Analysis: Qihoo 360 large data security practice

In the face of increasingly serious security challenges, Qihoo 360 in the face of increasingly serious security challenges, constantly updated technical ideas, to achieve the latest response to the latest network security threats. In response to the ever-changing network security threat, Qihoo 360 through the deployment of tens of thousands of large data server, the current network security events in real-time monitoring and analysis, the use of large data technology to track and prevent network security threats.

In order to protect the security, large data platform in accordance with the 'three security' principle of construction, that is, synchronous planning, synchronization organization and implementation, simultaneous operation put into production.

Qihoo 360 large data platform security system framework shown in Figure B-7. The framework of the security platform for the large data platform includes 'Security Division', 'Security Zone Division', 'Security Level Division', 'Security Monitoring Module', 'Security Defense Module', 'Business Security and Safety Operation and Maintenance Module', 'Safety Response center module 'and so on.

Safety division

The division of safety responsibilities is the basis of the overall program, all technical means should be close to the safety responsibilities division, for its services. Combing the boundaries of the security responsibilities of the parties to the data platform, and the detailed responsibility for the security events throughout the event.

Safe area division

Large data platform environment is relatively complex, involving a variety of business, multi-class system, the existing network structure has been considered the classification problem, on this basis, the need to further refine the security domain division and different security domains, different security levels of access control design.

Security level division

According to the results of the security zone, the security level of the response is set for each area, and the regional security level corresponds to the user security level and the data security level. Ensuring credible compliance resources through the division of security levels.

Safety monitoring module

Which includes a large data platform security defense review system and provide manual or automated multi-level security monitoring services.

Security defense module

In accordance with the unified planning, unified standard design ideas, in full consideration of the current network applications and the actual environment on the basis of the overall network is divided into a number of security and security zone, the construction of large data platform for each region of the basic security defense system and Large data platform for its own defense system.

Business safety and security operation and maintenance module

To achieve safe operation and maintenance operation of the hierarchical management, for large data business security and security operation and maintenance of the user to give their safety responsibilities in line with the authority to achieve business security and security operation and maintenance.

Security Response Center Module

A new working mode with local response + security response. Local response to achieve the current problem of timely and standardized processing, security response combined with cloud intelligence threat linkage, local terminal coordination linkage, and experts to provide timely technical support services.

Internet Research Papers