Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (12): 1135-.
Previous Articles Next Articles
Online:
Published:
禄 凯1 程 浩1 刘立峰2
通讯作者:
作者简介:
Abstract: The wide application of cloud computing technologies poses new challenges to VPC security monitoring on the cloud platform. VPC monitoring is difficult because of the following factors: large internal traffic, difficult identification of encrypted traffic, insufficient visualization of VPC monitoring, and difficult threat evidence collection. This document describes VPC monitoring. Based on technologies such as AI and SOAR, this document innovatively proposes a layered monitoring and in-depth cloud-network synergy monitoring system, and builds a cloud security monitoring center to implement two-level closed-loop monitoring within and between VPCs, resolving the key points and difficulties of VPC monitoring, build a secure and reliable cloud computing environment. This solution has been verified in practice and meets security compliance requirements. It can detect threats in the VPC in seconds and automatically collect evidence in minutes. It does not affect the normal running of tenant services. It is recommended that this solution be promoted to the entire cloud computing industry.
Key words: cloud cecurity, security monitoring, VPC monitoring, two-level closed-loop, depth monitoring
摘要: 随着云计算技术的广泛应用,对云平台(virtual private cloud,VPC)安全监测提出新的挑战.VPC监测难点在于内部流量较大难以检测、加密流量难以识别、VPC监测可视化能力不足、威胁难以取证.本文深入研究VPC监测,运用AI、安全编排,自动化和响应(security orchestration, automation and response,SOAR)等技术,创新性的提出分层监测、云网安协同联动的纵深监测体系,建设云安全监测中心,实现VPC内部、VPC之间的2级闭环监测,解决了VPC监测的重点和难点,共筑安全可信的云计算环境.此方案经过实践验证,满足安全合规要求,达到VPC内部威胁秒级检测,分钟级自动化取证,不影响租户业务的正常运行,建议向云计算全行业推广使用.
关键词: 云安全, 安全监测, VPC监测, 2级闭环, 纵深监测
禄凯 程浩 刘立峰. 云安全深度监测技术研究与实践[J]. 信息安全研究, 2021, 7(12): 1135-.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.sicris.cn/EN/
http://www.sicris.cn/EN/Y2021/V7/I12/1135
[1] 马力,陈广勇,张振峰,等. GB/T 22239-2019信息安全技术 网络安全等级保护基本要求[S].北京:国家市场监督管理总局, , 2019
[2] 默安科技.等保2.0安全管理中心要求解读[OL].(2019-07-18)[2020-12-20].https://www.aqniu.com/vendor/51509.html
[3] 禄凯,赵睿斌,闫桂勋,等. T/CIIA 005-2019政务网络安全监测平台总体技术要求[S].中国信息协会, 2019
[4]陈鹏,秦宇,周云峰,等.面向网络安全等级保护2.0的零信任数据安全技术研究[C]//2019中国网络安全等级保护和关键信息基础设施保护大会论文集.北京:《信息网络安全》北京编辑部,2019:198-201
[5]朱京毅,罗汉斌.基于动态行为与网络流量分析技术的威胁检测研究[J],电信工程技术与标准化,2020,33(12):25-29
[6]云安全联盟CSA.云计算的顶级威胁:深度分析[OL]. (2018-12-03)[2021-02-11].https://www.freebuf.com/column/191069.html
[7] 董亮,阚新生,胡伟雄,等.云平台安全技术架构研究[J], 电信快报,2021,(6):14-18
[8]景晓勇.基于网络安全等级保护2.0的私有云平台安全防护研究[C] //2019中国网络安全等级保护和关键信息基础设施保护大会论文集.北京:《信息网络安全》北京编辑部,2019:124-127
[9]李荣,张琪,吴邱涵.基于PDRR模型的应急响应服务应用研究[J], 网络安全和信息化,2021,(1):134-137
[10]赵粤征,叶建伟,贠珊,等.基于SOAR的安全运营自动化关键技术构建及未来演进方向[J].信息技术与网络安全,2021,40(3):19-27
[11]许暖,韩志峰,郑瑞刚.基于分级分类的安全编排技术在网络安全应急响应中的应用探索[J].网络空间安全,2021,12(Z1):45-53