一、Application scenario
二Advantages and characteristics
Long state digital security big data platform, isHadoop、Hortonworks、ClouderaAnd the domestic big data architecture provides data access audit, data access control, data encryption, data desensitization and other security functions。It can penetrate enterprise production systems to implement security protection only for enterprise data assets, and can be deployed and run independently without changing and interfacing existing systems。More refined and systematic protection of data assets。
1.The strategy model is mature and stable, and the processing performance is efficient。
2.Various data security protection methods and methods are applicable。
3.Automatic installation and deployment without manual operations on nodes in a big data cluster。
4.Complete set of functions, easy integration, can quickly build data safety net。
5.Modular design, flexible customization and assembly, to meet the needs of various scenarios。Support for a variety of big data components, such as:HDFS、HIVE、HBASE、ES、MPP等。
Third, the value of the project
This solution mainly provides a set of integrated security solution for data life cycle security protection。The value brought to customers is as follows:
|
01 Simplify business governance, improve data security management capabilities, and help customers reduce the risk of data breaches Help security administrators to open the "black box" of the big data platform, combine the built-in security policy model of the system, comprehensively discover various behaviors of the database in use, and give reasonable modification suggestions。The big data security platform comprehensively monitors data access through various means, and provides rich statistical reports to display data access and risk in a graphical manner. At the same time, it provides access control capabilities, which greatly simplifies business governance and improves data security management capabilities。
|
|
|
|
02 Reduce breaches of core data assets and ensure business continuity Data is the most valuable asset and the ultimate target for attackers to peek at, tamper with, or even delete。If the core data is violated, it will lead to business interruption, or even information leakage and tampering, which seriously threatens information security。Big Data security solutions enable visibility and control of data security, ultimately reducing the likelihood of breaches of core data assets and ensuring normal business continuity。 |
|
|
|
|
|
|
|
|
|
03 We will improve the defense system in depth and enhance our overall security protection capability The establishment of a deep defense system is the consensus of data security construction, from the application system to the database, is the last line of defense of data security, involving the most direct sensitive data security management。Big data security solutions closely focus on the core data and provide complete protection means, which helps the data platform improve the in-depth defense system, reduce the risk of big data platforms being attacked, and improve the overall security protection capability。 |
|
|
04
Improve the security level of the big data Hadoop platform
Security protection measures based on the existing big data platform itself,Combined with big data security platform technology,From the bottom layer of data to the application layer, the whole life cycle of security protection is realized,The customer has ownership and control of the data,Users who are not authorized or officially authorized by the customer,Can't touch data,The audit logs and content cannot be displayed,Achieve fine-grained control at the authority enhancement level, security audit at the enhancement level, and situation early warning analysis,Achieve pre-warning, in-process monitoring, and post-event traceability |
|
Iv. Program introduction
1.Big Data security audit
This system supports big dataHDFS、HIVE、HBASEThe unidirectional and bidirectional data security audit functions of other components provide visual, wizard, and multi-level policy configuration management。Rich and flexible rule system, can adapt to different scenarios。Allows users to tailor the audit dimension and scope。Fine-grained audit and intelligent risk alarm, more accurately analyze the micro movement of enterprise data assets, any risk anomaly at a glance。
2.Big Data Access Control (Firewall)
The whitelist, blacklist, and grey list are the main units. The logical view is clear and the configuration is flexible and simple。Authorization can be managed based on different levels such as role, group, and user, automatically synchronizing the existing permission information in the data environment and achieving conversion compatibility。Can be finely controlled toHDFSPath permissions,HBASETable, column cluster, column permissions, and implementationHIVEControl of database, table, column permissions, etc。
3.Big data encryption
Excellent performance and supportPBLevel of data batch encryption and decryption, can greatly meet the upstream application data supply。Provide public encryption algorithms:3DES、AESAnd a state-approved secret algorithm。The encryption policy can be refined to the data column level, and the encryption range and granularity can be configured freely。Provides a unified key management center, which provides a more rigorous security guarantee for the protection of sensitive data。
4.Big data desensitization
The method of dynamic desensitization is adopted to desensitize the sensitive data of the access result in real time。Using a fully autonomous rule engine and policy model, the performance and scenario coverage are ahead of similar big data security products in China。Can support bothPBLevel of data desensitization processing, and can be based on different roles, users, uses, scenarios to achieve different levels and scope of desensitization processing。
一、Application scenario
二Advantages and characteristics
Long state digital security big data platform, isHadoop、Hortonworks、ClouderaAnd the domestic big data architecture provides data access audit, data access control, data encryption, data desensitization and other security functions。It can penetrate enterprise production systems to implement security protection only for enterprise data assets, and can be deployed and run independently without changing and interfacing existing systems。More refined and systematic protection of data assets。
1.The strategy model is mature and stable, and the processing performance is efficient。
2.Various data security protection methods and methods are applicable。
3.Automatic installation and deployment without manual operations on nodes in a big data cluster。
4.Complete set of functions, easy integration, can quickly build data safety net。
5.Modular design, flexible customization and assembly, to meet the needs of various scenarios。Support for a variety of big data components, such as:HDFS、HIVE、HBASE、ES、MPP等。
Third, the value of the project
This solution mainly provides a set of integrated security solution for data life cycle security protection。The value brought to customers is as follows:
|
01 Simplify business governance, improve data security management capabilities, and help customers reduce the risk of data breaches Help security administrators to open the "black box" of the big data platform, combine the built-in security policy model of the system, comprehensively discover various behaviors of the database in use, and give reasonable modification suggestions。The big data security platform comprehensively monitors data access through various means, and provides rich statistical reports to display data access and risk in a graphical manner. At the same time, it provides access control capabilities, which greatly simplifies business governance and improves data security management capabilities。
|
|
|
02 Reduce breaches of core data assets and ensure business continuity Data is the most valuable asset and the ultimate target for attackers to peek at, tamper with, or even delete。If the core data is violated, it will lead to business interruption, or even information leakage and tampering, which seriously threatens information security。Big Data security solutions enable visibility and control of data security, ultimately reducing the likelihood of breaches of core data assets and ensuring normal business continuity。
|
|
|
03 We will improve the defense system in depth and enhance our overall security protection capability The establishment of a deep defense system is the consensus of data security construction, from the application system to the database, is the last line of defense of data security, involving the most direct sensitive data security management。Big data security solutions closely focus on the core data and provide complete protection means, which helps the data platform improve the in-depth defense system, reduce the risk of big data platforms being attacked, and improve the overall security protection capability。
|
|
|
04
Improve the security level of the big data Hadoop platform
Security protection measures based on the existing big data platform itself,Combined with big data security platform technology,From the bottom layer of data to the application layer, the whole life cycle of security protection is realized,The customer has ownership and control of the data,Users who are not authorized or officially authorized by the customer,Can't touch data,The audit logs and content cannot be displayed,Achieve fine-grained control at the authority enhancement level, security audit at the enhancement level, and situation early warning analysis,Achieve pre-warning, in-process monitoring, and post-event traceability
|
|
Iv. Program introduction
1.Big Data security audit
This system supports big dataHDFS、HIVE、HBASEThe unidirectional and bidirectional data security audit functions of other components provide visual, wizard, and multi-level policy configuration management。Rich and flexible rule system, can adapt to different scenarios。Allows users to tailor the audit dimension and scope。Fine-grained audit and intelligent risk alarm, more accurately analyze the micro movement of enterprise data assets, any risk anomaly at a glance。
2.Big Data Access Control (Firewall)
The whitelist, blacklist, and grey list are the main units. The logical view is clear and the configuration is flexible and simple。Authorization can be managed based on different levels such as role, group, and user, automatically synchronizing the existing permission information in the data environment and achieving conversion compatibility。Can be finely controlled toHDFSPath permissions,HBASETable, column cluster, column permissions, and implementationHIVEControl of database, table, column permissions, etc。
3.Big data encryption
Excellent performance and supportPBLevel of data batch encryption and decryption, can greatly meet the upstream application data supply。Provide public encryption algorithms:3DES、AESAnd a state-approved secret algorithm。The encryption policy can be refined to the data column level, and the encryption range and granularity can be configured freely。Provides a unified key management center, which provides a more rigorous security guarantee for the protection of sensitive data。
4.Big data desensitization
The method of dynamic desensitization is adopted to desensitize the sensitive data of the access result in real time。Using a fully autonomous rule engine and policy model, the performance and scenario coverage are ahead of similar big data security products in China。Can support bothPBLevel of data desensitization processing, and can be based on different roles, users, uses, scenarios to achieve different levels and scope of desensitization processing。