance of network and security, greatly improving the operation and maintenance efficiency. In view of the security monitoring requirements of the whole network in the multi-terminal scenario of the hospital, the security big data platform is linked with the access switch to monitor the horizontal traffic of the whole network, which improves the overall security detection capability of the hospital.
end
With the development of enterprise digital transformation, enterprises tend to plan network security construction and network construction as a whole. As time goes by, the boundary between network equipment and security equipment will be further blurred. "Network + Security" builds a security detection and defense system for the whole network, helping users to achieve a more capable security protection, more comprehensive detection and defense, and more efficient operation system in the construction of network security.
