Security Brain RSA
Product
Security Brain Regulatory Situational Awareness (Security Brain RSA)
Overview
Security Brain RSA is a product of 360 Security Brain for cybersecurity regulation. It provides regulatory customers with threat situational awareness and security operation capabilities for their critical information infrastructure. Security Brain RSA focuses on critical information infrastructure assets, adopts a big data architecture, connects to the 360 Security Brain knowledge cloud, threat intelligence cloud, and analytics cloud, and collects local multi-source heterogeneous data. Security Brain RSA uses technologies including city-level asset discovery, multi-dimensional threat knowledge graph analytics, security orchestration, automation and response (SOAR), and visual presentation to help customers build capabilities of intelligent analytics, investigation and triage, real-time alerting, and quick response in a timely manner, thus realizing closed-loop security management and effectively assisting regulatory units to carry out cybersecurity regulation and governance.
Network Asset Information Aggregation
Aggregate the network asset information of an organ or entity, receive the network asset information reported by subordinate platforms, and sort out the important assets and their operation status.
Threat Monitoring and Situational Awareness
Continuously monitor the cybersecurity status, detect security incidents in time, identify security risks and threats, and analyze, investigate, predict, and track the security situation from multiple dimensions so as to have a comprehensive awareness of the cybersecurity situation.
Alert and Incident Notification
Send notification of a cybersecurity alert or incident to the same-level organs or entities, receive feedback and track the status.
Cybersecurity Coordination and Directive
Receive cybersecurity risk alert, incident notification and disposal directives from the superior platform, coordinate with local team and use current platform to deal with the risk or incident, track the status and disposal progress and report them to the superior platform.
Co-processing of Cybersecurity Incidents
When supporting a major event or in emergency of a major event, collaborate relevant entities to carry out attack analysis, forensic, network service shutdown or other tasks and feed back the disposal results.
Features
City-level Cyberspace Asset Discovery
Security Brain RSA uses the cyberspace asset discovery technology to comprehensively discover the key shadow IT infrastructure exposed on the network, so as to realize the real vision of cyberspace.
Collaborative Defense by Experts
The 360 company’s security expert team participates in the whole process of handling a security incident. They analyze, investigate, and handle the incident, empower regulatory agencies by offering them the 360 company’s Security Brain Expert Cloud capabilities, and collaborate relevant entities to defend against the attack.
Kill Chain Analyzing and Reasoning
The cyber attack analysis model leverages ATT&CK framework to process the security logs and telemetry collected by the platform, uses the backward reasoning method to restore the attack scenario, and maximizes the observation of the techniques and tactics of attackers.
Agile Incident Analysis and Response
Security Brain RSA uses the security orchestration, automation, and response (SOAR) technology and synchronizes data from the threat intelligence cloud and analytics cloud of 360 Security Brain to automate the analysis and response process, thus maximizing the efficiency of security operations.
Synchronization of Advanced Threat Intelligence from Cloud
Security Brain RSA links the high-quality threat intelligence data on the 360 Local and Cloud Security Brain platforms that have a self-operating mechanism, and automatically correlates the data to detect threat and alert information, thus making a breakthrough for users to quickly turn from “passive defense” to “active defense.”
Threat Graph Analysis Technology
Security Brain RSA adopts the knowledge cloud graph analytics technology of 360 Security Brain to facilitate the replay and summary of threat data and historical analysis while performing real-time correlation.
Strong Emergency Response Capabilities
360 Security Brain Expert Cloud has industry-leading vulnerability and threat mining, analysis, and response capabilities. It has independently discovered more than 40 APT groups, and succeeded in dealing with many significant cybersecurity incidents such as "EternalBlue."