Situation Awareness

The Situation Awareness system is a big data security analysis product provided to users by JD Cloud. Through data modeling, behavior learning and intelligence correlation analysis, we can fully monitor the security, discover intrusions and attack threats, and help customers build their own security monitoring and defense systems. By making rapid and automatic association analysis to multi-dimensional and massive security and business data, the overall security situation of threats and exceptions are provided to the user with the graphic and visual technology.

Use Now

Benefits

Security Capacity
Provide the closed-loop processing work flow for security incidents, detect 31 security threats, offer detailed evidences and security suggestions, provide hundreds of threat models, add failed machine detection, DGA domain name detection, hidden channel communication detection and other threat categories, and add website weakness scanning capacity
Big Data Analysis Capacity
Make objective attack association analysis in real time and add mining capacity for off-line objective attack event.
Data Access Capability
Detection data of JD Cloud’s Anti-DDoS Basic, network invasion detection engine data, machine invasion detection engine data, added streaming data, added DNS resolution data and added scanner data
Unknown Threat Detection Capacity
Add stream logs & DNS log threat intelligence association detection, dynamic sandbox detection and exception detection via machine learning.
Security Visualization
Add security situation overview visualization screen, network security situation visualization screen and endpoint security situation visualization screen.

Features

Threat Overview

Quantitative Threat Indicator

Provide the tenants with the quantitative indicators about the service security status as well as alarm events and threat events from the attacker’s perspective, and indicator changes of engine coverage rate, machine vulnerability events and website vulnerability events from the defender’s perspective. At the same time, provide the 7/30d development trends of security incidents, Top 10 risk assets summarized and counted as for alarm and threat events and Top 10 threat forms summarized and counted as for alarm types and threat models.

Alarm Event Analysis

Provide Event Details and Fixup Suggestion

Query based on account asset, time period of details, attack type, grade and processing status, list of event details and event processing status are provided. At the same, details of specific events and fix-up suggestions are provided.

Threat Event Analysis

Attack Chain Analysis

Query based on account asset, time period of details, threat model, grade and processing status, list of event details and more details of event processing status are provided. At the same, details of specific events are provided. Distinguish the real-time mining and off-line mining according to the associated mining time period.

Weaknesses Event

Machine Vulnerability

The details based on machine vulnerability are provided and the machine weakness is exhibited to the user by using the vulnerability as the statistical dimensionality. Supervise and urge the user to fix up relevant vulnerability.

Website Vulnerability

Combined with practical experience of white-box penetration testing, provide comprehensive website threat detection service to JD Cloud through advanced crawler and distributed technology. It can help users to shorten the time of detecting vulnerabilities in cloud assets and repair them in time to alleviate the further occurrence of hacker intrusion to a certain extent, while avoiding the loss of brand image and economy.

Emergency Vulnerability

When a critical vulnerability occurs, the operation team of JD Cloud Security will provide an emergency vulnerability verification POC to help the user quickly check the health status of the server, shorten the time of detecting vulnerabilities in cloud assets and repair them in time.

Asset Management

Association between cloud network and machine asset is provided.

Account asset query is provided based on Internet and Intranet IP, machine ID and machine name. The network detection engine on/off function is provided as well. At the same time, alarms, threats, machine vulnerability and website vulnerability count concerning assets are provided.

Event Alarm

Event Alarm

To help the user quickly obtain threat event alarms, the alarm function via email and SMS is designed.

Security Visualization Screen

Security Visualization Screen

The security visualization screen is mainly used for helping the security operator make the security operation policies, visiting and inspecting by leaders of the enterprise or users of the industry as well as showing global security situation and other demands to the user. In the current stage, the security visualization screen includes: situation awareness overview, network security situation and endpoint security situation