CYBERBIT网络安全运营中心管理平台MnR

CYBERBIT MnR
(Mitigation & Response) SOC安全管理平台
Keeping pace with continuous cyber threats 应对连续不断的网络威胁

Cyber security incidents are becoming increasingly complex to manage 越来越复杂的网络安全事件挑战
Information overload 大量的信息 Wide array of assets to protect 多种多样的网络元素需要保护
Many systems and functions to manage 数量巨大的系统和功能需要管理
Large teams, across sites, across shifts 跨场所多班次的庞大团队
All rights reserved © CyberBit 2015

SIEM is ineffective against these increasingly sophisticated threats 安全信息和事件管理（SIEM）对这些日益复杂的威胁不再有效
规性管理】
CYBERBIT的网络 安全管理平台
Impact Analysis & Recommendatio n影响分析&建议
Event Management 事件管理
Information sharing, Collaboration 信息共享，协作
Reports & post analysis 报告&事后分析
Tasking 任务分配
Correlation engine
Alerts 警报
SIEM SYSTEM SIEM系统
3
关联引擎
Incidents identification and classification 事件识别与分类
Monitor events from network devices 通过网络设备监测事件
All rights reserved © CyberBit 2015
“
“
“ “
SIEM platforms are designed as monitoring tools, rather than investigation and case management tools, and do not provide the required level of workflow or analytics support. SIEM平台设计作为一种监测工具而非调查和案例管理工具，达不到工作流或分析支持的水平。 The other disadvantage is that SIEM focuses on just the technical elements of an incident, ignoring the wider elements [audit management, risk management, compliance management]. SIEM的另一个缺点是，只关注事件的技术要素，忽视了更广泛的要素【监测管理，风险管理，合
Policies and Knowledge management 政策和知识管理

So who really needs a dedicated cyber mitigation and response platform? 谁真正需要一个专用的网络消减和响应平台？
experience numerous and complex security incidents 经历过多次复杂的 安全事件 coordinate security incident response across different roles and expertise levels 协调不同角色和专 业水平对安全事件 的响应
coordinate multiple security applications and streams of activity executed by sizeable teams 协调多个安全应用程 序和由庞大团队执行 的活动流 manage security incident response across numerous systems throughout the organization 整个组织多个系统 对安全事件响应的 管理
All rights reserved © CyberBit 2015
require rapid, round-the-clock response to security incidents 需要对网络事件有 快速全天候的响应
have stringent regulation and internal control procedures relating to cyber security 对网络安全有严格 的监管制度和内部 控制程序

Real Time SOC Operation 实时SOC管理操作
Incidents & events management
Comprehensive workflow for centralized incident management on top of CS AnD and SIEM systems. Support structured work flow, Task Management, Escalation, Documentation, Incident enrichment and tracking.
Cyber events analysis and situational awareness
Operational reports as well as Events and Incidents impact reports; Flexible Information Query and Retrieval
SOC bulletin Board
passing information between different users; Posting remarks, comments, requests and actions confirmation
事件管理
基于CS AnD和SIEM系统的集中式事件管理平台。支 持结构化工作流，任务管理，升级，归档，事件丰富 和追踪 5
网络事件分析和态势感知
可以分析和感知安全事件，给出非常具体的可 操作的防御动作建议。 可定制管理报告和安 全事件报告；信息查询和检索非常灵活方便
SOC公告板
在不同用户间传递信息；发布备注，评论，处理 要求和应对的确认
All rights reserved © CyberBit 2015