Details about Ali Cloud situational Awareness service:
Ali Cloud Situational Awareness service usage tutorial
(Situational Awareness is a big data security analysis platform that alerts all assets on your cloud and uses machine learning to detect potential intrusions and highly covert attacks, trace attack history, and predict upcoming security events.)
Product overview
Situational awareness collects 20 kinds of enterprise raw logs and cyber space hacker entity threat intelligence, uses machine learning to restore the attacks that have occurred and predict the attacks that have not occurred.
Help customers solve problems
In the cloud service, centralized management of security events enhances security visibility, and real-time monitoring meets security compliance, and 180 days of log storage and retrieval application scenarios
Real-time monitoring on the cloud overall safety, events of more than 40 kinds of security alarms, and calculate the safety score, daily mail receiving security Vulnerability scanning was carried out on the cloud web site periodically and do leak monitoring, and bug fixes to the ECS of intrusion events, such as the back shell, malicious software, the core data is encrypted and blackmail to carry on the back, The cause of invasion and the whole process of the invasion To retrieve of web access log, traffic investigation, statistics and analysis of various dimensions of the original log information on AK, monitoring network intrusion events, monitoring DDoS attacks, monitor the ECS presence of malicious behavior, and open to the ECS of port construction of real-time monitoring on cloud security system
In advance:
Vulnerability analysis, asset situation monitoring, asset dependency relationship sorting, periodic vulnerability scanning, security configuration monitoring prevention: Vulnerability patch, asset vulnerability alarm:
Intrusion detection, attack identification, anomaly detection, real-time detection of web layer and host layer attacks, real-time detection and blocking of intrusion events through whole-network threat intelligence and big data analysis: attack blocking, intrusion prevention after:
Backtracking: The core idea of cyber space situational awareness is to backtrack and investigate security events and provide the retrieval function of full original logs, and to customize the impact of attack events and the situation of system defense effects
Different from traditional IDC and SIEM (which only associate identified alarm events), it analyzes information from massive raw data and restores the process of security events through machine learning models. At the same time, situational awareness focuses on “enemy and mine situation”, carries out long-term threat intelligence monitoring and action point technical means observation on enemy entities (hackers themselves and hacker organizations), and carries out real-time perception on our weak links, which has important reference significance for security decision-making.
Product Architecture Cloud Shield Situational Awareness is a SaaS service that provides comprehensive, rapid and accurate capture and analysis of the elements that can cause changes in cyber security situations in a large-scale cloud computing environment. Then, the customer’s current security threats and past threats are related to backtracking and big data analysis, ultimately producing the threat risk of future security events, and providing a systematic security solution.
More excellent courses:
7 days to play cloud server
Redis version of the cloud database using tutorial
Play cloud storage object storage OSS introduction
Ali Cloud CDN use tutorial
Load Balancing Introduction and Product Usage Guide
Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)