简介 传统的网络安全管理需要依靠专业的人 员对网络环境中的各种安全设备所产生的各种 格式不一、意义不同的大量报警和日志信息进 行综合分析,一方面对管理人员技术水平要求 很高,需要对各种安全设备的工作原理和属性 详细了解,另一方面,问题分析的难度很大, 而综合分析的效率却很低。随着攻击技术和手 段的不断发展,安全事件的表象也日趋复杂, 同时由于信息安全设备(软硬件)的不完善, 造成信息系统的安全状况不能够依靠某一单个 安全设备来进行检测和决断。 如何能够对信息系统环境中的大量异种 的软硬件的工作状况进行全面而准确的了解 如何能够避免单一安全设备检测带来的虚警和 漏警问题:如何能够在安全管理过程中更多的 考虑以人为本的管理因素,摆脱管理人员束缚 于安全设备的运行模式的局面呢？ Introduction Traditional network security management requires relying on professional staff of various security devices in the network environment generated by a variety of different formats, a large number of different significance of the alarm and log information to conduct a comprehensive analysis, on the one hand the technical requirements of the management staff is very High, you need to understand the working principle and properties of various safety devices in detail. On the other hand, it is very difficult to analyze the problems and the efficiency of the comprehensive analysis is very low. With the continuous development of attack technology and means, the appearance of security incidents is becoming more and more complex. At the same time, due to the imperfection of information security devices (hardware and software), the security state of information systems can not be detected and decided by a single security device . How can a comprehensive and accurate understanding of the working conditions of a large number of heterogeneous hardware and software in an information system environment can be how to avoid false alarms and missed alarms caused by a single security device detection Question: How can more consideration be given in the security management process? People-oriented management factors, get rid of managers tied to the operation of the safety equipment situation?