Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Prezi logo
Log in
Loading…

2019年度信息安全汇报

Button to report this contentButton to embed this content on another site
JZ

Jing Zhao

Transcript

InfoSec Risk Governance

Risk

Governance

Policy - Training - Audit

Policy

Released 6

17 Completed

Training

On-site Training 39

IN

6 Categories

Newbees

Seeds

Vendors

Salon

Small talks

CIS 2019

Audit

Man-hours 104+

Systems 51 / DCs 4

Findings 371

SOC

Application

SOC

Application

Vulnerability tracking

methodical

luoyu

luoyu

Vulnerability Management System

Manual/EXCEl

automatic/system

225/92

Announcement/High risk:225/92

Clear history loopholes

213/90

Fix total/High risk:213/90

Well-founded risk threat

CVSS 3.0

Statistical Summary

Accurate management and control of safety requirements

Justified Resolve

External vulnerability submission

future planning

planning

Automatic asset discovery mechanism

Automated retest

jingwei

Efficient Powerful

Accurate Easy use

jingwei

network device port discovery

and service identify tool

target

tool

time

nmap 15min

1 host

compare

jingwei 3min

100 host

whitelists taskManger

recordManger

feature

Covering:

port scan

svc identify

poc scan

openvas

Plan

One stop solution to access more vulnerability scanning functions such as OS, web and API fuzzing

guanshu

Code leak monitoring scan

plan

Dark Net

Gitee

before

compare

one Day

after

one hour

feature

Timely Detection

send mail

Timely repair

Malicious code detection System

1

Hash detection service

hujiao

2

File analysis

3

Dynamic Analysis Report

Saas

Services

Saas

Services

Gateway Feature

1

Api Unified Entry

Gateway

2

Safety and stability

3

Authority Management

User Center Feature

1

WM LDAP

2

User Management

User Center

3

Role Management

4

Permission Management

5

Interface Management

Mission Feature

1

Mission dispatch

Mission Center

2

Email Management

3

FileUpload

Nvwa

Nvwa

System

Big Data Security Platform

Support data

before/now

HIDS

HIDS

Compare

NIDS

SYSLOG

FIREWALL

EMAIL

AV

HOST LOGS

NETFLOW

Feature

log aggregation

1

full packet capture indexing, storage

2

Feature

3

advanced behavioral analytics and data enrichment

4

current threat intelligence information to security telemetry

Plan

Security

Operation

Security

Operation

How to build a high-effective red and blue team?

Pentest

Critical vulnerability

Found 92

Fixed 90

Uncritical vulnerabilities: 133 found, 93% fixed.

Monitor

External Attacks

Web 2 million

Bot 14 million

Response

Security Incidents

Internal Incidents

External Incidents

Confirmed 6

In-progress 1

false-positive 113

Confirmed 39

In-progress 26

false-positive 43

The way to Future Security Engineering

What is going to happen in 2020?

Engineering

in Future

PanGu

Phase3/Phase4

Some security

monitors

PanGu

2020

24H

automatic app build and release

enhancement -> enforcement

release process will be stop if critical exists

Security

monitor

10000 Metals, Vms, Containers logs analysis

2000 PCs incidents and events monitor

6 Network ingress and egress threats discover

Security Engineering

Engineering

Nowadays

What do we have accomplished and achievements in 2019?

PanGu

Phase1/Phase2

Security

inside

0 -> 406

vulnerabilities found before release

* Data based on project luoyu

Extremely

fast

1200s -> 120s

life and money saved for both developers and company

* Data based on project luoyu

Code

safety

10+ -> One

the Only code vault

mandatory access control

login audit

change approval

Organization

Chart

How many guys are working in InfoSec department?

Organization Chart

6 FTEs

6 Outsourcings

InfoSec Policy Team

Policy Maker, Trainer, Auditor:

GUO, Jing

Policy Team

Guo Jing went on his way of walking in the Tengger Desert

SOC & SRC TEAM

SOC &

SRC Team

Team leader: William Wang

SOC member: Ingeek sec team

SRC member: SONG, Xin

William and his team were investigating some security incidents.

InfoSec Engineering Team

Engineering Team

Security Engineers:

CHEN, Baojun

PAN, Zhixiang

CHEN and PAN were deploying a sort of security automatic analysis system.

InfoSec Innovation Team

Innovation Team

Innovation Leader:

CHEN, Yudan

Innovators:

LIU, Huan

SHAN, Jiaping

Meng, Jiefeng

LIU, Xiaoping

HU, Jiamei

Value Streams

How will you spend money?

Value Streams

2020

2019

3.4

soc

1.7

0.5

pentest

0.6

outs

1

2.5

Choose a template

Sheet Music (AI Assisted)

Elevate your presentations with our Sheet Music Prezi AI-assisted presentation template, seamlessly blending aesthetics and functionality for a harmonious visual experience.

Modular - Dark (AI Assisted)

Revolutionize your presentations with our Modular Prezi AI-assisted presentation template, a versatile and customizable solution that adapts to your unique content, providing a visually stunning and cohesive framework for professionals, educators, and creatives.

Constellations (AI Assisted)

Illuminate your ideas with our captivating Constellations Prezi AI-assisted presentation template, merging celestial elegance with professional design to elevate your content and guide your audience through a stellar visual experience.

Presentations from around the world

Serbien

Emilija Radivojevic

Finance Decisions

Nick Cheyne

JEDINSTVO IZRAZA 2

Ana Randjelovic

Learn more about creating dynamic, engaging presentations with Prezi
Why Prezi is better