利用现网所有安全设备的安全日志，通过多维度安全策略建模落地ATT&ACK攻击行为监测框架累计100+策略模型，实现攻击源在全网范围内的攻击行为链路关联、回溯。

攻击者行为

平台侧措施#wz_data#[{"id":"smv_con_757_12","type":"text","styleName":"Style1","colorName":"Item3","pageId":"30536","areaId":"","tareaId":"","parentId":"con_743_19","parentAreaId":"tabArea1","Css":{"$StyleItemAndColor":"con_757_12","$width":"64px","$color":"#434A54","$animationName":"none","$duration":"0.75","$delay":"0.75","$direction":"","$infinite":"1","$height":"30px","zIndex":"4","width":"64","height":"30","offsetX":"876","offsetY":"346","foffsetX":"0","foffsetY":"0","fixedPosition":"None","useAnimate":"False","angle":"0","isFullScreen":"False","smlocked":"0","position":"absolute","themeColorName":"","themeColors":"zs1,zs2,zxs1,zxs2,zxs3,zxs4,zxs5"},"Data":{"IsShowTextNo":"false","TextNo":"00000","IsImportPage":"false","FontStyleData":"1","Target":"_self","LinkUrl":"","LinkType":"outsite","LinkValue":"","LinkValueText":"","Content":"%3Cp%3E%3Cspan%20style%3D%22line-height%3A1.75%22%3E%3Cspan%20style%3D%22color%3A%23293e63%3B%20font-family%3ASimHei%22%3E%3Cspan%20style%3D%22font-size%3A16px%22%3E%E6%A8%AA%E5%90%91%E6%89%A9%E6%95%A3%3C%2Fspan%3E%3C%2Fspan%3E%3C%2Fspan%3E%3C%2Fp%3E%0A","CurrentItem":"null","ControlMode":"0","IsListModel":"false","ControlId":"con_757_12"},"ExtData":{"smartViewAreaId":"","smartParentViewAreaId":"tabArea1","parentControlId":"con_743_19","parentControlType":"Scd.Plugin.Controls.SmartControls.TabSmartControl"},"ListData":null,"x":876,"y":346,"children":[]}]

侦察

发现切入点

实施入侵

命令控制

横向扩散

横向扩散

平台事前预判

平台事中止损

平台事后攻击链路回溯

通过安全策略建模识别每一个攻击主体的侦察、探测行为。

识别事中阶段的风险行为快速联动安全设备动态拦截止损。

事后阶段回溯事件发生攻击链路与评估风险扩散面，避免事件再次发生。

在企业常见数据泄露3种场景中网络安全运营与指挥平台在期间发挥的作用

攻击者突破边界获取业务数据

攻击者：通过突破安全边界，侵入对外业务系统，攫取业务数据。

网络安全运营与指挥平台：实时检测到此种行为，实时向互联网出口防火墙下拉拦截指令，阻止攻击者获取数据，并向安全人员推送告警。

离职者使用未回收VPN账号获取FTP数据

离职人员：发现其VPN账号并未删除，于是登录VPN，通过VPN访问企业内部FTP，疯狂下载有价值的文档材料。

网络安全运营与指挥平台：实时检测到该离职人员的行为，实时向VPN下发指令，禁用并下线该账号。

窃密员工以较低的频率窃取CRM数据

窃密员工：企业内部人员利用自己的工作便利，长期、慢速的窃取CRM数据，谋取私利。

网络安全运营与指挥平台：实时检测到该泄密人员的该恶意行为，实时向CRM下发指令，禁用并下线该账号。