Policy visualization platform

With the escalating threat to the network security, it is necessary to not only understand various network attack means, but also fundamentally improve the inherent network security defense, master the own network architecture, know the division and deployment of security domain and adjust security strategies, and define the traffic anomalies and dangerous behaviors.

ABT security policy adaptive analysis and big data visualization platform aims to enhance the defense capabilities to various internal and external threats by improving the network's own immunity, so as to fully and comprehensively help the industry users to create the combat panorama of network security defense system, improve the passive defense of various threats into active deployment, and achieve path visualization, policy visualization, traffic visualization, risk visualization, threat visualization and change visualization. ABT security policy adaptive analysis and big data visualization platform can be widely used in vertical industry network, cloud computing platform and large local area network and other scenes, and bring the following values to users：

• Full visualization of network security policy and path for security domains, services and users

• Contextual visualization of servicequality, user behavior, abnormal traffic and security risk

• Visualized awareness of network security risk, improving security prediction and defense capabilities

ABT security policy adaptive analysis and big data visualization platform is divided into the basic policy layers, traffic analysis layer and capability superposition layer. In the basic policy layer, the large-screen rendering platform of dynamic visualization map should be built for the security policy and access path; in the traffic analysis layer, the service performance visualization, security status visualization in the abnormal traffic visualization should be achieved; and for capacity overlay layer, the third-party monitoring event superposition, threat intelligence and security situation integration should be achieved, and the effect of correlation analysis should be obtained. The principle of platform work is to extract multi-directional security policy and user traffic probe data and third-party intelligence data, and realize monitoring, presentation and response by relying on distributed big data analysis technology.

Security domain infrastructure visualization

It implements the automatic extraction and analysis management of equipment security policy information such as network firewall, router and switch, which includes routing information, access control and NAT policy that affect data security, and it uses visualization technology to realize the visualization of network security domain infrastructure.

Security compliance path visualization

It can analyze the compliance baseline policy of key data of each core service system in combination with the service process, application architecture and data structure of each industry, and realize the query and display of the service-based compliant path in the security domain infrastructure layer and make an early warning of network risk, so as to achieve the visualization analysis of core service threat.

Security baseline matrix visualization

Through the analysis of the network security policy system and service system to the industry users, it can establish the security policy matrix between the security domains, the security policy matrix between the systems, the security policy matrix between the users and the system, and implement the visualization display of security policy compliance matrix, and realize the automatic visualization warning of the behavior that violates the policy baseline through the continuous monitoring of baseline.

Security policy management visualization

It can manage and change the visualization of the security policy in the whole network, analyze the redundancy, conflict and invalid strategies of the related equipment, and help the user to eliminate the user configuration risk. Combined with worktraffic and user rights, it can achieve the whole process of visualization of change application, analysis and approval of the policy.

Service traffic security visualization

Based on DPI deep identification and big data technology, it can identify service type, monitor specific service traffic, conversation, delay, success rate, packet length, access area and other network indicators through the user, network, application, protocol, server and other dimensions, summarize the service indicators baseline, and make a retrospective analysis of baseline alarm and historical information.

Security capability superpositionand threat visualization

It can provide rapid retrieval and mining of massive data at any time, effectively stack different security detection and defense capabilities, and implements the data association, screening and filtering and deep analysis based on big data technology and realizes the integrated network security situation visualization of security path, service traffic, security events and threat intelligence.

ABT security policy adaptive analysis and big data visualization platform carries out continuous monitoring and analysiswith the use of visual means, forming a closed-loop of defense, detection, response and prediction, it can learn user behavior and dynamic evolution policy to match the user behavior, and the fine-grained response ensures service continuity, the adaptive security architecture, in the face of advanced targeted attacks, fights against the ever-changing network security threats and risks gradually. It has been selected as the network security pilot demonstration project in the telecommunications and Internet industry by the Ministry of Industry and Information Technology in 2016.