Operation Control and Audit (OMA)-

Operation Control and Audit (OMA)

Module Introduction

SiCAP-SiCAP-Operation Control and Audit (OMA) from the multi-dimensional, fine-grained resource authorization mechanism, the whole process of operation recording and control, a full range of operation auditing to the whole operation process of video playback, to achieve the operation process of the " prevention beforehand, control during the incident, audit after the incident ", and support SSO single sign-on and a variety of operation tools, simplify operations and improve work efficiency at the same time, comprehensively solve the problem of operation security, and effectively improve the level of enterprise IT operation management.

Feature Introduction

User Identity Unified Management
Centralized account management and unified authentication; Multiple authentication methods, two-factor authentication, hybrid authentication; Provide role customization and single sign-on.
Asset Information Unified management
Automatic asset discovery and identification; Unified management of the whole life cycle of assets; Support for rich asset types and protocols.
Multi-dimensional, Fine-grained Authority Control
On-demand fine-grained authorization based on the principle of least privilege for authorization;Flexible access control policies; Dynamic authorization based on authorization lists; Temporary work order authorization; Privilege request lists and access limitations; Highly secure two-person collaboration and review;。
Automated Management
Automatic auditing of asset accounts; Automatic password change and automatic password verification for asset accounts; Account password security policy customization; Operation script batch automatic execution.
Multiple Operation Methods
Client-side Operation Clientless Operation Direct Connect Operation OP Operation
 Conversational Operations Entire Process Control and Audit
Operation process real-time control, real-time alarm, real-time blocking; Comprehensive fine-grained audit trail; Operation process session playback; Full process video and video playback; Flexible retrieval of audit records and multi-dimensional statistics; Intelligent audit assisted decision-making.
Total Security Control
Ability to detect and analyze account risks; User abnormal access behavior identification and control. Anti-bypass behavior auditing.

Module Characterization

Behavioral auditing for comprehensive operations

Real-time and accurate violation blocking

Secure and efficient two-person collaboration

Highly secure password synchronization

 >

Typical Case

● Well-known branches of the five major state-owned banks

Along with the pace of financial electronic management, and bank IT assets increase year by year, the current operation process of manual operation and human supervision of the security risks brought about by the increasing, the old means can not adapt to the modernization of IT management requirements, and the "The Cybersecurity Law of the People's Republic of China " also requires enterprises to strengthen the operation of the security management aspects of the construction. Therefore, based on the current situation, the customer urgently needs to build a unified operation management platform to meet its daily management needs and comply with the new national policies and regulations. Combining the customer's environment and needs, Suninfo provides users with the Operation Control and Audit (Abbreviation:OMA) of the InforCube Security intelligent CA Platform (Abbreviation:SiCAP) to provide an overall solution for OMA, which opens up the links of operation personnel, assets, processes and data to form a three-in-one platform of operation, security, and data,from multi-dimensional, fine-grained resource authorization mechanism, the whole process of operation records and control, all-round operation audit to the whole operation process video playback, realize the operation and maintenance process of "prevention beforehand, control during the incident, audit after the incident", and support SSO single sign-on and a variety of operation tools; at the same time with the process management system for the depth of the integration, the formation of the "incident problems - work order process - operation processing - audit report" closed-loop operation specification, which helps customers to build a visible, controllable, automatic, safe and intelligent IT operation security management platform.

Automated Operation

Module Introduction

SiCAP-Automated Operation adopts an engine-less model, based on rich script libraries, for different operation scenarios, through the construction and issuance of script tasks, batch script execution is carried out to simplify the daily operation; support for complex operation scenarios, visualization of the operation tasks are flexibly arranged, and automated on a regular basis, to meet the personalized automation scenarios demanded by customers from all industries, assisting the IT management staff in automating the execution of routine work, accelerating the efficiency of IT operation and reducing the problem of human operation, so as to increase the efficiency of the operation in the enterprise.

Feature Introduction

Visual Script Library Management
Provide rich scripts, including but not limited to shell, Python, go, batch processing and other common scripting languages. Can meet the needs of automated operation scripts for various scenarios of operating systems, network/security devices, middleware, databases, and applications.
Security Hardening Self-tests Automation
Provide check scripts that can meet the requirements of the bank's security baseline and management specifications and update them in a timely manner. Support flexible configuration and adjustment of security reinforcement templates Support regular and automatic security baseline checking, provide statistical information and generate reports on the checking results. Provide reinforcement self-check and repair suggestions for unsatisfactory items.
Automated Task Execution
Support for automating scripted tasks for one device or multiple devices without human intervention; Support for automated single or batch file distribution unattended.
Rich Operation Scenario Support
Provide automated configuration management scenarios, supporting regular automated collection of asset configurations, regular automated verification, and collection results can be synchronized to CMDB; Support regular security reinforcement self-test, built-in security baseline, flexible configuration and adjustment of reinforcement templates, providing detailed information on the implementation results and reinforcement self-test repair recommendations; Support for regular automated inspection of assets (built-in security baseline check scripts, equal protection level 2 and 3 check scripts).
Automated Job
Based on the rich operation script library and flexible visual job scheduling capability, it can standardize and process the daily and complex operations, reduce the workload of operations personnel, and lower the risk of human operation; through the manual triggering of the execution of the three scheduling modes of execution, timing execution and execution according to the cycle, it can satisfy the automation of the operations needs in different scenarios, and improve the efficiency of operations.

Module Characterization

Zero Impact: engineless mode, zero impact on the production system

Richness: rich scripts and scenarios to flexibly meet the needs

Automation: automated task execution mechanism, improve the efficiency of operation

Standardization: scheduling mechanism to establish a standard workflow

Efficient: distributed cluster deployment, rapid completion of large-volume tasks

Easily Scalable: microservice architecture, horizontal dynamic expansion without affecting the business

Typical Case

● Well-known branches of the five major state-owned banks

With the development of financial electronic management, bank IT assets increase year by year, there is an urgent need for automated operation, and secondly, with “The Cybersecurity Law” and some planning of China's banking information technology, the security check and automation degree of the bank's requirements increase, how to improve the security of IT operation and the level of operation and maintenance automation, so as to make the daily operation standardized and automated, is the main challenge currently facing. The automated operation solution of InforCube Security intelligent CA Platform (Abbreviation:SiCAP) for the five major state-owned banks addresses user pain point issues, is data-based and scenario-oriented, and realizes basic operation scenarios including automated script execution and file distribution for PaaS, IaaS, and other resources in the bank through the operation tool and operation scheduling, and realizes security reinforcement automation scenarios in line with the requirements of the bank,daily inspection automation scenarios, asset configuration automation scenarios in the bank, and customized operation scenarios based on the visualization of operation task scheduling, which improves the efficiency of operation and standardizes the process of operation.

● One of the five wholly state-owned power generation enterprise groups

After years of informationization construction, the overall development of informationization in group companies is not only fast but also deep. The continuous increase of business systems has led to the increasing pressure of daily IT operation and maintenance and service support, which has brought great challenges to IT operation. How to solidify and refine the routine operation and maintenance work, realize automated operation and maintenance and service, enhance the efficiency of operation service, and improve the satisfaction of IT service is an urgent problem to be solved by the IT maintenance department. Based on the automated operation and maintenance in InforCube Security intelligent CA Platform (Abbreviation:SiCAP), Suninfo builds an automated operation framework for users to form a full range of automation through asset configuration automation, script task automation, security inspection automation, and operation scenario automation, which reduces human operations and improves the efficiency of daily operation; and at the same time, based on the rich operation script library and flexible visualization of operation scheduling, it can realize the automation of operation and maintenance operations and services. effectively improves the efficiency of operation services, enhances IT service satisfaction, promotes the transformation of IT operation and maintenance to IT operation, and enhances the value of the IT maintenance department.

Database Operation and Audit (DBA)

Module Introduction

SiCAP-Database Operation and Audit (DBA), dedicated to comprehensive data security, can effectively monitor database access and operation behavior, accurately grasp the operational status of the database system, support database operation management and operation auditing, built-in and customized rules flexibly achieve real-time blocking of overstepping, tampering and high-risk operations, and record and alert. Thus, it can realize the risk prevention of security events beforehand, real-time blocking during the event, and locating, analyzing and tracing the evidence after the event, so as to guarantee the database security and meet the compliance requirements such as equal protection and industry norms.

Feature Introduction

Full Database Audit
Through the prior policy planning, operation monitoring, after the session audit on the database operation of the whole process of all-round audit.。
Fine-grained Audit
By analyzing the SQL semantics of different databases, it extracts the relevant elements in SQL (users, operation types, tables, fields, views, indexes, procedures, functions, return results...); it can audit the content of the return results of operation statements; it can audit the database account, user name, application account, operation, time, source and destination, applications and tools, and other information (business-related information, reasons for exceptions).。
Multi-tier Business Linkage Audit
Three-tier architecture auditing: by correlating the access of the application layer and the access operation request of the database layer, it traces back to the original visitor of the application layer; business auditing: SiCAP analyzes the communication protocols, such as http, https, etc., between the front-end browsers and the WEB servers, and identifies the business operation behaviors.
Audit Strategy Management
Customize important events and risk events based on flexible combinations of logged-in users, source IP addresses, database objects (divided into database users, tables, and fields), operation times, SQL operation commands, the number of records returned or the number of rows affected, SQL execution results, and the length of SQL execution.。
Security Alert and Reporting Statistics
Trigger security alerts based on audit strategy for timely risk treatment; built-in rich and granular reports to meet compliance requirements such as equal protection and industry norms.
Intelligent Audit-Free
Automatically builds a rule base, simplifies user operations, reduces auditing of repetitive data, reduces audit content storage, and improves system performance.
Database Operations Audit
Real-time monitoring of user access to the database of various operations, high-risk operations can be real-time blocking and alarms, and through video playback to reproduce the original operation process.

Module Characterization

Fine-grained auditing with timely alerts

Zero business impact audit model

Intelligent analysis for efficient auditing

Typical Case

● A large logistics enterprise

With the arrival of the era of diversified consumption, flexible production and efficient circulation, the society and customers have higher and higher requirements for logistics services, and the quality of logistics services is an important trend in the future development of logistics. The premise of providing high-quality logistics services is the security of the database, logistics services across a wide range of geographical areas, involving the same city, within the province, governorate, international, in addition to a large number of operators, the complexity of the management hierarchy and other factors lead to a large number of large-scale logistics information systems there are a large number of data security issues, the prevention of theft and tampering with sensitive data is increasingly becoming a serious challenge to the database information assets. Combining the characteristics and pain point needs of the logistics industry, Suninfo provides users with the Database Operation Audit (Abbreviation:DBA) in InforCube Security intelligent CA Platform (Abbreviation:SiCAP), which is an overall solution for Database Operation Audit, and effectively monitors the database access and operation behaviors by grasping the operation status of the database system, blocking the ultra-authorized, tampered and high-risk operations in real time, and comprehensively auditing and monitoring the operation status of the database system. Real-time blocking, comprehensive auditing and timely alerts realize the risk prevention of security events beforehand, real-time blocking during the event, and location analysis and evidence tracing after the event, so as to ensure database security and meet the compliance requirements of equal protection and industry norms.

● A famous car manufacturer

With the rapid development of industrialization and economy, China's automobile manufacturing industry has achieved rapid growth, the number of enterprise information systems and internal users continue to increase, the database security of enterprises in the automobile manufacturing industry is facing great challenges, such as: internal technicians exist in the misuse of operation, violation of the operation, overstepping the right to operate, damage to the safe operation of the business system; third-party developers and maintainers of the misuse of operation, malicious operation and tampering; super administrator The super administrator has too much authority and cannot be audited and monitored, which makes it impossible to trace and locate the real operator when a security incident occurs, etc. Meanwhile, the promulgation of “The Cybersecurity Law” has imposed higher requirements on network security and data security, and database security needs to be strengthened urgently. Suninfo provides Database Operation Audit (DBA) in InforCube Security intelligent CA Platform (Abbreviation:SiCAP), which is capable of real-time monitoring of the core database status, independent auditing to ensure the fairness of the audit results, fine-grained and comprehensive auditing of the database access and operation, and alerting of the abnormal operation of the database; meanwhile, it supports fine-grained authority control and management of the database operation, and comprehensive audit of operations; it provides categorized statistical graphical reports to facilitate the management and definition of responsibility after the event, so as to comprehensively safeguard the database security and meet the compliance requirements.

System Integrated Log Audit (SIEM)

Module Introduction

SiCAP-System Integrated Log Audit (SIEM) can provide comprehensive and diversified log collection, massive and diversified log paradigm, centralized storage and flexible retrieval, comprehensive intelligent and efficient analysis, rapid response to risk alerts, easy traceability and evidence, realizing the full life cycle management of logs and assisting maintenance personnel in monitoring logs in multiple dimensions, such as anterior (risk policy), intermediate (analyzing and tracing), and posterior (investigating and obtaining evidence). It monitors logs in multiple dimensions, helping administrators accurately find key events and data from massive log data, accurately locate network faults, identify security threats in advance, improve network performance, safeguard system security, and help enterprises meet the requirements of “The Cybersecurity Law” and Equal Protection 2.0 compliance.

Feature Introduction

Log Capture and Management
Rich log source support Automatic discovery and unified management of log sources Multiple log collection methods Multiple log paradigm, standardization Flexible and efficient log retrieval Convenient log forwarding configuration。
Comprehensive Log Analysis and Risk Alerts
Massive logs, intelligent clustering, the formation of rules knowledge base Flexible configuration of risk strategy, various warning methods and fast response. Based on a variety of machine learning algorithms to achieve in-depth intelligent analysis and risk prediction Flexible configuration of various alert methods, fast response, improve efficiency and reduce impact.。
Easily Traceable and Traceable, Audit Compliant
Provide rich and diversified visualized data analysis, easy traceability, and provide effective basis for tracing and evidence collection afterwards. Supports compliance and meets the requirements of “The Cybersecurity Law” and Equal Protection 2.0.。
Total Solution
Linkage monitoring, operation audit, automated operation modules, can provide log audit overall solution to achieve a comprehensive log source security control.。

Module Characterization

Detailed log paradigm and log classification

Rich and flexible log retrieval and statistical reporting

Centralized and comprehensive log auditing

Typical Case

● Transportation Department of a province

At present, the state advocates the unified management of government informatization, requiring government departments to continue to deepen the government services "one network", the full implementation of urban governance "one network", speed up government operations "one network" and other policy guidelines, so the scale of information technology business continues to develop,log data quantitative, and logs are scattered, complicated, diverse formats, different uses, incomplete, usually found only when problems occur, and need to manually check the efficiency is low, can not realize the fault of rapid positioning and early warning. In response to the pain point demand for log auditing, Suninfo provides users with System Integrated Log Audit (Abbreviation:SIEM) in InforCube Security intelligent CA Platform (Abbreviation:SiCAP), which is capable of unified management of logs through diversified log collection, massive and diversified log paradigm, centralized log storage, and flexible log retrieval, and at the same time, applies intelligent algorithms and big data technologies to intelligently aggregate and retrieve massive logs and to provide a unified management of logs. identify security threats and provide timely alerts to effectively safeguard system security.